Magic-MEDITECH Information System Application (MIS)-Users and Password Management-Version-01!10!2013-Release 5.66

Magic MEDITECH Information System Application (MIS)

Users and Password Management

Version: January 10, 2013

Release 5.66

MEDITECH

Copyright by Medical Information Technology, Inc.

MEDITECH Circle, Westwood, MA 02090

781-821-3000

This information is proprietary and should be treated accordingly.

Users and Password Management TABLE OF CONTENTS

1 Passwords and Security Management........................................1

1.1 Managing Terminals...................................................9

2 Overview of User Dictionary and Access Routines.........................12

2.1 Enter/Edit User Dictionary..........................................13

2.1.1 Initialize User from Another User.................................27

2.1.2 Application Menus Screen..........................................28

2.1.3 Clinical Information Screen.......................................37

2.1.4 Clinical Information Provider Screen..............................47

2.1.5 MAGIC Office Screen...............................................51

2.1.6 Report Writer/Financial Data Access Screen........................61

2.1.7 System Sign-on Data Screen........................................68

2.2 List by Security Group..............................................69

2.3 Enter/Edit User Colors..............................................71

2.4 Enter/Edit Clinical Preferences.....................................77

2.5 Print Audit Trail...................................................81

2.6 Copy Access Dictionaries............................................83

2.7 Update Database Access..............................................85

3 Overview of User Password and Other Maintanence Routines................88

3.1 Change Expiration Dates.............................................90

3.2 Reset `Old' Passwords...............................................93

3.3 Assign One Time User Password.......................................94

3.4 List Changes By User................................................96

3.5 List Changes by Device..............................................98

3.6 List Changes by Time...............................................100

3.7 Auto-Expire Report.................................................102

3.8 Print Activity Log By User.........................................104

3.9 Print Activity Log by Device.......................................107

3.10 Print Activity Logs by Time........................................110

3.11 Print Patient Audit................................................113

3.12 Print Client Temp Audit............................................114

3.13 Download Client Temp Audit.........................................118

3.14 Print Archived Patient Audit.......................................119

3.15 Security Group Dictionary..........................................120

3.16 User Location Dictionary...........................................123

4 Distribution Groups Dictionary: Overview..............................128

4.1 Enter/Edit Distribution Groups Dictionary..........................131

4.2 List Distribution Groups Dictionary................................137

4.3 Change User Responsibility.........................................140

4.4 Copy Distribution Groups...........................................142

4.5 Delete Distribution Groups.........................................144

4.6 List User's Distribution Groups....................................145

4.7 List Responsible User's Distribution Groups........................146

4.8 Enter/Edit Group Subscription Routine..............................147

5 Overview of Electronic Signature.......................................148

5.1 Enable/Disable Electronic Signature................................151

5.2 List Electronic Signature Log......................................152

5.3 Enter/Edit Electronic Signature Alternates.........................154

5.4 Alternate Electronic Signature Signees Report......................155

5.5 List Electronic Signature Alternates Log...........................156

6 Dictionary Audit Trail and Miscellaneous Routines Overview.............158

6.1 Print Dictionary Audit Trail.......................................160

6.2 Print Encryption Setting Audit Trail...............................163

6.3 List Reporting Hierarchy...........................................164

6.4 List Organization..................................................165

6.5 Transfer MAGIC Office Files........................................166

6.6 Transfer Status Routine............................................168

6.7 Dictionary Mass Edit...............................................169

6.8 Dictionary Quick Edit..............................................170

6.9 Print Workstation Audit Log........................................172

6.10 Purge Workstation Version Audit of Old Devices.....................173

6.11 Initialize Workstation Version Audit Routine.......................174

INDEX....................................................................175

Passwords and Security Management (1) Page 1

Chapter 1: Passwords and Security Management

Use the Security page of the MEDITECH Information System (MIS) parameters to

define the way your health care organization defines user passwords. To define

the parameters that best suit the needs of your organization, contact your

MEDITECH MIS Applications Specialist.

Your organization can use a Single Key or Double Key password signon system. In

a Single Key signon system, each user is assigned a unique password. In a

Double Key system, each user is assigned a unique User ID and a password.

Passwords in Double Key systems need not be unique.

You can also use the MIS User Dictionary to control the information and modules

to which you assign users access. For example, you may want to limit the access

of a specific user to the Billing/Accounts Receivable (B/AR) Module or to

routines that can alter patient records.

For more information, see the section titled "Overview of User Dictionary and

Access Routines."

The following table includes the MIS parameters and routines that your

organization uses to define pasword and security information.

To Define Use the MIS

----------------------- ---------------------------------------------------

Expiration dates Pw Change Interval (Days) parameter (Single Key

Systems only)

Expiration Date prompt in the User Dictionary

Change Expiration Dates Routine (available only if

you defined a value at the Pw Change Interval

(Days) parameter)

Note: The value you enter at the Pw Change Interval

(Days) parameter overrides the value you enter via

the Expiration Date prompt or the Change Expiration

Dates Routine.

System-generated New Passwords Specified By parameter (Enter

passwords SYSTEM)

User-defined passwords New Passwords Specified By parameter (Enter USER)

A minimum Password Minimum Length parameter

password length

A password format Password Format parameter

Whether users can Extensions? prompt in the User Dictionary


obtain new passwords

upon expiration

When original Pw Re-Use Interval (Days) parameter

owners can re-use

expired passwords Reset 'Old' Passwords Routine

User ID format User Id Format parameter

Hidden or visible Echo User ID parameter

User ID text

during signon

The number of days after Auto-Expire Interval (Days) parameter

which passwords expire

if users do not sign

onto the system

Encrypted passwords Encrypt Passwords? parameter

(that is, passwords

stored internally in

coded format)

Hidden passwords that Hide Passwords? parameter

do not appear in

the MIS User Dictionary

Automatic password Expire On Failed Sign On? parameter

expiration after three

consecutive, failed

signon attempts

A one-time Assign One Time Use Password Routine

user password (Available on custom menus only)

Defining Parameters for Double Key Systems

In Double Key systems, all User IDs must be unique, but user passwords need not

be. With the exception of the Password Re-Use Interval parameter, all password

expiration routines and parameters function as they do with Single Key systems.

For organizations that use double key systems, the Password Re-Use Interval

parameter is unnecessary and inaccessible.

Defining the User ID Format (Double Key Systems only)

In Double Key systems, the mnemonic of each user appears as the default

response in the User ID field during signon. Each user at your organization is

assigned a unique User ID. To define an alphanumeric format for User IDs, enter

a value at the User ID Format parameter.


The value you enter at the User ID Format parameter affects edits to future

User IDs only (that is, current User IDs are still valid). If you leave this

parameter blank, User IDs can include any combination of zero to 10

alphanumeric characters.

Password Expiration

Password expiration is optional. You can assign expiration dates to some

passwords and not to others. When passwords expire, only currently authorized

users can access the system. For example, you might want to assign expiration

dates to all user passwords except for those of the president and data

processing manager.

The system calculates password expiration dates as follows:

Password expiration date = Password acquisition date + Value at the Pw

Change Interval parameter

Acquiring Passwords after Expiration

You might want to define password expiration dates for specific users only. For

example, you might want to allow regular, full-time employees to acquire new

passwords. However, you might want to prevent short-term or seasonal employees

from acquiring new passwords after their jobs are completed.

If you enter Y at the Extensions? prompt in the MIS User Dictionary, a user can

acquire a new password on or after his or her password expiration date. When

the password expiration date arrives, the user can access the system three

additional times. On the fourth sign on attempt, the system prompts the user to

acquire a new password.

If the user does not select a new password, he or she cannot access the

MEDITECH system. However, the user can obtain a new password in the future.

Also, an authorized user can edit the User Dictionary to assign the user a new

password at any time.

To prevent a user from acquiring a new password upon expiration, enter N at the

Extensions? prompt. When the password expiration date arrives, the user is

allowed access to the system three additional times before he or she is denied

access.

Defining Passwords that Automatically Expire

Use the Auto-Expire Interval parameter to define the number of days of user

inactivity (that is, users do not sign onto the system) after which users

passwords automatically expire.

After the password for a user expires, the value in the Extensions? field in

the MIS User Dictionary changes to X. The user cannot sign onto the system

without the intervention of an authorized user. When your organization assigns


the user a new password and expiration date, the value in the Extensions? field

returns to the previous value.

If you enter N in the Extensions? field, an active user who has not signed onto

the system can do so indefinitely. If the user signs on after his or her

password expires, a prompt appears that allows the user to select or receive a

new password.

Defining Passwords that Expire after Failed Signon Attempts

To define user passwords that expire after three consecutive failed sign on

attempts, enter Y at the Auto-Expire Interval. The keyboard locks for 60

seconds, the user password expires, and the value in the Extensions? field in

the MIS User Dictionary changes to X.

If you enter N, the keyboard locks for 60 seconds but the values in the

Password Expiration Date and Extensions? fields remains the same.

Reactivating Expired Passwords (Single Key systems only)

The MEDITECH system allows you to reactivate expired passwords.

You can use the PW Re-Use Interval parameter to reactivate a password for the

original user because he or she finds the password easy to remember.

In addition, you can use the Reset 'Old' Passwords Routine to reactivate and

recycle a password that expired on a specific date (for example, 2 years ago).

You can assign reactivated passwords to a new user.

Note: If you do not enter a value at the PW Re-Use Interval parameter, you

cannot reactivate expired passwords.

Assigning System-Generated vs. User-Defined Passwords

After password expiration, authorized users must be able to acquire new

passwords. You must select a password assignment method via the New Passwords

Specified By parameter. You can assign user-defined passwords or system-

generated password.

Assigning User-Defined Passwords

If your organization assigns user-defined passwords, the system asks each user

to enter a new password when the password expiration date arrives. Users must

adhere to the format and minimum length defined in the MIS parameters. In

addition, users can enter only acceptable characters (the 26 letters of the

alphabet and the digits zero to nine). For Single Key systems, passwords must

be unique.

For security, the characters do not appear when a user enters a new password.


In addition, the system requires the user to re-enter the new password. The

system allows the user to proceed only if the two entries match.

For information on how to reactivate expired passwords, see the section titled

"Re-using Old Passwords."

Assigning System-Generated Passwords

If your organization assigns system-generated passwords, the system asks the

new user to accept a new password when the password expiration date arrives. If

the user accepts the new password, the new password appears on the screen for a

few seconds only. The user must then enter the new password exactly as it

appeared.

If the user does not enter the password correctly, an error message appears,

and the password becomes unavailable. If your organization assigns system-

assigned passwords, you must enter a value at the MIS Password Format

parameter.

Defining Password Formats

Use the MIS Password Format parameter to define the format of user passwords.

Enter A for alphanumeric characters and N for digits only. For example, if you

enter AANN, passwords must include two alphabetical characters followed by two

digits (for example, PR65).

For user-defined passwords, you must enter a value at either the Password

Format or the Password Minimum Length parameters. If you define a minimum

length, users can enter a password of any format (providing it meets or exceeds

the password minimum length).

If your organization uses system-generated passwords, you must define a

password format. The system uses the format you define to randomly generate

passwords when current passwords expire.

Defining the Minimum Length of Passwords

The minimum password length you define depends on whether your organization

uses user-defined or system-generated passwords. For user-defined passwords,

you define the length at the Password Minimum Length parameter. For system-

generated passwords, the length of the value you enter at the Password Format

parameter defines the minimum length of the password.

MEDITECH recommends that you consider the following when you define the minimum

length of passwords at your organization.

* Number of users in your organization

* Employee turnover rate


* Password turnover rate (that is, how frequently users acquire new

passwords)

For example, a small health care organization might require a minimum password

length of only three characters. However, a large hospital that regularly

assigns new passwords might require a minimum password length of five

characters.

Note: In Single Key systems, you can use the Reset 'Old' Passwords Routine to

reset expired passwords. Expired passwords are then available for reassignment.

Listing Changes to Passwords

You can use the following routines to list changes made to passwords. The

following routines list password changes by user, time, or device.

To List Changes

According to the Use this Routine

------------------------ ------------------------------------

User who made the change Print Password Audit Trail By User

Date and time of change Print Password Audit Trail By Time

Device on which the Print Password Audit Trail By Device

user made the change

For more information, see the documentation for each routine.

Emulating Users

Use this routine to allow a specific user to sign onto the system as another

user. (This routine does not exist on a standard menu. You must add this

routine to a custom menu via DPM Z.emulate.user.)

For example, if User A emulates User B, User A sees the same information that

User B sees (for example, menus), but User A does not see User B's password.

User A enters either User B's mnemonic or name to emulate him or her.

To prevent emulation of a specific user at your organization, use the Restrict

Emulation prompt in the MIS User Dictionary. The system then prevents users at

all access levels from emulating that user.

Network authenticated sites that emulate users might compromise security.

Listing Emulation Activity

You can use the List Emulation routines to print emulation activity. (You must

place these routines on a custom menu.)

The List Users Who Were Emulated Routine (MIS.USER.list.emulated.users) lists


users who were emulated by a specific user. The List Users Who Emulated

Other Users (MIS.USER.list.emulating.users) Routine lists users who emulated

a specific user.

Note: User Activity Logs associate emulation activity with the emulated user.

You must cross-reference activity logs with the List Emulation reports to

discover which user actually performed the activity.

Encrypting Passwords

Use the Encrypt Passwords parameter to encrypt user passwords and stored

internally in a coded format. Neither users nor MEDITECH can decipher encrypted

passwords.

The Password field in the MIS User Dictionary displays only asterisks (*). The

field does not indicate the password length. If your organization encrypts

passwords, you must assign new passwords to users who forget their passwords.

Hiding Passwords

If you do not want to encrypt user passwords, but you want to hide them from

users who edit the MIS User Dictionary, enter Y at the Hide Passwords

parameter. The Password field in the MIS User Dictionary displays only

asterisks (*). If a user forgets his or her password, MEDITECH staff can

retrieve it internally.

If you enter N at both the Encrypt Passwords and Hide Passwords parameters,

users passwords appear in the Password field.

Echoing User IDs

Use this parameter to control whether the User ID prompt on the sign on screen

displays the characters the user enters during signon.

If you enter Y, each character the user types appears in the User ID field. If

you enter N, nothing appears in the field during signon.

Using Password Routines on Custom Menus

For Double Key systems, you can assign the Assign One Time Use Password

(Z.assign.pw) and Expire Own Password (MIS.USER.expire.own.pw) routines to

custom menus.

Assigning One Time Use Passwords

You can assign the Assign One Time Use Password Routine to a custom menu to

assign a new password to a user after his or her password expires.


When a use password expires, you can run this routine to assign a new password

that expires immediately after one entry. The user then selects or receives a

new password.

Note: When you enter a new user via the MIS User Dictionary, this routine runs

automatically when you enter a value at the Password prompt.

Allowing Users to Invalidate Their Own Passwords

You can assign the Expire Own Password Routine to a custom menu to allow users

to invalidate their passwords and obtain new ones. Your organization can use

this routine to allow users to control password expiration without providing

them access to the MIS User Dictionary.

To use this routine, a user must first enter his or her current password to

expire it. The next time the user signs onto the system, he or she can select

or receive a new password.

Note: A user can invalidate his or her own password via this routine only.

Managing Terminals (1.1) Page 9

1.1: Managing Terminals

In addition to controlling access to MEDITECH applications in the User

Dictionary, you can also control access at specific terminals. Terminals can

be restricted at a variety of levels. For example, you can restrict a

terminal used to admit patients to the Admissions application. You might

restrict the terminals you use for training to a test directory.

Because the user and the terminal being used can have different restrictions,

the most restrictive case always applies. For example, even though a

terminal allows unrestricted access, the user is still restricted to the

applications authorized in the MIS User Dictionary. Remember that access to

applications is directory and password-specific, dependent on the MIS User

Dictionary.

Entering Terminal Restrictions

You can restrict access at a specific terminal through routines on the

Operating Systems Utilities Main Menu. At this menu:

1) Select the System Management Menu.

2) Select the Enter/Edit Devices Routine.

Note: For more information about this routine, see the section titled

"Enter/Edit Devices" in the MAGIC Operating System Utilities manual.

On the Enter/Edit Devices screen, the level of restriction you want to apply to

a device determines your responses to the following three prompts:

* Segment?

* Directory?

* Program?

If you leave these three prompts blank, the terminal is not restricted; each

user must identify the desired segment, directory and program when signing on.

Users are limited only by restrictions set up in the User Dictionary.

However, using the above prompts you can restrict a terminal to:

* multiple directories (test and live)

* a single directory (test or live)


* a single MIS

* a single application

* a single application database

To restrict a terminal, you first enter the appropriate segment and directory.

You can then enter one of the following programs:

* Z.sign.on - to restrict a terminal to a single MIS directory (TEST.MIS

or LIVE.MIS directory)

* MIS.signon - to allow access to both directories

Restricting a Terminal to a Single Directory

To restrict a terminal to a single directory, you first enter the appropriate

segment and directory. You then enter Z.sign.on at the Program?

prompt.

For example:

Segment? A

Directory? TEST.MIS (restricts the terminal to the test directory)

Program? Z.sign.on

The above responses restricts the selected terminal to the test directory. A

user signing on to the terminal can still choose the appropriate application.

Adding Further Restrictions

You can further restrict a terminal by following the Z.sign.on program with

the following:

* an MIS database (if the directory supports more than one MIS database).

If a directory supports only one MIS database, enter nil ("").

* an application or an application database mnemonic. If you enter an MIS

database argument, you must enter a second argument.

You can use the above arguments in one of the following ways:

To restrict a terminal to an application (for example, the PP application

database) with only one facility, you would enter the following at the


Program? prompt:

Z.sign.on("","application database.billing mnemonic")

For example:

Z.sign.on("","PP.CBM")

To restrict a terminal to an application with multiple facilities, you would

enter:

Z.sign.on("","application database")

For example:

Z.sign.on("","PP")

To restrict a terminal to a single application database with multiple

facilities, you would enter:

Z.sign.on("","application database")

For example:

Z.sign.on("","PP.FAC")

Note: The MIS database (if more than one) appears as the first argument.

quotes. The application (or application database) to which the terminal

is restricted appears in the second argument.

Allowing Access to Both Test and Live Directories

Terminals that require access to both TEST.MIS and LIVE.MIS directories can be

controlled via the MIS.signon program. For example:

Segment? A

Directory? TEST.MIS or LIVE.MIS

Program? MIS.signon

Users who sign on to the terminal can select the directory.

Overview of User Dictionary and Access Routines (2) Page 12

Chapter 2: Overview of User Dictionary and Access Routines

The following table describes the tasks and routines associated with the User

Dictionary and access routines.

To Use

----------------------------------- -----------------------------------

Enter and edit user information User Dictionary

for your MEDITECH Information

System (MIS).

List user information. List User Dictionary

Print a report of security List Users By Security Group Routine

group member's information except

for User ID and password.

Change a user's screen colors for Enter/Edit Colors Routine

all modules.

Print a report of changes made to Print User Audit Trail Routine

User Dictionary entries.

Copy Access Dictionary information Copy Access Dictionaries

from one user to another.

Add or delete access to an Update Database Access Routine

application database, menu,

and MAGIC Key Menu for

one or more security groups

and/or individual users.

Enter/Edit User Dictionary (2.1) Page 13

2.1: Enter/Edit User Dictionary

Use the MIS User Dictionary to enter and edit user information for your

MEDITECH Information System (MIS). Since your MEDITECH system may consist of

several modules, the data stored in this dictionary affects the entire system

and the users' ability to access this system.

Note: This dictionary controls access privileges of users. Because you can

grant and/or deny user access to your MEDITECH system, access to this

dictionary should be limited to a small number of users.

General MIS User Dictionary Screen

This screen allows you to specify for each user

* mnemonic, active status, full name, monogram for identification on narrow

reports, alias for identification if the user has changed names

* mnemonic and name of supervisor, and whether the user is a supervisor and,

if so, the mnemonic of a distribution group consisting of employees who are

supervised by this user

* office location and/or phone number or extension

* whether the user is able to fax and send remote mail to recipients

* user identification, password, password expiration date, and whether to

allow this user a new password when the current password expires

* whether the system allows other users to emulate this user

* the maximum number of simultaneous sign-on sessions the system allows this

user

* security level that the system allows this user (for example, OWN)

* automatic application database Lookup at sign on

* whether this user can access the Dictionary Mass Edit and Dictionary Quick

Edit routines and if so, which dictionary that they can access using those

routines

* number of entries to display on Lookup screens (system default appears to

the right)

* security groups to which this user is either a member or authorized to edit

a member's MIS User Dictionary entry

* distribution groups that include this user

* license plate identification and state to which the automobile is registered


Changing a User's Name (Aliases)

If a user marries and changes his or her name, update the Name prompt and

enter the user's old name at the Alias prompt. These prompts allow you to

identify this user using either the new or original name while maintaining up-

to-date information for this user.

Users who have been assigned aliases may be identified by either name in any

routine that allows you to enter a user's name. If you enter the alias, the

new name appears and is marked with an asterisk ("*") as a reminder that the

user's name has changed. If you enter the new name, however, there is no

indication that the user has an alias.

Parameter-Defined Labels

The wording of three of the prompts on this screen is defined in your MIS

Parameters. Therefore, the following three prompts may not have the same names

in your system as in this documentation:

* Supervisor

* Is User A Supervisor?

* Office

Regardless of the labels, the purposes of each of these prompts are the same.

Passwords

Each user must be assigned a password. If your health care organization is set

up as Double Key, User IDs are also required. For more information, see the

section titled "Passwords and Security Management."

Displaying Application Databases on Lookup Screens During the Sign-on

Process

The system can automatically display a Lookup of the user's authorized

application databases after the user enters his or her password. Then, the user

needs only to enter the number that corresponds to the application database

that they want to access.

To set up this feature, enter Y at the AUTO SIGN-ON Lookup? prompt on General

screen of the User Dictionary. This Lookup only displays the application

databases that this user access on the Applications Menu screen of the MIS User

Dictionary.

NOTE: If the user is only authorized to access one application database,

no Lookup appears. Instead, that module starts immediately after


the user enters their password.

+--------------------------------------------------------------------------------------------+

| Enter/Edit Users |

|============================================================================================|

|Mnemonic Last Edited by on |

| |

|Active? |

|Name Monogram s |

| |

|Supervisor |

|Is User a Supervisor ibution Group |

|Location Phone Fax Access |

| |

|Domain Network Username NT Authentication Enabled |

| |

| |

| |

|User ID Restrict Emulation Logons Allowed |

|Password Expiration Date Extensions? |

| |

|Security Level Allow User Dictionary Mass/Quick E onaries |

| |

|Auto Sign-On Lookup? |

|# Lookup Entries tem Default |

| |

|User Security Groups Edit? Distribution Groups License State |

| |

| |

+--------------------------------------------------------------------------------------------+

Mnemonic

Enter a unique mnemonic code to identify the entry you

want to create or edit.

Lookup: Entries in this dictionary

To view active entries only, press .

To view active and inactive entries, type /B and press

.

Partial Lookups are available. For example, to display

a Lookup of active and inactive dictionary entries whose

mnemonics begin with G, type G/B and press .

-- Entering an Existing Mnemonic --

If you enter an existing mnemonic, the system displays


all previously entered information for the dictionary

entry. You can then edit this dictionary entry.

-- Entering a New Mnemonic --

If you enter a new mnemonic, a prompt appears asking if

you want to create a new entry. If you create a new

entry, you can then enter the dictionary information at

the prompts. If you do not create a new entry, the

Mnemonic prompt clears and you can enter a different

mnemonic.

Active

If you want this entry to be active, enter Y.

Active entries are eligible responses at prompts that

refer to this dictionary. Users identify an active entry

by typing its mnemonic or by using the Lookup.

If you want this entry to be inactive, enter N.

