Role/privs limited to only uploaded patient lists

Is there a way to create a set of roles/privs (profile) to limit a class of users to search only notes associated with uploaded patient lists? I tried creating a profile with create/edit list privs, but these privs are tied to searching all patients. And removing the ACCESS_EMERSE privilege shuts the user out, whereas granting this privilege allows counts to be generated against all patients. We’d like to be able to limit searching to sets of patients and prevent access to all patients.

Unfortunately, there’s really not a way to do this. The NEW_PT_LIST allows you to create a patient list by uploading MRNs directly (not using all patient search), whereas SAVE_ALL_PT_LIST allows a user to create a temporary patient list from the results of an all patient search. But, nothing prevents an all patient search from being done. You can prevent them from seeing snippets, charts, and the timeline in the all patient search results with privileges, but the overall count will always be visible.

That was our conclusion as well. Thanks for confirming our analysis.

Hi Reed, if I fully understand your question I think you can get close to what you are looking for. Basically, you can turn off the ability for a user to do almost anything except for working with a list that is shared to them. Right now there is no privilege set up to turn off “find patients” but you can turn off all aspects of that except for the overall count. So with the current privleges you could set things up so that (1) a user could do a search across the entire dataset to get a count based on that result but never see any PHI or the notes associated with that search and (2) go through the notes for a patient list that was shared to them and see the PHI for that specific list but not be able to look up anyone else. In such a scenario you would need someone else to create and share the patient list with them. So in that sense, the user wouldn’t be able to upload the patient list on their own, but if someone (like an admin) uploaded the patient list and shared it to them, that is all that the user could look at. We can also explore adding the ability to turn on/off the “Find patients” option altogether as another privilege in an upcoming release. If you’d like to discuss further or have me clarify this further I am happy to either through Discourse or via e-mail/phone. – David Hanauer

I should also add, this is described in our documentation here:


Look at the Table 4, third row where the only privilege is “ACCESS_EMERSE” and the description essentially matches what I wrote above. I can also demo this for you sometime if you’d like.