Magic MEDITECH Information System Application (MIS)
Users and Password Management
Version: January 10, 2013
Release 5.66
MEDITECH
Copyright by Medical Information Technology, Inc.
MEDITECH Circle, Westwood, MA 02090
781-821-3000
This information is proprietary and should be treated accordingly.
Users and Password Management TABLE OF CONTENTS
1 Passwords and Security Management........................................1
1.1 Managing Terminals...................................................9
2 Overview of User Dictionary and Access Routines.........................12
2.1 Enter/Edit User Dictionary..........................................13
2.1.1 Initialize User from Another User.................................27
2.1.2 Application Menus Screen..........................................28
2.1.3 Clinical Information Screen.......................................37
2.1.4 Clinical Information Provider Screen..............................47
2.1.5 MAGIC Office Screen...............................................51
2.1.6 Report Writer/Financial Data Access Screen........................61
2.1.7 System Sign-on Data Screen........................................68
2.2 List by Security Group..............................................69
2.3 Enter/Edit User Colors..............................................71
2.4 Enter/Edit Clinical Preferences.....................................77
2.5 Print Audit Trail...................................................81
2.6 Copy Access Dictionaries............................................83
2.7 Update Database Access..............................................85
3 Overview of User Password and Other Maintanence Routines................88
3.1 Change Expiration Dates.............................................90
3.2 Reset `Old' Passwords...............................................93
3.3 Assign One Time User Password.......................................94
3.4 List Changes By User................................................96
3.5 List Changes by Device..............................................98
3.6 List Changes by Time...............................................100
3.7 Auto-Expire Report.................................................102
3.8 Print Activity Log By User.........................................104
3.9 Print Activity Log by Device.......................................107
3.10 Print Activity Logs by Time........................................110
3.11 Print Patient Audit................................................113
3.12 Print Client Temp Audit............................................114
3.13 Download Client Temp Audit.........................................118
3.14 Print Archived Patient Audit.......................................119
3.15 Security Group Dictionary..........................................120
3.16 User Location Dictionary...........................................123
4 Distribution Groups Dictionary: Overview..............................128
4.1 Enter/Edit Distribution Groups Dictionary..........................131
4.2 List Distribution Groups Dictionary................................137
4.3 Change User Responsibility.........................................140
4.4 Copy Distribution Groups...........................................142
4.5 Delete Distribution Groups.........................................144
4.6 List User's Distribution Groups....................................145
4.7 List Responsible User's Distribution Groups........................146
4.8 Enter/Edit Group Subscription Routine..............................147
5 Overview of Electronic Signature.......................................148
5.1 Enable/Disable Electronic Signature................................151
5.2 List Electronic Signature Log......................................152
5.3 Enter/Edit Electronic Signature Alternates.........................154
5.4 Alternate Electronic Signature Signees Report......................155
5.5 List Electronic Signature Alternates Log...........................156
6 Dictionary Audit Trail and Miscellaneous Routines Overview.............158
6.1 Print Dictionary Audit Trail.......................................160
6.2 Print Encryption Setting Audit Trail...............................163
6.3 List Reporting Hierarchy...........................................164
6.4 List Organization..................................................165
6.5 Transfer MAGIC Office Files........................................166
6.6 Transfer Status Routine............................................168
6.7 Dictionary Mass Edit...............................................169
6.8 Dictionary Quick Edit..............................................170
6.9 Print Workstation Audit Log........................................172
6.10 Purge Workstation Version Audit of Old Devices.....................173
6.11 Initialize Workstation Version Audit Routine.......................174
INDEX....................................................................175
Passwords and Security Management (1) Page 1
Chapter 1: Passwords and Security Management
Use the Security page of the MEDITECH Information System (MIS) parameters to
define the way your health care organization defines user passwords. To define
the parameters that best suit the needs of your organization, contact your
MEDITECH MIS Applications Specialist.
Your organization can use a Single Key or Double Key password signon system. In
a Single Key signon system, each user is assigned a unique password. In a
Double Key system, each user is assigned a unique User ID and a password.
Passwords in Double Key systems need not be unique.
You can also use the MIS User Dictionary to control the information and modules
to which you assign users access. For example, you may want to limit the access
of a specific user to the Billing/Accounts Receivable (B/AR) Module or to
routines that can alter patient records.
For more information, see the section titled "Overview of User Dictionary and
Access Routines."
The following table includes the MIS parameters and routines that your
organization uses to define pasword and security information.
To Define Use the MIS
----------------------- ---------------------------------------------------
Expiration dates Pw Change Interval (Days) parameter (Single Key
Systems only)
Expiration Date prompt in the User Dictionary
Change Expiration Dates Routine (available only if
you defined a value at the Pw Change Interval
(Days) parameter)
Note: The value you enter at the Pw Change Interval
(Days) parameter overrides the value you enter via
the Expiration Date prompt or the Change Expiration
Dates Routine.
System-generated New Passwords Specified By parameter (Enter
passwords SYSTEM)
User-defined passwords New Passwords Specified By parameter (Enter USER)
A minimum Password Minimum Length parameter
password length
A password format Password Format parameter
Whether users can Extensions? prompt in the User Dictionary
Passwords and Security Management (1) Page 2
obtain new passwords
upon expiration
When original Pw Re-Use Interval (Days) parameter
owners can re-use
expired passwords Reset 'Old' Passwords Routine
User ID format User Id Format parameter
Hidden or visible Echo User ID parameter
User ID text
during signon
The number of days after Auto-Expire Interval (Days) parameter
which passwords expire
if users do not sign
onto the system
Encrypted passwords Encrypt Passwords? parameter
(that is, passwords
stored internally in
coded format)
Hidden passwords that Hide Passwords? parameter
do not appear in
the MIS User Dictionary
Automatic password Expire On Failed Sign On? parameter
expiration after three
consecutive, failed
signon attempts
A one-time Assign One Time Use Password Routine
user password (Available on custom menus only)
Defining Parameters for Double Key Systems
In Double Key systems, all User IDs must be unique, but user passwords need not
be. With the exception of the Password Re-Use Interval parameter, all password
expiration routines and parameters function as they do with Single Key systems.
For organizations that use double key systems, the Password Re-Use Interval
parameter is unnecessary and inaccessible.