Inactive entries can be viewed in enter/edit

dictionaries and listed in some list dictionaries.

Name

Enter a name for the entry. This name can

appear in Lookups and on reports to further

define this dictionary entry.

Monogram

On certain reports and printouts generated by MEDITECH

applications, the 10 characters allowed for the user's

mnemonic will not fit. To solve this problem, you

assign each user a short (maximum of three characters)

identifier at this prompt, which identifies the user on

narrow or crowded reports and screens.

The monogram can consist of any combination of letters,

numbers and punctuation. Unlike mnemonics, monograms

need not be unique.

Alias

Enter an optional additional name for the selected user,

using the LASTNAME,FIRSTNAME REST format and up to 20

characters of free text. Users can use either this or

the name defined at the NAME prompt to identify a user.


This feature is especially useful if employees marry and

you want to allow other users to identify them by their

former names. Enter the new name at the NAME

prompt, and the former name at the ALIAS prompt.

Supervisor

Enter the mnemonic of the supervisor of the selected

user. The supervisor's name appears to the right.

Lookup: MIS User Dictionary

This prompt allows you to set up an employee hierarchy

and create distribution groups that consist of the

employees who are supervised by the same supervisor.

Note: The wording of the prompt is defined in your

MIS Parameters. Therefore, this prompt may be called

something other than SUPERVISOR. Regardless of the

label, the purpose of this prompt is the same.

Is User A Supervisor?

If the selected user is a supervisor, enter Y;

otherwise, enter N.

If you enter Y at this prompt, you can specify a

Distribution Group that will consist of all users

who are subsequently assigned to the selected

supervisor.

If you enter N at this prompt, the routine skips the

Distribution Group prompt.



something other than Is User A Supervisor?. Regardless

of the label, the purpose of this prompt is the same.

Distribution Group

If Y appears at the Is User A Supervisor? prompt, the

cursor stops at this prompt.

To create a supervisor's distribution group, enter a

mnemonic at this prompt. This can be either the

mnemonic of an existing distribution group or the

mnemonic of a new distribution group


Lookup: MIS Distribution Group Dictionary

The distribution group whose mnemonic appears here will

consist of all users who are subsequently assigned

to the selected supervisor.

Location

Enter the mnemonic of the office location to which the

selected user is permanently assigned.

Lookup: MIS User Location Dictionary entries that are

permanent locations (see the Allow in User

Dictionary? prompt in the MIS User Location

Dictionary)



something other than OFFICE. Regardless of the label,

the purpose of this prompt is the same.

Phone

Enter the phone number or phone extension of the user,

using up to 18 characters of free text.

Fax Access

When a user tries to send a FAX, the access level

defined in the User Dictionary will be checked. The

defined level determines whether or not the user is

allowed to send faxes and the types of recipients that

can be entered if the user is given access to the faxing

feature.

The values which can be entered for this field are:

NONE The user has no fax access. If the user enters

FAX or a fax type spool group at any Print on

prompt, a message appears indicating that the user

cannot use the faxing feature.

DICT The user is allowed to send faxes to FAX

recipients which reside in the following

dictionaries:

* Fax Recipient Dictionary

* Fax Recipient Group Dictionary

* Insurance Dictionary

* Outside Location Dictionary


* Provider Dictionary

* Vendor Dictionary

ALL The user is allowed to send faxes to free text

recipients as well as recipients in the following

dictionaries:

* Fax Recipient Dictionary

* Fax Recipient Group Dictionary

* Insurance Dictionary

* Outside Location Dictionary

* Provider Dictionary

* Vendor Dictionary

NT User Name

The value you entered at the Mnemonic prompt appears in

upper case characters as the default response.

You can edit this value for new users only. Enter the

User Name defined in the network operating system.

Users who log onto the system via the network operating

system enter the network User Name entered during the

log-on process.

Note: This prompt appears only if your health care

organization is converting to or has completed a

conversion to network user authentication.

Restrict Emulation

To prevent all other users from emulating this user,

enter Y.

To allow all other users (with access to the Emulate

User Routine) to emulate this user, enter N or leave

this field blank.

Logons Allowed

Enter the maximum number of devices (that is, terminals

or PCs) from which you want to allow this user to log

onto the MEDITECH system simultaneously.

For example, to allow this user to log onto a maximum

of two devices simultaneously, enter 2. This user can

then log onto the MEDITECH system from two terminals or

PCs at the same time.


If you enter 2, the system does not allow the user to

log onto a third device. If this user logs onto the

system from a third terminal or PC, a warning message

appears.

To allow this user to log onto only one device, enter

1. If you leave this field blank, this user can log

onto as many devices as he or she wants.

Password

Use free text to enter the password you want this user

to enter to log onto the MEDITECH system.

If your organization uses network operating system

passwords to authenticate users, you cannot enter a

value.

-- System-Generated Passwords --

System-generated passwords automatically appear here.

The system automatically generates passwords that

conform to the MEDITECH-defined format.

To edit a system-assigned password, delete it and enter

N. The system generates and displays a new password

here.

-- User-Defined Passwords --

Enter up to 20 alphanumeric characters (exclude spaces

and special characters). A user-defined password must be

different from the user mnemonic.

If you enter a password that is assigned to another

user, you must enter a different password.

Note: MEDITECH defines whether passwords are system-

generated or user-defined. MEDITECH also defines the

format for system-defined passwords and the minimum

number of characters for user-defined passwords.

Expiration Date

If a date appears here, it indicates when this user will

have to obtain a new password or be prevented from

signing on (see the Extensions? prompt).


--How This Date is Calculated--

If a value has been entered into the MIS PASSWORD

CHANGE INTERVAL parameter, an expiration date appears

here when the user is initially entered into the User

Dictionary, and later whenever the user's password is

changed. The date is calculated as follows:

Date password Password Change Interval Expiration

entered/changed + (from) MIS Parameters = date

For example, if a user is entered into the User

Dictionary on April 1, and the password change interval

is set to 30 days, the expiration date would be May 1.

If the user obtains a new password, a new expiration

date is set again by adding the number of days in the

change interval to the date on which the password is

assigned.

