Table of Contents

Separation of Rights and Roles

As part of the secure usage of our systems, we have implemented a granular roles and rights concept. Our customers can use these to define which users are granted which rights.

To achieve this we have established user groups, which can granularly restrict administration, editing, and viewing rights in our systems.

Roles and Rights Concept

With the help of role concepts, special rights can be assigned or withdrawn from individual team members within our systems. The roles are divided into: users, referrers, and administrators, who have extended rights to change settings and configurations. When assigning rights, we recommend the principle of minimum rights: as few rights as possible, only as many as are absolutely necessary.

Users

Users include all hospital employees who require access to the patient portal and its functions. In addition to doctors and carers, this can also include study personnel or administrative staff. It may also be necessary to grant temporary rights to external employees. The access devices and applications also play a role in the definition of rights.

Referrers

Referrers must be explicitly specified in the system so that they are allowed to enter appointments in the calendar (so-called referrer function) and exchange information (e.g. messages) with the hospital. Patient data transmitted in this way cannot be viewed by third parties under any circumstances.

Administrators

Administrators are users who have undergone special training on administrator rights and are therefore able to change general settings for the whole system.

The administrator is using the user group settings to define also the permissions for specific user groups. The following settings and permissions can be specified:

• No rights (neither create, read nor change)

• Display resources and categories

• Create, edit and delete templates (resource status, forms, appointment reminders)

• Read (read data only)

• Create (enter data)

• Change (enter, edit and delete data)

• All rights (full access to data)

These rights can be assigned differently for each area in the portal or for each module. Different roles can also be created so that users with the same tasks can be assigned the same rights quickly and easily.

General Recommendations

For the secure usage of our system, we strongly recommend abiding by the following principles to secure the login. The most important of these are:

Strong Passwords

Passwords should be chosen in a way that they are difficult to compromise. We recommend following the advice from the BSI on choosing secure passwords. Our system enforces some of these rules. Nonetheless we recommend our customers choose secure passwords to match their own security requirements.

See the article from BSI: Sichere Passwörter erstellen (English here)

Blocking of Users

We also protect against unauthorized access by automatically blocking the login after several invalid login attempts. Also the Administrator can block everytime inactive users or can completely delete the user logins that are no longer required.
It is also possible to force the administrator to change a user's password. This then happens in a dedicated way

Access Control via IP Restrictions

Access control can also be set up by restricting IP addresses to individual IP addresses or network areas. This allows access exclusively via a known and confirmed environment and at the same time prevents unauthorized access from anywhere.

Multi-factor Authentication

Our systems support multi-factor authentication. We strongly recommend that it is enable and used for all accounts. As an administrator, it is possible to force all users to use multi-factor authentication.

Session Timeouts

Inactive users are automatically logged out after a specific period of time. This period can be specified by the administrator. We recommend to configure this value based on our customers’s own security requirements.

Use of Admin Account

We strongly recommend to not use the administrative account for daily tasks. It should only be used to administer the system. That is, for user and permission management.