Defining the User ID Format (Double Key Systems only)
In Double Key systems, the mnemonic of each user appears as the default
response in the User ID field during signon. Each user at your organization is
assigned a unique User ID. To define an alphanumeric format for User IDs, enter
a value at the User ID Format parameter.
Passwords and Security Management (1) Page 3
The value you enter at the User ID Format parameter affects edits to future
User IDs only (that is, current User IDs are still valid). If you leave this
parameter blank, User IDs can include any combination of zero to 10
alphanumeric characters.
Password Expiration
Password expiration is optional. You can assign expiration dates to some
passwords and not to others. When passwords expire, only currently authorized
users can access the system. For example, you might want to assign expiration
dates to all user passwords except for those of the president and data
processing manager.
The system calculates password expiration dates as follows:
Password expiration date = Password acquisition date + Value at the Pw
Change Interval parameter
Acquiring Passwords after Expiration
You might want to define password expiration dates for specific users only. For
example, you might want to allow regular, full-time employees to acquire new
passwords. However, you might want to prevent short-term or seasonal employees
from acquiring new passwords after their jobs are completed.
If you enter Y at the Extensions? prompt in the MIS User Dictionary, a user can
acquire a new password on or after his or her password expiration date. When
the password expiration date arrives, the user can access the system three
additional times. On the fourth sign on attempt, the system prompts the user to
acquire a new password.
If the user does not select a new password, he or she cannot access the
MEDITECH system. However, the user can obtain a new password in the future.
Also, an authorized user can edit the User Dictionary to assign the user a new
password at any time.
To prevent a user from acquiring a new password upon expiration, enter N at the
Extensions? prompt. When the password expiration date arrives, the user is
allowed access to the system three additional times before he or she is denied
access.
Defining Passwords that Automatically Expire
Use the Auto-Expire Interval parameter to define the number of days of user
inactivity (that is, users do not sign onto the system) after which users
passwords automatically expire.
After the password for a user expires, the value in the Extensions? field in
the MIS User Dictionary changes to X. The user cannot sign onto the system
without the intervention of an authorized user. When your organization assigns
Passwords and Security Management (1) Page 4
the user a new password and expiration date, the value in the Extensions? field
returns to the previous value.
If you enter N in the Extensions? field, an active user who has not signed onto
the system can do so indefinitely. If the user signs on after his or her
password expires, a prompt appears that allows the user to select or receive a
new password.
Defining Passwords that Expire after Failed Signon Attempts
To define user passwords that expire after three consecutive failed sign on
attempts, enter Y at the Auto-Expire Interval. The keyboard locks for 60
seconds, the user password expires, and the value in the Extensions? field in
the MIS User Dictionary changes to X.
If you enter N, the keyboard locks for 60 seconds but the values in the
Password Expiration Date and Extensions? fields remains the same.
Reactivating Expired Passwords (Single Key systems only)
The MEDITECH system allows you to reactivate expired passwords.
You can use the PW Re-Use Interval parameter to reactivate a password for the
original user because he or she finds the password easy to remember.
In addition, you can use the Reset 'Old' Passwords Routine to reactivate and
recycle a password that expired on a specific date (for example, 2 years ago).
You can assign reactivated passwords to a new user.
Note: If you do not enter a value at the PW Re-Use Interval parameter, you
cannot reactivate expired passwords.
Assigning System-Generated vs. User-Defined Passwords
After password expiration, authorized users must be able to acquire new
passwords. You must select a password assignment method via the New Passwords
Specified By parameter. You can assign user-defined passwords or system-
generated password.
Assigning User-Defined Passwords
If your organization assigns user-defined passwords, the system asks each user
to enter a new password when the password expiration date arrives. Users must
adhere to the format and minimum length defined in the MIS parameters. In
addition, users can enter only acceptable characters (the 26 letters of the
alphabet and the digits zero to nine). For Single Key systems, passwords must
be unique.
For security, the characters do not appear when a user enters a new password.
Passwords and Security Management (1) Page 5
In addition, the system requires the user to re-enter the new password. The
system allows the user to proceed only if the two entries match.
For information on how to reactivate expired passwords, see the section titled
"Re-using Old Passwords."
Assigning System-Generated Passwords
If your organization assigns system-generated passwords, the system asks the
new user to accept a new password when the password expiration date arrives. If
the user accepts the new password, the new password appears on the screen for a
few seconds only. The user must then enter the new password exactly as it
appeared.
If the user does not enter the password correctly, an error message appears,
and the password becomes unavailable. If your organization assigns system-
assigned passwords, you must enter a value at the MIS Password Format
parameter.
Defining Password Formats
Use the MIS Password Format parameter to define the format of user passwords.
Enter A for alphanumeric characters and N for digits only. For example, if you
enter AANN, passwords must include two alphabetical characters followed by two
digits (for example, PR65).
For user-defined passwords, you must enter a value at either the Password
Format or the Password Minimum Length parameters. If you define a minimum
length, users can enter a password of any format (providing it meets or exceeds
the password minimum length).
If your organization uses system-generated passwords, you must define a
password format. The system uses the format you define to randomly generate
passwords when current passwords expire.
Defining the Minimum Length of Passwords
The minimum password length you define depends on whether your organization
uses user-defined or system-generated passwords. For user-defined passwords,
you define the length at the Password Minimum Length parameter. For system-
generated passwords, the length of the value you enter at the Password Format
parameter defines the minimum length of the password.
MEDITECH recommends that you consider the following when you define the minimum
length of passwords at your organization.
* Number of users in your organization
* Employee turnover rate
Passwords and Security Management (1) Page 6
* Password turnover rate (that is, how frequently users acquire new
passwords)
For example, a small health care organization might require a minimum password
length of only three characters. However, a large hospital that regularly
assigns new passwords might require a minimum password length of five
characters.
Note: In Single Key systems, you can use the Reset 'Old' Passwords Routine to
reset expired passwords. Expired passwords are then available for reassignment.
Listing Changes to Passwords
You can use the following routines to list changes made to passwords. The
following routines list password changes by user, time, or device.
To List Changes
According to the Use this Routine
------------------------ ------------------------------------
User who made the change Print Password Audit Trail By User
Date and time of change Print Password Audit Trail By Time
Device on which the Print Password Audit Trail By Device
user made the change
For more information, see the documentation for each routine.
Emulating Users
Use this routine to allow a specific user to sign onto the system as another
user. (This routine does not exist on a standard menu. You must add this
routine to a custom menu via DPM Z.emulate.user.)
For example, if User A emulates User B, User A sees the same information that
User B sees (for example, menus), but User A does not see User B's password.
User A enters either User B's mnemonic or name to emulate him or her.
To prevent emulation of a specific user at your organization, use the Restrict
Emulation prompt in the MIS User Dictionary. The system then prevents users at
all access levels from emulating that user.
Network authenticated sites that emulate users might compromise security.
Listing Emulation Activity
You can use the List Emulation routines to print emulation activity. (You must
place these routines on a custom menu.)
The List Users Who Were Emulated Routine (MIS.USER.list.emulated.users) lists
Passwords and Security Management (1) Page 7
users who were emulated by a specific user. The List Users Who Emulated
Other Users (MIS.USER.list.emulating.users) Routine lists users who emulated
a specific user.
Note: User Activity Logs associate emulation activity with the emulated user.
You must cross-reference activity logs with the List Emulation reports to
discover which user actually performed the activity.
Encrypting Passwords
Use the Encrypt Passwords parameter to encrypt user passwords and stored
internally in a coded format. Neither users nor MEDITECH can decipher encrypted
passwords.
The Password field in the MIS User Dictionary displays only asterisks (*). The
field does not indicate the password length. If your organization encrypts
passwords, you must assign new passwords to users who forget their passwords.
Hiding Passwords
If you do not want to encrypt user passwords, but you want to hide them from
users who edit the MIS User Dictionary, enter Y at the Hide Passwords
parameter. The Password field in the MIS User Dictionary displays only
asterisks (*). If a user forgets his or her password, MEDITECH staff can
retrieve it internally.
If you enter N at both the Encrypt Passwords and Hide Passwords parameters,
users passwords appear in the Password field.
Echoing User IDs
Use this parameter to control whether the User ID prompt on the sign on screen
displays the characters the user enters during signon.
If you enter Y, each character the user types appears in the User ID field. If
you enter N, nothing appears in the field during signon.
Using Password Routines on Custom Menus
For Double Key systems, you can assign the Assign One Time Use Password
(Z.assign.pw) and Expire Own Password (MIS.USER.expire.own.pw) routines to
custom menus.
Assigning One Time Use Passwords
You can assign the Assign One Time Use Password Routine to a custom menu to
assign a new password to a user after his or her password expires.
Passwords and Security Management (1) Page 8
When a use password expires, you can run this routine to assign a new password
that expires immediately after one entry. The user then selects or receives a
new password.
Note: When you enter a new user via the MIS User Dictionary, this routine runs
automatically when you enter a value at the Password prompt.
Allowing Users to Invalidate Their Own Passwords
You can assign the Expire Own Password Routine to a custom menu to allow users
to invalidate their passwords and obtain new ones. Your organization can use
this routine to allow users to control password expiration without providing
them access to the MIS User Dictionary.
To use this routine, a user must first enter his or her current password to
expire it. The next time the user signs onto the system, he or she can select
or receive a new password.
Note: A user can invalidate his or her own password via this routine only.
Managing Terminals (1.1) Page 9
1.1: Managing Terminals
In addition to controlling access to MEDITECH applications in the User
Dictionary, you can also control access at specific terminals. Terminals can
be restricted at a variety of levels. For example, you can restrict a
terminal used to admit patients to the Admissions application. You might
restrict the terminals you use for training to a test directory.
Because the user and the terminal being used can have different restrictions,
the most restrictive case always applies. For example, even though a
terminal allows unrestricted access, the user is still restricted to the
applications authorized in the MIS User Dictionary. Remember that access to
applications is directory and password-specific, dependent on the MIS User
Dictionary.
Entering Terminal Restrictions
You can restrict access at a specific terminal through routines on the
Operating Systems Utilities Main Menu. At this menu:
1) Select the System Management Menu.
2) Select the Enter/Edit Devices Routine.
Note: For more information about this routine, see the section titled
"Enter/Edit Devices" in the MAGIC Operating System Utilities manual.
On the Enter/Edit Devices screen, the level of restriction you want to apply to
a device determines your responses to the following three prompts:
* Segment?
* Directory?
* Program?
If you leave these three prompts blank, the terminal is not restricted; each
user must identify the desired segment, directory and program when signing on.
Users are limited only by restrictions set up in the User Dictionary.
However, using the above prompts you can restrict a terminal to:
* multiple directories (test and live)
* a single directory (test or live)
Managing Terminals (1.1) Page 10
* a single MIS
* a single application
* a single application database
To restrict a terminal, you first enter the appropriate segment and directory.
You can then enter one of the following programs:
* Z.sign.on - to restrict a terminal to a single MIS directory (TEST.MIS
or LIVE.MIS directory)
* MIS.signon - to allow access to both directories
Restricting a Terminal to a Single Directory
To restrict a terminal to a single directory, you first enter the appropriate
segment and directory. You then enter Z.sign.on at the Program?
prompt.
For example:
Segment? A
Directory? TEST.MIS (restricts the terminal to the test directory)
Program? Z.sign.on
The above responses restricts the selected terminal to the test directory. A
user signing on to the terminal can still choose the appropriate application.
Adding Further Restrictions
You can further restrict a terminal by following the Z.sign.on program with
the following:
* an MIS database (if the directory supports more than one MIS database).
If a directory supports only one MIS database, enter nil ("").
* an application or an application database mnemonic. If you enter an MIS
database argument, you must enter a second argument.
You can use the above arguments in one of the following ways:
To restrict a terminal to an application (for example, the PP application
database) with only one facility, you would enter the following at the
Managing Terminals (1.1) Page 11
Program? prompt:
Z.sign.on("","application database.billing mnemonic")
For example:
Z.sign.on("","PP.CBM")
To restrict a terminal to an application with multiple facilities, you would
enter:
Z.sign.on("","application database")
For example:
Z.sign.on("","PP")
To restrict a terminal to a single application database with multiple
facilities, you would enter:
Z.sign.on("","application database")
For example:
Z.sign.on("","PP.FAC")
Note: The MIS database (if more than one) appears as the first argument.
quotes. The application (or application database) to which the terminal
is restricted appears in the second argument.