--Editing This Date--

Note that authorized users can edit the expiration date

on this screen and in the Change Expiration Dates

Routine.

If you never want this user's password to expire,

simply delete any expiration date that appears here.

Extensions?

To allow the system to assign a new password to this

user when his or her password expires, enter Y.

To prevent the system from assigning a new password to

this user, enter N.

Note: You can access this prompt only if MEDITECH

defined the number of days for which passwords are

valid. For example, if passwords are valid for 30 days,

this user must change his or her password on the 31st

day.

For more information, see the section titled "Password

and Security Management."

Security Level

Enter the first letter of one of the following security


levels for this user. The security level controls the

extent to which this user can enter or change other

users' information in the MIS User Dictionary.

Security level Description

-------------- -------------------------------------

NONE The user cannot access information in

the User Dictionary.

OWN The user can only change his or her

own information in the User

Dictionary.

GROUP The user can change information for

all other users in groups to which he

or she has edit capabilities. These

groups are defined at the User

Security Group prompt; the edit

prompt associated with the security

group must be set to 'Y' to give the

user edit capabilities.

ALL The user can change information for

all users. Since a user with this

security level can change information

for all users, it is unnecessary to

assign this user to user groups to

provide edit capabilities.

RESTRICTED The user can change non-password

specific information for all users.

You can restrict access to user

dictionary screens via the Restricted

User Page Access E/E screen.

On this screen, you can grant this

user editing privileges to specific

MIS User Dictionary screens. To allow

this user to edit the screen, enter Y

in the Edit? prompt next to the

screen name.

To prevent this user from editing or

viewing a screen, enter N at the

Edit? prompt.

If the Edit? prompt is set to 'N' for

the General Information screen, this

screen appears when the user accesses


the User Dictionary. However after

the user enters a mnemonic, a screen

appears listing the screens to which

the user has access, or the one

screen to which the user has access

appears.

For routines that have a security

level restricted, a restricted user

has the same access of a user

assigned NONE.

A restricted user cannot edit or view

password information on the General

Information screen.

Note: Users cannot grant higher security levels to

themselves or other users. For example, a user with

security level of OWN cannot change their security level

to GROUP or ALL.

Only users with a security level of ALL can change

another user's security level to ALL.

Auto Sign-On Lookup?

If you want a Lookup of possible application databases

to appear for this user whenever he/she enters his/her

his password, enter Y; otherwise, enter N.

Users are assigned to application databases on Screen 2

of the User Dictionary.

Allow Dictionary Mass/Quick Edit?

To allow this user access to the Dictionary Mass Edit

and Dictionary Quick Edit routines, enter Y. The cursor

moves to the Dictionaries prompt. At the Dictionaries

prompt, you specify which dictionaries this user can

edit using the Dictionary Mass Edit and Dictionary Quick

Edit routines.

To deny this user access to these routines, enter N. The

cursor skips the Dictionaries prompt.

Dictionaries


The cursor stops here only if the prompt Allow

Dictionary Mass/Quick Edit? is set to Y.

Enter the DPM of any dictionary which this user is

authorized to edit via the Dictionary Mass Edit or

Dictionary Quick Edit routines. Enter ALL to

allow the user access to all dictionaries available for

the Mass/Quick Edit feature.

Lookup: Dictionary DPMs

NOTE: The dictionaries the user is able to edit

will always be restricted to the databases they've

been given access to within the User Dictionary.

Also, note that a user who is responsible for

editing the MIS User Dictionary DPM must have a

security level of ALL.

# Lookup Entries

Enter the number of items that you want to appear

on the Lookup screens when this user accesses the

Lookup function.

Note: For workstation 4.x, enter a number between 5 and

20. For earlier workstation versions, enter a number

between 5 and 23.

To allow the default number of items to appear on the

Lookup screens, leave this field blank. The default

number is defined by an MIS parameter and appears to the

right in the System Default field.

The Lookup function is available at various fields in

most MEDITECH applications. A Lookup screen is always

available at a field that references a dictionary. This

function provides a screen of responses from which

the user chooses. To access a Lookup from a field,

press .

User Security Groups

Enter the mnemonics of security groups of which this

user is either a member or is authorized to edit.

Security groups are defined in the Security Group

Dictionary.

Lookup: MIS Security Group Dictionary

Caution


The user responsible for editing MIS User Dictionary

information for a security group must be assigned one of

the following:

* a member of the security group with a Y in the

Edit? prompt

* have a security level of ALL

For example, a user responsible for assigning passwords

for the Pharmacy security group but for no other groups

must be a member of the Pharmacy security group and

granted edit privileges for the group (via the Edit?

prompt).

To authorize a user to edit all other users, grant this

user a security level of ALL.

By granting this user edit privileges (for some or all

security groups), you authorize them to:

* change User Dictionary information (except for

Security Level)

* complete the following password management routines

for the specified security groups

- Change Password Expiration Dates

- Change Secondary Passwords by Group

For more information, see the section titled "Security

Group Dictionary."

Edit?

To grant this user edit privileges for the user security

group, enter Y. This user is authorized to change the

MIS User Dictionary information for the group (listed at

the User Security Group prompt).

To deny this user edit privileges, enter N.

Notes: The cursor stops at this field only if your

security level is ALL (that is, the security level of

the user editing this dictionary - not the user whom you

are editing).

Also note that if your security level is GROUP, Y or N


automatically appears in the Edit? field. You cannot

change the response in the Edit? field

For more information, see the documentation of the

Security Level prompt.

Distribution Groups

At this prompt, all distribution groups to which this

user belongs appear.

To delete the user from a distribution group, move the

cursor to the group's mnemonic and delete it.

To add the user to a distribution group, press to

move to the bottom of the list and enter the mnemonic of

the distribution group.

Lookup: MIS Distribution Group Dictionary

License

Enter one or more license plate numbers for this user's

automobile. You can use a maximum of 10 characters of

free text.

If you enter a license plate number, the cursor advances

to the State prompt.

If you leave this prompt blank, the routine ignores the

State prompt.

State

Enter the two-letter abbreviation of the state in which

the automobile is registered.

If you leave the LICENSE prompt blank, the cursor

ignores this prompt.

