Controlling record access
Confidentiality policies in EMIS Web let you restrict who can view patient data. You can apply a policy to the entire record or only certain entries (like specific problems). If you try to open a record covered by a confidentiality policy, a clear warning is displayed, and you can only proceed if you have the correct permissions.
Work groups and RBAC permissions
Confidentiality in EMIS Web is managed via work groups (such as Doctor, Clinician, or Mental Health Professional) and specific RBAC activities. If a user is not in the relevant work group, or lacks RBAC B0070 Access Patient Sealed Data, they cannot view the restricted information. This helps ensure that only the right staff see potentially sensitive details.
“Using confidentiality policies can strengthen security and give patients peace of mind, while also helping practices meet data protection requirements.”
Overriding a policy (if authorised)
Even if you do not appear on the correct work group, a valid role holder with RBAC B0070 can override the confidentiality policy in EMIS Web. Any override is logged and will trigger a notification to the user who originally applied the policy, ensuring accountability.