Allowing Access to Both Test and Live Directories
Terminals that require access to both TEST.MIS and LIVE.MIS directories can be
controlled via the MIS.signon program. For example:
Segment? A
Directory? TEST.MIS or LIVE.MIS
Program? MIS.signon
Users who sign on to the terminal can select the directory.
Overview of User Dictionary and Access Routines (2) Page 12
Chapter 2: Overview of User Dictionary and Access Routines
The following table describes the tasks and routines associated with the User
Dictionary and access routines.
To Use
----------------------------------- -----------------------------------
Enter and edit user information User Dictionary
for your MEDITECH Information
System (MIS).
List user information. List User Dictionary
Print a report of security List Users By Security Group Routine
group member's information except
for User ID and password.
Change a user's screen colors for Enter/Edit Colors Routine
all modules.
Print a report of changes made to Print User Audit Trail Routine
User Dictionary entries.
Copy Access Dictionary information Copy Access Dictionaries
from one user to another.
Add or delete access to an Update Database Access Routine
application database, menu,
and MAGIC Key Menu for
one or more security groups
and/or individual users.
Enter/Edit User Dictionary (2.1) Page 13
2.1: Enter/Edit User Dictionary
Use the MIS User Dictionary to enter and edit user information for your
MEDITECH Information System (MIS). Since your MEDITECH system may consist of
several modules, the data stored in this dictionary affects the entire system
and the users' ability to access this system.
Note: This dictionary controls access privileges of users. Because you can
grant and/or deny user access to your MEDITECH system, access to this
dictionary should be limited to a small number of users.
General MIS User Dictionary Screen
This screen allows you to specify for each user
* mnemonic, active status, full name, monogram for identification on narrow
reports, alias for identification if the user has changed names
* mnemonic and name of supervisor, and whether the user is a supervisor and,
if so, the mnemonic of a distribution group consisting of employees who are
supervised by this user
* office location and/or phone number or extension
* whether the user is able to fax and send remote mail to recipients
* user identification, password, password expiration date, and whether to
allow this user a new password when the current password expires
* whether the system allows other users to emulate this user
* the maximum number of simultaneous sign-on sessions the system allows this
user
* security level that the system allows this user (for example, OWN)
* automatic application database Lookup at sign on
* whether this user can access the Dictionary Mass Edit and Dictionary Quick
Edit routines and if so, which dictionary that they can access using those
routines
* number of entries to display on Lookup screens (system default appears to
the right)
* security groups to which this user is either a member or authorized to edit
a member's MIS User Dictionary entry
* distribution groups that include this user
* license plate identification and state to which the automobile is registered
Enter/Edit User Dictionary (2.1) Page 14
Changing a User's Name (Aliases)
If a user marries and changes his or her name, update the Name prompt and
enter the user's old name at the Alias prompt. These prompts allow you to
identify this user using either the new or original name while maintaining up-
to-date information for this user.
Users who have been assigned aliases may be identified by either name in any
routine that allows you to enter a user's name. If you enter the alias, the
new name appears and is marked with an asterisk ("*") as a reminder that the
user's name has changed. If you enter the new name, however, there is no
indication that the user has an alias.
Parameter-Defined Labels
The wording of three of the prompts on this screen is defined in your MIS
Parameters. Therefore, the following three prompts may not have the same names
in your system as in this documentation:
* Supervisor
* Is User A Supervisor?
* Office
Regardless of the labels, the purposes of each of these prompts are the same.
Passwords
Each user must be assigned a password. If your health care organization is set
up as Double Key, User IDs are also required. For more information, see the
section titled "Passwords and Security Management."
Displaying Application Databases on Lookup Screens During the Sign-on
Process
The system can automatically display a Lookup of the user's authorized
application databases after the user enters his or her password. Then, the user
needs only to enter the number that corresponds to the application database
that they want to access.
To set up this feature, enter Y at the AUTO SIGN-ON Lookup? prompt on General
screen of the User Dictionary. This Lookup only displays the application
databases that this user access on the Applications Menu screen of the MIS User
Dictionary.
NOTE: If the user is only authorized to access one application database,
no Lookup appears. Instead, that module starts immediately after
Enter/Edit User Dictionary (2.1) Page 15
the user enters their password.
+--------------------------------------------------------------------------------------------+
| Enter/Edit Users |
|============================================================================================|
|Mnemonic Last Edited by on |
| |
|Active? |
|Name Monogram s |
| |
|Supervisor |
|Is User a Supervisor ibution Group |
|Location Phone Fax Access |
| |
|Domain Network Username NT Authentication Enabled |
| |
| |
| |
|User ID Restrict Emulation Logons Allowed |
|Password Expiration Date Extensions? |
| |
|Security Level Allow User Dictionary Mass/Quick E onaries |
| |
|Auto Sign-On Lookup? |
|# Lookup Entries tem Default |
| |
|User Security Groups Edit? Distribution Groups License State |
| |
| |
+--------------------------------------------------------------------------------------------+
Mnemonic
Enter a unique mnemonic code to identify the entry you
want to create or edit.
Lookup: Entries in this dictionary
To view active entries only, press .
To view active and inactive entries, type /B and press
.
Partial Lookups are available. For example, to display
a Lookup of active and inactive dictionary entries whose
mnemonics begin with G, type G/B and press .
-- Entering an Existing Mnemonic --
If you enter an existing mnemonic, the system displays
Enter/Edit User Dictionary (2.1) Page 16
all previously entered information for the dictionary
entry. You can then edit this dictionary entry.
-- Entering a New Mnemonic --
If you enter a new mnemonic, a prompt appears asking if
you want to create a new entry. If you create a new
entry, you can then enter the dictionary information at
the prompts. If you do not create a new entry, the
Mnemonic prompt clears and you can enter a different
mnemonic.
Active
If you want this entry to be active, enter Y.
Active entries are eligible responses at prompts that
refer to this dictionary. Users identify an active entry
by typing its mnemonic or by using the Lookup.
If you want this entry to be inactive, enter N.
Inactive entries can be viewed in enter/edit
dictionaries and listed in some list dictionaries.
Name
Enter a name for the entry. This name can
appear in Lookups and on reports to further
define this dictionary entry.