Initialize User from Another User (2.1.1) Page 27

2.1.1: Initialize User from Another User

Use this routine to define a new entry in the MIS User Dictionary based on the

content of an existing entry.

After you select an existing user, the information for that user appears on the

Enter/Edit User Dictionary screen. You can then modify the information as

needed for the new user.

This screen appears when you create a new user in the Enter/Edit MIS User

Dictionary Routine, after you enter a mnemonic for the new user.

|===============================================================================|

|Initialize from User |

| |

|Copy Distribution Groups? |

+-------------------------------------------------------------------------------+

Initialize From User

To copy information from an existing user to this new

User Dictionary entry, enter the existing user.

Lookup: MIS User Dictionary

To manually enter information for the new user, press

to return to the Enter/Edit Users screen.

Copy Distribution Groups?

To include the distribution groups to which this user

belongs in the information copied to the new User

Dictionary entry, enter Y. Otherwise, enter N.

Application Menus Screen (2.1.2) Page 28

2.1.2: Application Menus Screen

Use the Application Menus screen of the MIS User Dictionary to define the

application databases (that is, modules) to which this user has access. For

each application database you list on this screen, you define this user's

initial screen. This screen can be a menu or procedure and appears after the

user signs onto the module.

Some users may be authorized access to all routines in a module. However, most

users are restricted to only those routines that pertain to their job. To limit

this user's access to a specific routine, enter P at the M/P prompt.

For this user, this screen allows you to define:

* application databases to which this user has access

* routines in a module to which this user cannot sign onto, but the user has

access to the routines via a custom menu

* the main menu or procedure (routine) that appears after the user signs onto

the module (accesses the application database)

* the menu or procedure that this user can access for each application

database when the user presses the MAGIC Key

* the Abstract Tape Service and Tape Code if this user accesses the Case

Mix/Abstracting Option

* the facilities to which this user has access for facility-sensitive

application databases (for example, Admissions, Medical Records, Laboratory,

and Nursing)

* the facilities in which this user cannot access MRI patient visit data

Note: For modules designed for the new user interface supplied by Workstation

4.N (for example, POE, EDM, and RXM), you can enter DESKTOP at the Style

prompt. This response overrides the response at the Default Menu Style prompt

(top of this screen) and allows the user to access desktops and cascading

menus.

Granting This User Access to an Entire Module

Some users require access to an entire module (that is, all routines available

in that specific module). However, most users are allowed access to only those

routines that pertain to their job by assigning them a custom menu.

To allow this user access to an entire module, enter the application database

at the Appl DB prompt, and the menu at the Menu or Procedure prompt. If

applicable, enter the menu at the MAGIC Key Menu or Procedure prompt.


Granting This User Limited Access to a Routine in Another Module

For some users, you want to limit a user's access to a particular routine or

menu, but prevent that user from signing onto the module. In this case, you can

enter the routine or menu on a custom menu and allow the user access to that

custom menu.

For example, a user has access to a custom Case Mix/Abstracting Menu that

includes the List Incomplete Records Routine from the Medical Records Module

(MRI). Allowing this user access to this report routine, the user can print a

report of incomplete records without signing onto the standard MRI Module.

To allow the user access to an application database only so that its routines

or menus can be added to the user's custom menu, enter the application database

at the Appl DB prompt and enter an asterisk (*) at the Menu or Procedure

prompt.

For example, to give a user access to a routine from the Medical Records

Module, enter MRI application database at the Appl DB prompt and * at the Menu

or Procedure prompt.

Note: To create custom menus via MEDITECH's Menu Customization Feature, see the

Custom Menus chapter.


+--------------------------------------------------------------------------------------------+

| Enter/Edit Users - Application Menus |

|============================================================================================|

|Mnemonic: Name: Default Menu Style |

| |

|Appl DB Type M/P Menu or Procedure/MAGIC Key Menu or Procedure Style |

| |

| |

| |

| |

| |

| |

| |

| |

| |

| |

| |

|Default MAGIC Key Menu Style |

| |

| |

| |

|ABS Tape Svc ABS Tape Code |

| |

| |

| |

|ADM/MRI Facilities Restrict from MRI facility visits |

| |

| |

+--------------------------------------------------------------------------------------------+

Default Menu

Enter one of the following styles as the default menu

style for this user:

* DESKTOP

* NUMERIC

Application Database

Enter the mnemonic of each application database

to which you want this user to have access.

Lookup: MIS Application Database Dictionary

When you enter a valid database mnemonic, the database's

type automatically appears in the TYPE field for

reference purposes.

-- Authorizing Users of the OS Utilities Main Menu --


If you want to allow users to access the MAGIC

Operating System's Utilities Main Menu, MEDITECH

staff will enter EXT.OPS as an external application.

Next, you would authorize users for this menu by

entering EXT.OPS at this prompt, and MENU at the menu

name prompt.

Note that if security is enabled for the OS Utilities,

the user must enter a separate, OS utilities password to

access the menu.

Note: This prompt references the term application

database.

Your MEDITECH system can have one or more application

databases per module. If your system has more than one

database, these databases are distinguished from each

other via customer-defined mnemonics set up during

installaion.

For example, your organization may have three B/AR

databases, named BAR.ABC, BAR.MNO, and BAR.XYZ.

TYPE The operating system type appears for reference:

* $T

* NPR

* OTHE (for Other)

M/P

The response at the M/P prompt controls whether this

user accesses a menu or procedure (routine) immediately

after signing onto the application database.

If the user accesses Enter

-------------------- -----

Menu M

Procedure P

After responding to the M/P prompt, enter the menu or

procedure name at the Menu or Procedure prompt.

If you entered M at this prompt, the Lookup for the next

prompt displays a list of menus for the application

database (Appl DB prompt). Likewise, if you entered


a P at this prompt, the Lookup for the next prompt

displays a list of procedures for the application

database.

After the user signs onto the module, the menu or

procedure (entered at the Menu or Procedure prompt)

appears as the default sign-on screen.

Menu or Procedure

Identify the menu or procedure name that the user

initially accesses (the default screen) after signing

onto the module.

