Below are instructions on understanding the security tab, setup security on modules/tabs/actions, setup who can or cant access or complete an action, add or modify security groups, setup supergroups, setup aliases or remove a provider from alias's, setup password restrictions, set or change a password, Hide Patient Contact Information, VIP Mode, Security Recommendations and Restrict Modify Treatment & Treatment Plan to Creator/ Administrator.

Understanding the Security Tab

1. There are two ways to set user permissions: 
1. Group: Use this to apply the same settings to all users linked to the group, e.g. Dentists
2. Users: Use this to apply individual settings to users
   
   
2. Access is broken down by Modes/Actions, Functions and Reports:
1. Modes/Actions: These are all the modules/tabs within D4W/PSS/CMS
2. Modes Functions: When a Mode/Action is selected, if applicable, functions within that area will show
3. Modes Reports: When Reports is selected, all reports will show
   
   
3. There are three Security States to set against a Mode/Action/Function/Report:
1. Box with line: No Security set, all users can access/complete without entering a username and password
2. Tick: Password required, users within this group can access/complete
3. No Tick: Password required, users within this group cannot access/complete
   

Set Security on Modules/Tabs/Actions

The following instructions cover how to lock an area or action within D4W/PSS/CMS.

1. Go to Location Setup > Security tab
   
2. Record menu > Security Status / Click Security Status icon  
3. See the Legend for information on security options
4. Place security, per the Legend against relevant tabs / actions / features
5. Click OK to save and close
   

The below example shows that users must enter a username and password to enter the Providers tab. Furthermore, if the user is granted access to the Providers tab, he/she can only Modify Provider Surname/Firstname/Code if permitted also.

Set Security Permissions - who can / cannot access or complete an action

If unfamiliar with the options within the Security tab, please see Understanding the Security Tab section above first. 

Set Group Permissions

Default Groups exist within D4W/PSS, however more can be added (see Add / Modify Security Groups section below) 

1. Go to Location Setup > Security tab
2. Go to Groups sub-tab
1. Groups: Select the relevant Group
2. Modes/Actions: Place / Remove tick against relevant areas
3. Modes Functions: Place / Remove tick against relevant functions
4. Modes Reports: Place / Remove tick against relevant reports (for reports only)
   

Set User Permissions

All users - past and present - will be listed in the Users sub-tab. Only those with a key icon have permission to use the system. If the user is linked to a Group, those permissions carry over to this section. Further restrictions can then be applied here. 

1. Go to Location Setup > Security tab
2. Go to Users sub-tab
1. Users: Select the relevant User
2. Modes/Actions: Place / Remove tick against relevant areas
3. Modes Functions: Place / Remove tick against relevant functions
4. Modes Reports: Place / Remove tick against relevant reports (for reports only)
   

Set or Change a Password

Passwords must initially be set by an Administrator / someone with access to the Security tab, however can then be changed by the user without accessing Security. 

Set / Change Password in Security Tab

1. Go to Location Setup > Security tab > Users sub-tab
2. Double click on the relevant user 
1. User Name: Enter a user name (ignore if only changing password)
2. Access to System: Select Allowed
3. User Groups: Tick the group(s) the user should be linked to
4. Password
1. Enter the password
2. Click OK
5. Click OK
   

Change Password without Accessing Security Tab

Anywhere in D4W/PSS that asks for a username and password also provides the ability to modify the password without accessing Security. 

1. Enter Username
2. Enter Password
3. Click Modify
   
   
1. Enter new Password
2. Click OK     

Add / Modify Security Groups

Security Groups are used to bulk apply the same security permissions to all users linked to the group, for example, Dentists. 

1. Go to Location Setup > Security tab
2. Go to Groups sub-tab
3. Click Add icon 
1. Group Name: Enter name of group
2. Copy Rights from Group: Tick and select an existing group to copy permissions from
   
3. User of the Group: Tick users to link to group. Users can be linked to multiple groups
   

Set Password Restrictions - control password length, characters and history

Password Restrictions allows the practice the ability to control how long a password is and its security strength. 