Monogram
On certain reports and printouts generated by MEDITECH
applications, the 10 characters allowed for the user's
mnemonic will not fit. To solve this problem, you
assign each user a short (maximum of three characters)
identifier at this prompt, which identifies the user on
narrow or crowded reports and screens.
The monogram can consist of any combination of letters,
numbers and punctuation. Unlike mnemonics, monograms
need not be unique.
Alias
Enter an optional additional name for the selected user,
using the LASTNAME,FIRSTNAME REST format and up to 20
characters of free text. Users can use either this or
the name defined at the NAME prompt to identify a user.
Enter/Edit User Dictionary (2.1) Page 17
This feature is especially useful if employees marry and
you want to allow other users to identify them by their
former names. Enter the new name at the NAME
prompt, and the former name at the ALIAS prompt.
Supervisor
Enter the mnemonic of the supervisor of the selected
user. The supervisor's name appears to the right.
Lookup: MIS User Dictionary
This prompt allows you to set up an employee hierarchy
and create distribution groups that consist of the
employees who are supervised by the same supervisor.
Note: The wording of the prompt is defined in your
MIS Parameters. Therefore, this prompt may be called
something other than SUPERVISOR. Regardless of the
label, the purpose of this prompt is the same.
Is User A Supervisor?
If the selected user is a supervisor, enter Y;
otherwise, enter N.
If you enter Y at this prompt, you can specify a
Distribution Group that will consist of all users
who are subsequently assigned to the selected
supervisor.
If you enter N at this prompt, the routine skips the
Distribution Group prompt.
Note: The wording of the prompt is defined in your
MIS Parameters. Therefore, this prompt may be called
something other than Is User A Supervisor?. Regardless
of the label, the purpose of this prompt is the same.
Distribution Group
If Y appears at the Is User A Supervisor? prompt, the
cursor stops at this prompt.
To create a supervisor's distribution group, enter a
mnemonic at this prompt. This can be either the
mnemonic of an existing distribution group or the
mnemonic of a new distribution group
Enter/Edit User Dictionary (2.1) Page 18
Lookup: MIS Distribution Group Dictionary
The distribution group whose mnemonic appears here will
consist of all users who are subsequently assigned
to the selected supervisor.
Location
Enter the mnemonic of the office location to which the
selected user is permanently assigned.
Lookup: MIS User Location Dictionary entries that are
permanent locations (see the Allow in User
Dictionary? prompt in the MIS User Location
Dictionary)
Note: The wording of the prompt is defined in your
MIS Parameters. Therefore, this prompt may be called
something other than OFFICE. Regardless of the label,
the purpose of this prompt is the same.
Phone
Enter the phone number or phone extension of the user,
using up to 18 characters of free text.
Fax Access
When a user tries to send a FAX, the access level
defined in the User Dictionary will be checked. The
defined level determines whether or not the user is
allowed to send faxes and the types of recipients that
can be entered if the user is given access to the faxing
feature.
The values which can be entered for this field are:
NONE The user has no fax access. If the user enters
FAX or a fax type spool group at any Print on
prompt, a message appears indicating that the user
cannot use the faxing feature.
DICT The user is allowed to send faxes to FAX
recipients which reside in the following
dictionaries:
* Fax Recipient Dictionary
* Fax Recipient Group Dictionary
* Insurance Dictionary
* Outside Location Dictionary
Enter/Edit User Dictionary (2.1) Page 19
* Provider Dictionary
* Vendor Dictionary
ALL The user is allowed to send faxes to free text
recipients as well as recipients in the following
dictionaries:
* Fax Recipient Dictionary
* Fax Recipient Group Dictionary
* Insurance Dictionary
* Outside Location Dictionary
* Provider Dictionary
* Vendor Dictionary
NT User Name
The value you entered at the Mnemonic prompt appears in
upper case characters as the default response.
You can edit this value for new users only. Enter the
User Name defined in the network operating system.
Users who log onto the system via the network operating
system enter the network User Name entered during the
log-on process.
Note: This prompt appears only if your health care
organization is converting to or has completed a
conversion to network user authentication.
Restrict Emulation
To prevent all other users from emulating this user,
enter Y.
To allow all other users (with access to the Emulate
User Routine) to emulate this user, enter N or leave
this field blank.
Logons Allowed
Enter the maximum number of devices (that is, terminals
or PCs) from which you want to allow this user to log
onto the MEDITECH system simultaneously.
For example, to allow this user to log onto a maximum
of two devices simultaneously, enter 2. This user can
then log onto the MEDITECH system from two terminals or
PCs at the same time.
Enter/Edit User Dictionary (2.1) Page 20
If you enter 2, the system does not allow the user to
log onto a third device. If this user logs onto the
system from a third terminal or PC, a warning message
appears.
To allow this user to log onto only one device, enter
1. If you leave this field blank, this user can log
onto as many devices as he or she wants.
Password
Use free text to enter the password you want this user
to enter to log onto the MEDITECH system.
If your organization uses network operating system
passwords to authenticate users, you cannot enter a
value.
-- System-Generated Passwords --
System-generated passwords automatically appear here.
The system automatically generates passwords that
conform to the MEDITECH-defined format.
To edit a system-assigned password, delete it and enter
N. The system generates and displays a new password
here.
-- User-Defined Passwords --
Enter up to 20 alphanumeric characters (exclude spaces
and special characters). A user-defined password must be
different from the user mnemonic.
If you enter a password that is assigned to another
user, you must enter a different password.
Note: MEDITECH defines whether passwords are system-
generated or user-defined. MEDITECH also defines the
format for system-defined passwords and the minimum
number of characters for user-defined passwords.
Expiration Date
If a date appears here, it indicates when this user will
have to obtain a new password or be prevented from
signing on (see the Extensions? prompt).
Enter/Edit User Dictionary (2.1) Page 21
--How This Date is Calculated--
If a value has been entered into the MIS PASSWORD
CHANGE INTERVAL parameter, an expiration date appears
here when the user is initially entered into the User
Dictionary, and later whenever the user's password is
changed. The date is calculated as follows:
Date password Password Change Interval Expiration
entered/changed + (from) MIS Parameters = date
For example, if a user is entered into the User
Dictionary on April 1, and the password change interval
is set to 30 days, the expiration date would be May 1.
If the user obtains a new password, a new expiration
date is set again by adding the number of days in the
change interval to the date on which the password is
assigned.
--Editing This Date--
Note that authorized users can edit the expiration date
on this screen and in the Change Expiration Dates
Routine.
If you never want this user's password to expire,
simply delete any expiration date that appears here.
Extensions?
To allow the system to assign a new password to this
user when his or her password expires, enter Y.
To prevent the system from assigning a new password to
this user, enter N.
Note: You can access this prompt only if MEDITECH
defined the number of days for which passwords are
valid. For example, if passwords are valid for 30 days,
this user must change his or her password on the 31st
day.
For more information, see the section titled "Password
and Security Management."
Security Level
Enter the first letter of one of the following security
Enter/Edit User Dictionary (2.1) Page 22
levels for this user. The security level controls the
extent to which this user can enter or change other
users' information in the MIS User Dictionary.
Security level Description
-------------- -------------------------------------
NONE The user cannot access information in
the User Dictionary.
OWN The user can only change his or her
own information in the User
Dictionary.
GROUP The user can change information for
all other users in groups to which he
or she has edit capabilities. These
groups are defined at the User
Security Group prompt; the edit
prompt associated with the security
group must be set to 'Y' to give the
user edit capabilities.
ALL The user can change information for
all users. Since a user with this
security level can change information
for all users, it is unnecessary to
assign this user to user groups to
provide edit capabilities.
RESTRICTED The user can change non-password
specific information for all users.
You can restrict access to user
dictionary screens via the Restricted
User Page Access E/E screen.
On this screen, you can grant this
user editing privileges to specific
MIS User Dictionary screens. To allow
this user to edit the screen, enter Y
in the Edit? prompt next to the
screen name.
To prevent this user from editing or
viewing a screen, enter N at the
Edit? prompt.
If the Edit? prompt is set to 'N' for
the General Information screen, this
screen appears when the user accesses
Enter/Edit User Dictionary (2.1) Page 23
the User Dictionary. However after
the user enters a mnemonic, a screen
appears listing the screens to which
the user has access, or the one
screen to which the user has access
appears.
For routines that have a security
level restricted, a restricted user
has the same access of a user
assigned NONE.
A restricted user cannot edit or view
password information on the General
Information screen.
Note: Users cannot grant higher security levels to
themselves or other users. For example, a user with
security level of OWN cannot change their security level
to GROUP or ALL.
Only users with a security level of ALL can change
another user's security level to ALL.
Auto Sign-On Lookup?
If you want a Lookup of possible application databases
to appear for this user whenever he/she enters his/her
his password, enter Y; otherwise, enter N.
Users are assigned to application databases on Screen 2
of the User Dictionary.
Allow Dictionary Mass/Quick Edit?
To allow this user access to the Dictionary Mass Edit
and Dictionary Quick Edit routines, enter Y. The cursor
moves to the Dictionaries prompt. At the Dictionaries
prompt, you specify which dictionaries this user can
edit using the Dictionary Mass Edit and Dictionary Quick
Edit routines.
To deny this user access to these routines, enter N. The
cursor skips the Dictionaries prompt.
Dictionaries
Enter/Edit User Dictionary (2.1) Page 24
The cursor stops here only if the prompt Allow
Dictionary Mass/Quick Edit? is set to Y.
Enter the DPM of any dictionary which this user is
authorized to edit via the Dictionary Mass Edit or
Dictionary Quick Edit routines. Enter ALL to
allow the user access to all dictionaries available for
the Mass/Quick Edit feature.
Lookup: Dictionary DPMs
NOTE: The dictionaries the user is able to edit
will always be restricted to the databases they've
been given access to within the User Dictionary.
Also, note that a user who is responsible for
editing the MIS User Dictionary DPM must have a
security level of ALL.
# Lookup Entries
Enter the number of items that you want to appear
on the Lookup screens when this user accesses the
Lookup function.
Note: For workstation 4.x, enter a number between 5 and
20. For earlier workstation versions, enter a number
between 5 and 23.
To allow the default number of items to appear on the
Lookup screens, leave this field blank. The default
number is defined by an MIS parameter and appears to the
right in the System Default field.
The Lookup function is available at various fields in
most MEDITECH applications. A Lookup screen is always
available at a field that references a dictionary. This
function provides a screen of responses from which
the user chooses. To access a Lookup from a field,
press .
User Security Groups
Enter the mnemonics of security groups of which this
user is either a member or is authorized to edit.
Security groups are defined in the Security Group
Dictionary.
Lookup: MIS Security Group Dictionary
Caution
Enter/Edit User Dictionary (2.1) Page 25
The user responsible for editing MIS User Dictionary
information for a security group must be assigned one of
the following:
* a member of the security group with a Y in the
Edit? prompt
* have a security level of ALL
For example, a user responsible for assigning passwords
for the Pharmacy security group but for no other groups
must be a member of the Pharmacy security group and
granted edit privileges for the group (via the Edit?
prompt).
To authorize a user to edit all other users, grant this
user a security level of ALL.
By granting this user edit privileges (for some or all
security groups), you authorize them to:
* change User Dictionary information (except for
Security Level)
* complete the following password management routines
for the specified security groups
- Change Password Expiration Dates
- Change Secondary Passwords by Group
For more information, see the section titled "Security
Group Dictionary."
Edit?
To grant this user edit privileges for the user security
group, enter Y. This user is authorized to change the
MIS User Dictionary information for the group (listed at
the User Security Group prompt).
To deny this user edit privileges, enter N.
Notes: The cursor stops at this field only if your
security level is ALL (that is, the security level of
the user editing this dictionary - not the user whom you
are editing).
Also note that if your security level is GROUP, Y or N
Enter/Edit User Dictionary (2.1) Page 26
automatically appears in the Edit? field. You cannot
change the response in the Edit? field
For more information, see the documentation of the
Security Level prompt.
Distribution Groups
At this prompt, all distribution groups to which this
user belongs appear.
To delete the user from a distribution group, move the
cursor to the group's mnemonic and delete it.
To add the user to a distribution group, press to
move to the bottom of the list and enter the mnemonic of
the distribution group.
Lookup: MIS Distribution Group Dictionary
License
Enter one or more license plate numbers for this user's
automobile. You can use a maximum of 10 characters of
free text.
If you enter a license plate number, the cursor advances
to the State prompt.
If you leave this prompt blank, the routine ignores the
State prompt.
State
Enter the two-letter abbreviation of the state in which
the automobile is registered.
If you leave the LICENSE prompt blank, the cursor
ignores this prompt.
Initialize User from Another User (2.1.1) Page 27
2.1.1: Initialize User from Another User
Use this routine to define a new entry in the MIS User Dictionary based on the
content of an existing entry.
After you select an existing user, the information for that user appears on the
Enter/Edit User Dictionary screen. You can then modify the information as
needed for the new user.
This screen appears when you create a new user in the Enter/Edit MIS User
Dictionary Routine, after you enter a mnemonic for the new user.
|===============================================================================|
|Initialize from User |
| |
|Copy Distribution Groups? |
+-------------------------------------------------------------------------------+
Initialize From User
To copy information from an existing user to this new
User Dictionary entry, enter the existing user.
Lookup: MIS User Dictionary
To manually enter information for the new user, press
to return to the Enter/Edit Users screen.
Copy Distribution Groups?
To include the distribution groups to which this user
belongs in the information copied to the new User
Dictionary entry, enter Y. Otherwise, enter N.
Application Menus Screen (2.1.2) Page 28
2.1.2: Application Menus Screen
Use the Application Menus screen of the MIS User Dictionary to define the
application databases (that is, modules) to which this user has access. For
each application database you list on this screen, you define this user's
initial screen. This screen can be a menu or procedure and appears after the
user signs onto the module.
Some users may be authorized access to all routines in a module. However, most
users are restricted to only those routines that pertain to their job. To limit
this user's access to a specific routine, enter P at the M/P prompt.
For this user, this screen allows you to define:
* application databases to which this user has access
* routines in a module to which this user cannot sign onto, but the user has
access to the routines via a custom menu
* the main menu or procedure (routine) that appears after the user signs onto
the module (accesses the application database)
* the menu or procedure that this user can access for each application
database when the user presses the MAGIC Key
* the Abstract Tape Service and Tape Code if this user accesses the Case
Mix/Abstracting Option
* the facilities to which this user has access for facility-sensitive
application databases (for example, Admissions, Medical Records, Laboratory,
and Nursing)
* the facilities in which this user cannot access MRI patient visit data
Note: For modules designed for the new user interface supplied by Workstation
4.N (for example, POE, EDM, and RXM), you can enter DESKTOP at the Style
prompt. This response overrides the response at the Default Menu Style prompt
(top of this screen) and allows the user to access desktops and cascading
menus.
Granting This User Access to an Entire Module
Some users require access to an entire module (that is, all routines available
in that specific module). However, most users are allowed access to only those
routines that pertain to their job by assigning them a custom menu.
To allow this user access to an entire module, enter the application database
at the Appl DB prompt, and the menu at the Menu or Procedure prompt. If
applicable, enter the menu at the MAGIC Key Menu or Procedure prompt.
Application Menus Screen (2.1.2) Page 29
Granting This User Limited Access to a Routine in Another Module
For some users, you want to limit a user's access to a particular routine or
menu, but prevent that user from signing onto the module. In this case, you can
enter the routine or menu on a custom menu and allow the user access to that
custom menu.
For example, a user has access to a custom Case Mix/Abstracting Menu that
includes the List Incomplete Records Routine from the Medical Records Module
(MRI). Allowing this user access to this report routine, the user can print a
report of incomplete records without signing onto the standard MRI Module.
To allow the user access to an application database only so that its routines
or menus can be added to the user's custom menu, enter the application database
at the Appl DB prompt and enter an asterisk (*) at the Menu or Procedure
prompt.
For example, to give a user access to a routine from the Medical Records
Module, enter MRI application database at the Appl DB prompt and * at the Menu
or Procedure prompt.
Note: To create custom menus via MEDITECH's Menu Customization Feature, see the
Custom Menus chapter.
Application Menus Screen (2.1.2) Page 30
+--------------------------------------------------------------------------------------------+
| Enter/Edit Users - Application Menus |
|============================================================================================|
|Mnemonic: Name: Default Menu Style |
| |
|Appl DB Type M/P Menu or Procedure/MAGIC Key Menu or Procedure Style |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|Default MAGIC Key Menu Style |
| |
| |
| |
|ABS Tape Svc ABS Tape Code |
| |
| |
| |
|ADM/MRI Facilities Restrict from MRI facility visits |
| |
| |
+--------------------------------------------------------------------------------------------+
Default Menu
Enter one of the following styles as the default menu
style for this user:
* DESKTOP
* NUMERIC
Application Database
Enter the mnemonic of each application database
to which you want this user to have access.
Lookup: MIS Application Database Dictionary
When you enter a valid database mnemonic, the database's
type automatically appears in the TYPE field for
reference purposes.
-- Authorizing Users of the OS Utilities Main Menu --
Application Menus Screen (2.1.2) Page 31
If you want to allow users to access the MAGIC
Operating System's Utilities Main Menu, MEDITECH
staff will enter EXT.OPS as an external application.
Next, you would authorize users for this menu by
entering EXT.OPS at this prompt, and MENU at the menu
name prompt.
Note that if security is enabled for the OS Utilities,
the user must enter a separate, OS utilities password to
access the menu.
Note: This prompt references the term application
database.
Your MEDITECH system can have one or more application
databases per module. If your system has more than one
database, these databases are distinguished from each
other via customer-defined mnemonics set up during
installaion.
For example, your organization may have three B/AR
databases, named BAR.ABC, BAR.MNO, and BAR.XYZ.
TYPE The operating system type appears for reference:
* $T
* NPR
* OTHE (for Other)
M/P
The response at the M/P prompt controls whether this
user accesses a menu or procedure (routine) immediately
after signing onto the application database.
If the user accesses Enter
-------------------- -----
Menu M
Procedure P
After responding to the M/P prompt, enter the menu or
procedure name at the Menu or Procedure prompt.
If you entered M at this prompt, the Lookup for the next
prompt displays a list of menus for the application
database (Appl DB prompt). Likewise, if you entered
Application Menus Screen (2.1.2) Page 32
a P at this prompt, the Lookup for the next prompt
displays a list of procedures for the application
database.
After the user signs onto the module, the menu or
procedure (entered at the Menu or Procedure prompt)
appears as the default sign-on screen.
