User Management and Access Policies in Lotus:Medplum
This documentation covers how to create users, assign them the correct roles and access policies, and ensure that data remains secure within ClaimPower's platform.
Creating Users in the Dashboard
To create a user in the ClaimPower dashboard:
Logged in as an admin user, navigate to the project details, and the users tab, in this url.
In the invite new member form, fill in the user's email address, and select the role you want to assign to the user.
Use the role Practitioner and the Access Policy created for practitioners.
-
Navigate to the User Management Section:
- In the dashboard, click on User Management.
- Choose the Practitioner, Related Person, or Patient user type based on the role you want to assign.
-
Add User Information:
- Input details such as the user's full name, email, and role.
- Assign them to an Organization if relevant (e.g., for provider users).
-
Assign Project and Access Policies:
- Select the appropriate Project (e.g.,
ClaimPower DevorClaimPower Production). - Apply the Access Policy that defines what this user can view or edit.
- Select the appropriate Project (e.g.,
-
Finalize Creation:
- After filling in the necessary fields, click Save. The new user will now have access based on the assigned project and policies.
What are Access Policies?
Access Policies define what data a user can access within the system. These policies are used to control access to resources, ensuring that users only see the data they are authorized to interact with.
Example Access Policy
An access policy might restrict a provider to only see their own patients' records. Here's how it works:
{
"resourceType": "AccessPolicy",
"name": "Provider-Patient-Access",
"description": "Restricts providers to viewing only their assigned patients.",
"resource": [
{
"reference": "Patient/{patient-id}",
"access": ["read"],
"condition": {
"expression": "Practitioner/{practitioner-id} in Patient.careTeam"
}
}
]
}
PractitionerRole
PractitionerRole covers the recording of the location and types of services that Practitioners are able to provide for an organization.
The role, specialty, Location telecom and HealthcareService properties can be repeated if required in other instances of the PractitionerRole. Some systems record a collection of service values for a single location, others record the single service and the list of locations it is available. Both are acceptable options for representing this data. Where availability, telecom, or other details are not the same across all healthcareservices, or locations a seperate PractitionerRole instance should be created.
Additional information can be included in the Resource using the extension array:
{
"extension": [{
"url": "https://dev.lotuscares.ai/api/extensions/claimpower_id",
"valueString": "XXXX"
}],
"resourceType": "PractitionerRole",
"practitioner": {
"reference": "Practitioner/xxx",
"display": "Mr Manager"
},
"organization": {
"reference": "Organization/xxx",
"display": "Ice Cream Inc"
},
"location": [
{
"reference": "Location/xxxx",
"display": "Downtown Clinic"
}
],
}
Create a new PractitionerRole
To create a new PractitionerRole in the dashboard
Providers, Organizations and locations are connected through the PractitionerRole resource.
This resource is used to define the roles and responsibilities of a practitioner in a specific organization and location.
The providers can be assigned to multiple organizations and locations, and each organization can have multiple providers.
The providers can view and edit the data of the patients assigned to them based on the relationshiop thru the organization.
When a user logs in, they can see the organizations associated with them:
