Managing case access
The following diagram depicts how access to cases is managed in the OnePacs system. There are several ways to manage user case access according to the controls listed in this diagram.
Assigning cases based on facility privileges and filters
Through a combination of OnePacs Facility Privileges and user access Filters, users may be restricted to a set of cases deemed appropriate for them to access. The filtering capabilities of OnePacs are robust, and may be used to grant access to cases according to a wide variety of criteria, such as study modality, patient age, referring physician name, and so on.
Facility privileges
Facility privileges are the most basic means of restricting users' access to cases on the OnePacs system. See Facility Privileges for details on how to restrict users from seeing a facility.
Case access filters
Administrators may user filters to limit users' access to cases on the OnePacs system. Filters used in this fashion are restrictive - they may prevent users from seeing cases that they might otherwise be able to access, but they will not cause users to be able to access cases which they otherwise would not have access to. Filters may be applied to a user's account through the user management interface.
Examples
Limiting referring physician access
It is commonly desired to provide referring physicians with the ability to access reports, or reports and images, for only those patients which they have referred for imaging. The following are the two primary means by which this may be achieved.
Using the ReferringPhysicianName DICOM field
The usual means of achieving this goal utilizes the “ReferringPhysicianName” field in the DICOM headers. If this means of access restriction is used, the imaging technologists involved must take care to enter referring names accurately for all cases, to ensure proper functioning of the access control mechanism. It will also be necessary to assign each referring physician a unique “Referring PhysicianName” tag, even if two referring physicians happen to have the same first and/or last names.
The “ReferringPhysicianName” DICOM field may be used to grant referring physicians access only to cases for patients which they referred as follows:
- The referring physician is granted a OnePacs user account with privileges appropriate for a referring clinician.
- The referring physician is given “view” access to that facility or facilities to which they will refer patients.
- A user access filter is assigned to the physician's account, restricting them to viewing only cases which have their name in the “ReferringPhysicianName” field.
Referring physician names can be entered as part of a user filter by typing one or more names (separated by a return key) into the “Referring Physicians:” field. This will create a filter that is case insensitive and contains the name. Other referring physician filters can be created using the advanced expression field.
To limit such physicians, for example, to cases for which the ReferringPhysicianName field reads exactly “JOHNBRONSTEIN”, an appropriate filter would be as follows:
ReferringPhysicianName = 'JOHNBRONSTEIN'
or, for a case-insensitive filter,
upper(ReferringPhysicianName) = 'JOHNBRONSTEIN'
To limit a physician to viewing cases which contain the name BRONSTEIN somewhere in the ReferringPhysicianName field, the following filter would be used:
ReferringPhysicianName like '%BRONSTEIN%'
or, for a case-insensitive filter,
ReferringPhysicianName contains 'BRONSTEIN'
Please refer to the section on study filters for further details on filter creation.
Other means of limiting access
Another means of achieving this would be to use access filters to block such physicians generally from seeing any cases on the system, and also grant such physicians view access to cases in a shared folder. Cases to which they should have access may be placed manually in such a folder.
Limiting access by patient characteristics, or other DICOM header fields
It may be desirable to limit user access to cases according to other case characteristics, such as patient characteristics, or other DICOM header fields.
The process of limiting case access by such criteria is similar to the above given example of referring physician access limitation.
For example, to limit a user to accessing cases for patients aged 18 years and below, the following filter would be applied:
PatientAge < '18Y'
To limit users to accessing cases with the text “Research” in the DICOM StudyDescription header, the following filter would be used:
StudyDescription like '%Research%'
Or, for a case insensitive filter:
upper(StudyDescription) like '%RESEARCH%'
Manually assigning cases
In some radiology practice environments, it is desirable to have cases assigned to radiologists manually by a coordinator.
One means of achieving this in OnePacs involves granting a set of users access privileges to a set of facilities, and applying a user access filter to such users, restricting them to accessing only cases which have been assigned to them.
Assigned specific cases to users
To assign a case to a user, simply locate the case in a worklist, right-click on the case, and utilize the “Assign-to” option in the right-click context menu. A list of users to whom the case may be assigned (users with reporting privileges for the facility that transmitted the case) will appear in a submenu. To unassign a case follow the same directions as above, but select the “Unassign this study” option from the top of the menu. An administrator may also use the highlight feature to aid in assigning cases. On the right side of the worklist is a selection box for users. Selecting a user will highlight cases in red if the user cannot view the case and will highlight the case in yellow if the user may view the case but may not report on the case. For example below, the user is filtered to only be able to access studies that have a modality of CT and may only report for facilities A and B and may only view for facility C.
Limiting users to assigned cases
In order to limit users to cases which have been assigned to them an administrator can select the "Allow this user to view only studies that they are assigned" checkbox.
You can also set the user access filter to allow the user to view historical cases that are not assigned to the user by selecting the “For cases the user is allowed to view, allow user to also view other studies for the same patient” option by their configured user access filter.
Report Authoring Restrictions
Users that can author a report (with draft of higher) can be restricted on what reports they may write by study type. Click the "Report Authoring Restrictions" tab and enter a comma separated list of study type modalities or select one or more study type sets to control what the report author may write. Configurations can be set to either include or exclude and can be quickly turned off by unchecking the restriction checkbox. For exclusion, if any study type match or modality that is excluded the case cannot be assigned. For inclusion, if the case is assigned any of those study types the case may be assigned.
Study tags can also be included or excluded. One key difference between study tag and study types is that a study that does not have a study tag can still be assigned. Study tags can be assigned manually or via post processing.
Note, this workflow requires the case to be assigned a study type before an author will have reporting access to the case. Study types can be assigned via study confirmation, HL7 orders, or postprocessing. When using this feature with auto assignment it is recommended to remove the In transmission status from the auto assignment rule so that the study is fully processed before attempting to assign the case so that a study type is given to the case.