Menu or Procedure
Identify the menu or procedure name that the user
initially accesses (the default screen) after signing
onto the module.
Lookup: List of menus or procedures (dependent on the
response you entered at the M/P prompt) available for
the application database entered at the Appl DB prompt.
If you entered M at the M/P prompt, you identify a menu
at this prompt. Likewise, if you entered a P at the M/P
prompt, you identify a procedure at this prompt.
For example, if you identify the menu main.menu, the
standard main menu for the module appears after the user
signs into the ABS.LIVE application database. However,
if you identify the procedure ABS.PAT.process, the
Process a Patient Abstract screen appears.
-- Access to Other Modules' Menus and Routines --
To prevent the user from directly signing onto the NPR
Module, but allow the user access to the Module's
routines and menu from another module's custom menu,
enter an asterisk (*) at this prompt.
Note that MEDITECH creates a set of standard menus for
each module. You can create custom menus in the NPR
Module (custom menus begin with the prefix "zcus").
For example, if someone in the billing department needs
access to the Case Mix/Abstracting Option via the B/AR
main.menu, perform these steps.
1) Create a custom menu that is in the B/AR module (for
example, BAR.zcus.abs.menu).
2) On the custom menu (BAR.zcus.abs.menu), enter the
choice ABS.main.menu.
3) In the MIS User Dictionary at the MAGIC Key Menu or
Application Menus Screen (2.1.2) Page 33
Procedure prompt, enter BAR.zcus.abs.menu for the
B/AR application database.
4) For the Case Mix/Abstracting (ABS) module, enter * at
the Menu or Procedure prompt.
Style
Enter one of the following menu styles to which you want
this user to have access within the specified
application database:
* DESKTOP
* NUMERIC
Note: For modules that make use of the new user
interface supplied by Workstation 4.N (for example, POE,
EDM, and RXM), enter DESKTOP to override the response
entered at the Default Menu Style prompt (top of this
screen).
M/P (MAGIC Key)
The response at the M/P prompt controls whether this
user accesses a menu or procedure (routine) while signed
onto the application database.
If the user accesses Enter
-------------------- -----
Menu M
Procedure P
After responding to the M/P prompt, enter the menu or
procedure name at the MAGIC Key Menu or Procedure
prompt.
If you entered M at this prompt, the Lookup for the next
prompt displays a list of menus for the application
database (Appl DB prompt). Likewise, if you entered a P
at this prompt, the Lookup for the next prompt displays
a list of procedures for the application database.
When the user presses the MAGIC Key, the menu or
procedure (entered at the MAGIC Key Menu or Procedure
prompt) appears.
MAGIC Key Menu or Procedure
Identify the menu or procedure name that the user has
Application Menus Screen (2.1.2) Page 34
access to when the user presses the MAGIC key.
Lookup: List of menus or procedures (dependent on the
response you entered in the M/P prompt) available for
the application database entered at the Appl DB prompt.
If you entered M at the M/P prompt, you identify a menu.
Likewise, if you entered a P at the M/P prompt, you
identify a procedure.
For example, if you identify the menu main.menu, the
standard main menu for the module appears when the user
presses the MAGIC Key while signed into the ABS.LIVE
application database. However, if you identify the
procedure ABS.PAT.process, the Process a Patient
Abstract screen appears.
-- Access to Other Applications' Menus and Routines --
To prevent the user from directly accessing NPR Module's
menu or routine via the MAGIC Key, but allow the user
access to the Module's routines and menu from another
module's custom menu, enter an asterisk (*) at this
prompt.
Note that MEDITECH creates a set of standard menus for
each module. You can create custom menus in the NPR
Module (custom menus begin with the prefix "zcus").
For example, if someone in the billing department needs
access to the Case Mix/Abstracting Option via the B/AR
MAGIC Key Menu, perform these steps.
1) Create a custom menu that is in the B/AR module (for
example, BAR.zcus.abs.menu).
2) On the custom menu (BAR.zcus.abs.menu), enter the
choice ABS.main.menu.
3) In the MIS User Dictionary at the MAGIC Key Menu or
Procedure prompt, enter BAR.zcus.abs.menu for the
B/AR application database.
4) For the Case Mix/Abstracting (ABS) module, enter * at
the MAGIC Key Menu or Procedure prompt.
Dft Magic Key Menu
Identify the menu that the system assigns as this user's
default MAGIC Key Menu. Whenever the user presses the
Application Menus Screen (2.1.2) Page 35
MAGIC Key in a module, this menu appears.
Lookup: MIS menus (standard and custom)
Style Enter either "Numeric" or "Desktop" as the Style.
The Default Magic Menu must be created as either Numeric or
Desktop within Customer NPR. If the menu does not match the
defined Style, an error message displays.
ABS Tape Svc
Enter the mnemonic for the abstract tape service (if
applicable).
The Abstract Tape Service Dictionary defines this
default abstract tape service that automatically appears
in this field. To keep this response, press .
To enter another mnemonic, delete the default response
and enter the mnemonic that corresponds to the abstract
tape service for this user.
Lookup: MIS Tape Service Dictionary
Note: Only response to this prompt if this user has
access to the Case Mix/Abstracting application database.
If this user does not have access to that application
database, leave this field blank.
ABS TAPE CODE Enter the appropriate abstract tape code (as
established by the tape agency) for this dictionary
entry. This is a required field if you entered an
abstract tape service at the previous prompt. If the
user is not authorized to access the Case
Mix/Abstracting Option, skip this prompt.
NOTE: For US hospitals, you can enter up to 8
characters. For Canadian hospitals, enter 1
character.
Adm/Mri Facilities
Enter the mnemonics of the facilities to which you
want the user to have access. Facility mnemonics are
defined for your system by MEDITECH.
Lookup: MIS Facility Dictionary
Application Menus Screen (2.1.2) Page 36
If only one facility is entered here, the user signs on
directly to that facility when accessing one of the
multiple-facility applications (ADM, LAB, MRI, NUR, OE,
PHA).
Users with access to more than one facility are prompted
to select a facility at sign-on.
Note: The cursor only stops at this prompt if you
entered an application (at the APPL DB prompt) that
allows for multiple facilities. If the routine brings
you to this prompt, you must enter the mnemonic of at
least one facility.
Restrict from MRI facility visits
To prevent the user from accessing