1. Go to Location Setup > Security tab
2. Go to Record menu > Set Password Restriction...
3. Enable Password Restrictions: Tick to enable this feature
4. Minimum Password Length: Enter the minimum number
5. Enforce Password History: Enter the number of previously used passwords the user cannot use
6. Password must contain alphabetic and numeric values: Select Yes/No
7. Show Invalid Passwords: Click to see / print those who no longer meet the password requirements
   
   
8. Click OK
   

Please note by using an insecure password you are increasing the risk that your data may be accessed by malicious actors which could result in theft of your patients and/or practices information. This could be classified as a Data Breach which has implications under the Australian Notifiable Data Breach (NDB) Scheme as well as the EU General Data Protection Regulation (GDPR).

Centaur strongly advises the use of secure passwords in all areas of your business.

Setup Security SuperGroups

SuperGroup security provides the ability to control which reports and banking information is accessed by each staff member.

The practice owner may want to view all employees’ financial reports, but not allow those employees access to each other’s or his/her own financial information.

Before SuperGroups can be used, contact Centaur Support. so they can assign a SuperGroup Manager.

1. Go to Location Setup > Security tab 
2. SuperGroups sub-tab
1. Record menu > New Record
1. Enter New SuperGroup Name
2. Click OK
2. Select the SuperGroup
1. Tick the Employees to include in the group
2. Tick the permissions for each employee
1. Show All Data:
1. Tick: the person can view all Providers Reports and Banking regardless of which group they belong to
2. No Tick: the person can only view his/her own reports
2. Manager of SuperGroups: With a tick, this person can access the SuperGroups sub-tab to setup and make changes
3. Tick the Bank Accounts to include in this group
4. Tick the Business Entities to include in this group
3. Repeat for all other groups to be setup
   

Example of a Group with Access to All Data, e.g. Practice Manager and Owner

Example of Providers Setup to View Their Own Reports Only

Use the filter to search for a specific group

Setup Security Aliases

Aliases allow for a provider to have multiple entities across different locations grouped together under the same security access information.

Activate Alias Feature

1. Go to Location Setup > Security tab
2. Record menu > Security Status / Click icon 
1. Tick the following settings
1. Start/Access to D4W
2. Resolve Location from DB
3. User Aliases are in Use
2. Click OK
   

Allocate Providers to Alias Groups

1. Go to Location Setup > Security tab
2. Users sub-tab
3. Double click on Providers name
1. Available Users section, select Provider(s)
   
2. Click left pointing arrows
   
3. User Groups section, tick the group to add the Provider(s) to
4. Alias (user) name: Enter the selected Providers user name
5. New Password: Enter the selected Providers password
6. Confirm Password: Reenter the selected Providers password
7. Access to System: Allowed
8. Click OK
   

When logging in to D4W, the Provider must enter their user name and password, and select the location to open. 

Remove Provider from Security Alias

When a Provider is setup with a Security Alias and must be removed, follow the below instructions. 

1. Go to Location Setup > Security tab
2. Users sub-tab
1. Double click on the relevant Provider
1. Delete Alias: Tick 
2. Access to System: Denied
3. Click OK
   
   

Hide Patient Contact Information

Patient contact details can be hidden for users without the "Show Patient Contacts" permission, based on security settings.

System must be set to Personal Access.

1. Go to Location Setup > Security tab
2. In the Users subtab, click User
3. In Modes/Actions: under Patients, untick Show Patients contacts
   
   
4. Patient information will now be hidden for selected users
   

VIP Mode

D4W has a mode called VIP where permitted users will be given access rights to VIP mode features.

This features allows the user to mark a whole patient record as VIP, hide VIP patient records entirely from view or set so that only users with VIP access rights can view the patient's record.

In Appointment Book the name of these patients can be set to not be visible.

Prerequisites 

Security for this feature must be enabled.

1. Go to Location Setup > Security tab
2. Click the  icon to access Security Status
3. Place a tick in Access to VIP-data then click OK
   
   
4. Assign users security permissions (see below section for instructions) who are allowed access to the feature
   

Accessing VIP Mode

To make a VIP patient record, user must have security access permission as above.

