The following diagram depicts how access to cases is managed in the OnePacs system. There are several ways to manage user case access according to the controls listed in this diagram.

Through a combination of OnePacs Facility Privileges and user access Filters, users may be restricted to a set of cases deemed appropriate for them to access. The filtering capabilities of OnePacs are robust, and may be used to grant access to cases according to a wide variety of criteria, such as study modality, patient age, referring physician name, and so on.

Facility privileges are the most basic means of restricting users' access to cases on the OnePacs system.  See Facility Privileges for details on how to restrict users from seeing a facility. 

Administrators may user filters to limit users' access to cases on the OnePacs system. Filters used in this fashion are restrictive - they may prevent users from seeing cases that they might otherwise be able to access, but they will not cause users to be able to access cases which they otherwise would not have access to. Filters may be applied to a user's account through the user management interface.

It is commonly desired to provide referring physicians with the ability to access reports, or reports and images, for only those patients which they have referred for imaging. The following are the two primary means by which this may be achieved.

The usual means of achieving this goal utilizes the “ReferringPhysicianName” field in the DICOM headers. If this means of access restriction is used, the imaging technologists involved must take care to enter referring names accurately for all cases, to ensure proper functioning of the access control mechanism. It will also be necessary to assign each referring physician a unique “Referring PhysicianName” tag, even if two referring physicians happen to have the same first and/or last names.

The “ReferringPhysicianName” DICOM field may be used to grant referring physicians access only to cases for patients which they referred as follows:

• The referring physician is granted a OnePacs user account with privileges appropriate for a referring clinician.
• The referring physician is given “view” access to that facility or facilities to which they will refer patients.
• A user access filter is assigned to the physician's account, restricting them to viewing only cases which have their name in the “ReferringPhysicianName” field.

Referring physician names can be entered as part of a user filter by typing one or more names (separated by a return key) into the “Referring Physicians:” field. This will create a filter that is case insensitive and contains the name. Other referring physician filters can be created using the advanced expression field.

To limit such physicians, for example, to cases for which the ReferringPhysicianName field reads exactly “JOHNBRONSTEIN”, an appropriate filter would be as follows:

ReferringPhysicianName = 'JOHNBRONSTEIN'

or, for a case-insensitive filter,

upper(ReferringPhysicianName) = 'JOHNBRONSTEIN'

To limit a physician to viewing cases which contain the name BRONSTEIN somewhere in the ReferringPhysicianName field, the following filter would be used:

ReferringPhysicianName like '%BRONSTEIN%'

or, for a case-insensitive filter,

ReferringPhysicianName contains 'BRONSTEIN' 

Please refer to the section on study filters for further details on filter creation.

Another means of achieving this would be to use access filters to block such physicians generally from seeing any cases on the system, and also grant such physicians view access to cases in a shared folder. Cases to which they should have access may be placed manually in such a folder.

It may be desirable to limit user access to cases according to other case characteristics, such as patient characteristics, or other DICOM header fields.

The process of limiting case access by such criteria is similar to the above given example of referring physician access limitation.

For example, to limit a user to accessing cases for patients aged 18 years and below, the following filter would be applied:

PatientAge < '18Y'

To limit users to accessing cases with the text “Research” in the DICOM StudyDescription header, the following filter would be used:

StudyDescription like '%Research%'

Or, for a case insensitive filter:

upper(StudyDescription) like '%RESEARCH%'

In some radiology practice environments, it is desirable to have cases assigned to radiologists manually by a coordinator.

One means of achieving this in OnePacs involves granting a set of users access privileges to a set of facilities, and applying a user access filter to such users, restricting them to accessing only cases which have been assigned to them.

To assign a case to a user, simply locate the case in a worklist, right-click on the case, and utilize the “Assign-to” option in the right-click context menu. A list of users to whom the case may be assigned (users with reporting privileges for the facility that transmitted the case) will appear in a submenu. To unassign a case follow the same directions as above, but select the “Unassign this study” option from the top of the menu. An administrator may also use the highlight feature to aid in assigning cases. On the right side of the worklist is a selection box for users. Selecting a user will highlight cases in red if the user cannot view the case and will highlight the case in yellow if the user may view the case but may not report on the case. For example below, the user is filtered to only be able to access studies that have a modality of CT and may only report for facilities A and B and may only view for facility C.

In order to limit users to cases which have been assigned to them, the following case access filter rule is applied to the user

AssignedToUser = 'username'

Where 'username' (in single quotes) should be changed to the user's login name on the OnePacs system.

The special token $user can be used to indicate the current logged in user. The expression

AssignedToUser = '$user'

can therefore be used to mean only cases where the assigned to user is the current user. This helps create a more generic assigning workflow filter.

You can also set the user access filter to allow the user to view historical cases that are not assigned to the user by selecting the “Allow user to view all historical studies for studies that meet this criteria” option by their configured user access filter.

The following screenshots demonstrate application of this rule to a user with the username 'demo':

The first screenshot shows the properties of the user 'demofiltereduser' being edited. This user has view and report access to Demo Facility A and Demo Facility B, and view and draft report access to Demo Facility C. The access tab is selected:

After clicking on the “Custom filter” option, the following filter editing screen is called up. If no filter were assigned, this user would have view and report access to all cases from Demo Facility A and B, and view and draft report access to Demo Facility C. However, we wish to limit this user to accessing only cases assigned to him/her, therefore in the custom filter field, we enter the limiting string “AssignedToUser = '$user'”, as follows:

The user 'demofiltereduser' will now have View and Report access to all cases from Demo Facility A and Demo Facility B that are assigned to him/her, and view and draft report access to all cases from Facility C that are assigned to him/her.