Lookup: List of menus or procedures (dependent on the

response you entered at the M/P prompt) available for

the application database entered at the Appl DB prompt.

If you entered M at the M/P prompt, you identify a menu

at this prompt. Likewise, if you entered a P at the M/P

prompt, you identify a procedure at this prompt.

For example, if you identify the menu main.menu, the

standard main menu for the module appears after the user

signs into the ABS.LIVE application database. However,

if you identify the procedure ABS.PAT.process, the

Process a Patient Abstract screen appears.

-- Access to Other Modules' Menus and Routines --

To prevent the user from directly signing onto the NPR

Module, but allow the user access to the Module's

routines and menu from another module's custom menu,

enter an asterisk (*) at this prompt.

Note that MEDITECH creates a set of standard menus for

each module. You can create custom menus in the NPR

Module (custom menus begin with the prefix "zcus").

For example, if someone in the billing department needs

access to the Case Mix/Abstracting Option via the B/AR

main.menu, perform these steps.

1) Create a custom menu that is in the B/AR module (for

example, BAR.zcus.abs.menu).

2) On the custom menu (BAR.zcus.abs.menu), enter the

choice ABS.main.menu.

3) In the MIS User Dictionary at the MAGIC Key Menu or


Procedure prompt, enter BAR.zcus.abs.menu for the

B/AR application database.

4) For the Case Mix/Abstracting (ABS) module, enter * at

the Menu or Procedure prompt.

Style

Enter one of the following menu styles to which you want

this user to have access within the specified

application database:

* DESKTOP

* NUMERIC

Note: For modules that make use of the new user

interface supplied by Workstation 4.N (for example, POE,

EDM, and RXM), enter DESKTOP to override the response

entered at the Default Menu Style prompt (top of this

screen).

M/P (MAGIC Key)

The response at the M/P prompt controls whether this

user accesses a menu or procedure (routine) while signed

onto the application database.

If the user accesses Enter

-------------------- -----

Menu M

Procedure P

After responding to the M/P prompt, enter the menu or

procedure name at the MAGIC Key Menu or Procedure

prompt.

If you entered M at this prompt, the Lookup for the next

prompt displays a list of menus for the application

database (Appl DB prompt). Likewise, if you entered a P

at this prompt, the Lookup for the next prompt displays

a list of procedures for the application database.

When the user presses the MAGIC Key, the menu or

procedure (entered at the MAGIC Key Menu or Procedure

prompt) appears.

MAGIC Key Menu or Procedure

Identify the menu or procedure name that the user has


access to when the user presses the MAGIC key.

Lookup: List of menus or procedures (dependent on the

response you entered in the M/P prompt) available for

the application database entered at the Appl DB prompt.

If you entered M at the M/P prompt, you identify a menu.

Likewise, if you entered a P at the M/P prompt, you

identify a procedure.

For example, if you identify the menu main.menu, the

standard main menu for the module appears when the user

presses the MAGIC Key while signed into the ABS.LIVE

application database. However, if you identify the

procedure ABS.PAT.process, the Process a Patient

Abstract screen appears.

-- Access to Other Applications' Menus and Routines --

To prevent the user from directly accessing NPR Module's

menu or routine via the MAGIC Key, but allow the user

access to the Module's routines and menu from another

module's custom menu, enter an asterisk (*) at this

prompt.

Note that MEDITECH creates a set of standard menus for

each module. You can create custom menus in the NPR

Module (custom menus begin with the prefix "zcus").

For example, if someone in the billing department needs

access to the Case Mix/Abstracting Option via the B/AR

MAGIC Key Menu, perform these steps.

1) Create a custom menu that is in the B/AR module (for

example, BAR.zcus.abs.menu).

2) On the custom menu (BAR.zcus.abs.menu), enter the

choice ABS.main.menu.

3) In the MIS User Dictionary at the MAGIC Key Menu or

Procedure prompt, enter BAR.zcus.abs.menu for the

B/AR application database.

4) For the Case Mix/Abstracting (ABS) module, enter * at

the MAGIC Key Menu or Procedure prompt.

Dft Magic Key Menu

Identify the menu that the system assigns as this user's

default MAGIC Key Menu. Whenever the user presses the


MAGIC Key in a module, this menu appears.

Lookup: MIS menus (standard and custom)

Style Enter either "Numeric" or "Desktop" as the Style.

The Default Magic Menu must be created as either Numeric or

Desktop within Customer NPR. If the menu does not match the

defined Style, an error message displays.

ABS Tape Svc

Enter the mnemonic for the abstract tape service (if

applicable).

The Abstract Tape Service Dictionary defines this

default abstract tape service that automatically appears

in this field. To keep this response, press .

To enter another mnemonic, delete the default response

and enter the mnemonic that corresponds to the abstract

tape service for this user.

Lookup: MIS Tape Service Dictionary

Note: Only response to this prompt if this user has

access to the Case Mix/Abstracting application database.

If this user does not have access to that application

database, leave this field blank.

ABS TAPE CODE Enter the appropriate abstract tape code (as

established by the tape agency) for this dictionary

entry. This is a required field if you entered an

abstract tape service at the previous prompt. If the

user is not authorized to access the Case

Mix/Abstracting Option, skip this prompt.

NOTE: For US hospitals, you can enter up to 8

characters. For Canadian hospitals, enter 1

character.

Adm/Mri Facilities

Enter the mnemonics of the facilities to which you

want the user to have access. Facility mnemonics are

defined for your system by MEDITECH.

Lookup: MIS Facility Dictionary


If only one facility is entered here, the user signs on

directly to that facility when accessing one of the

multiple-facility applications (ADM, LAB, MRI, NUR, OE,

PHA).

Users with access to more than one facility are prompted

to select a facility at sign-on.

Note: The cursor only stops at this prompt if you

entered an application (at the APPL DB prompt) that

allows for multiple facilities. If the routine brings

you to this prompt, you must enter the mnemonic of at

least one facility.

Restrict from MRI facility visits

To prevent the user from accessing

Documents

Magic-MEDITECH Information System Application (MIS)-Users and Password Management-Version-01!10!2013-Release 5.66