ACL is a feature of Catalyst that restricts user access for specified client(s). With the aid of an administration console, this feature is implemented by restricting access to specified clients and all screens containing that client information.
Important Notes about ACL Super User Accounts
The person selected to have access to ACL should be a privacy officer or equivalent. It is important to understand that the ACL Super User account will be responsible for promoting any other existing Catalyst accounts to a Super User; Super User accounts should be provided with discretion. It is also worth noting that any existing or new Catalyst Administrator accounts can reset passwords and then log in as that account including an ACL Super User account. Proper business and privacy practices should be in place.
To enable the ACL module a senior staff member of an HSP must make a request to the DATIS Help Desk; their existing Catalyst account will then be promoted to an ACL Super User and they’ll be given access to the ACL module. DATIS will only provide access to the first account.
Once an account has been given access to ACL they can then give other users access.
Definitions
Unlocked Client
A client record with unrestricted access; any user, with client information rights can access the client record Protected Health Information (PHI). By default all client records are unlocked.
Locked Client
A client record with restricted access can only be viewed by the Admin/Super User or by the Catalyst User that has a mapped relationship with the locked client. All other Catalyst users are not able to view PHI such as client first name, last name, date of birth, etc.
Client unlocked to a user
A locked client accessible to a particular Catalyst user(s)
ACL Super User /ACL Role
The Catalyst user with this role, while in the ACL console, can access any client including locked clients and exercise user privileges: lock, unlock users, unlock client to a user, etc.
Assign Role
Identify who can work with locked clients by assigning a Role to the Service Provider
Map Relationship
Map the relationship between the Locked client and Service Provider Lock the client - identify the client to lock.
Un-map a relationship
When the relationship is interrupted, the service provider can no longer access PHI of that client.