1. From the main D4W screen, press 
2. Enter the authorised user's Username and Password
   
   
3. The VIP Mode icon appears at the top left hand corner
   
   

Marking a Patient as VIP 

1. Go to Patients Records > Patients tab
2. Patient menu > Toggle VIP on/off
3. The patient will be marked with a VIP icon 
   
   
4. From the main D4W screen, press  to exit VIP Mode
   

Searching for a VIP Patient 

1. Go to Patients Records > Patients tab
2. Find/View menu > Find Patient
3. Any patient marked as VIP is not accessible (invisible) to any normal user, unless that user has logged into D4W and has VIP Mode access permissions
   

Appointment Book 

Only users who have logged into D4W and have VIP Mode access permissions can make appointments for VIP Patients.

1. Go to Appointment Book
2. Users with VIP mode access are able to create appointments for VIP patients as they will be the ones able to find those patients.
3. In appointment book where ever VIP marked patients are listed or shown, their personal details are hidden from users that do not have VIP mode access
   

Security Recommendations

Many of the actions that can be performed in D4W have the option to add security. We highly recommend that you review your security regularly. 

Below are only some of the recommendations where security should be applied. 

1. Apply Template to Appointment Book
2. Modify Appointed By (AutoFill based on Security Prompt and Update when Rescheduled)
3. Delete Appointment
4. Delete from Cancellation List
5. Delete a Patient
6. Delete Patient History Records
7. Delete Referred to Record
8. Duplicate Patient Merge
9. Remove Allergies Present, Med. Cond Present, Problems
10. Clinical Notes Access - all areas
11. Delete Charting and its Plan
12. Access to Audit Trail Reports - all areas
13. Delete Whole Treatment Plan
14. Modify Date/Author of Charting/Perio/Treatment Plan
15. Delete Item from Treatment
16. Change Fee in Treatment
17. Clear Bad Debt 
18. Reverse Invoice
19. Edit Invoice
20. Mark Bad Debt
21. Modify/Reverse Discount in Accounts
22. Override FEE MODE, using discounts/adjustments
23. Reverse Claim
24. Create Bounced / Reversal Payment
25. Reverse Bounced / Reversal Payment           
26. Reverse Deposit Refund    
27. Reverse Receipt           
28. Reverse Refund from Receipts for Treatment     
29. Modify Discount in Receipt
30. Delete Documents
31. Provider Tab Access
32. Staff Tab Access
33. Modify Staff Attendance Time
34. Banks Tab Access
35. Bank Slips Tab Access
36. Delete Bank Slip
37. Take Cash Out
38. Reports Tab Access
39. Fees Tab Access
40. Promotions Tab
41. Queries Tab Access
42. Debtors Tab Access
43. Security Tab Access
44. Delete Audit Trails, Patients with no Records, Unlock All
45. System Tables Tab Access

Restrict Modify Treatment & Treatment Plan to Creator/ Administrator

It is possible to restrict changes made to Treatment and Treatment Plan when Dental4Windows Security Level is Personal Access. The aim is to limit/deny changes allowed by provider B if originally made by Provider A.

When the logged in user attempts a modification action (as per the following list) then the system will determine if that user is an Administrator or the Creator and process accordingly when:

1. Deleting a treatment item
2. Changing any value in the record (except Lab): Member, Prv, Ass, Date, Item, Qty, Tooth, Surface, Fee, Expenses, Nt, Service.

Setup Personal Access

1. Go to Location Setup > General tab
2. Group: System Settings
3. System security level = Personal access
   
   
4. Close and reopen D4W
5. Go to Location Setup > General tab
6. Group: System Settings
7. Use Creator/ Administrator Security (for PERSONAL ACCESS ONLY) = Yes
   
   

Setup Administrator/Creator Privileges

1. Go to Location Setup > Security tab
2. Groups sub-tab
3. Double click the desired Group
4. Tick Assign as Administrator for Creator/Administrator Security
   
   
5. All users in the group now have access to modify Treatment and Treatment Plans when created by another provider
   

Treatment Plan

In Treatment Plan, the items will appear white signifying they are locked to the creator.

Treatment

When in Treatment, only the original author of the treatment (or a user with creator/administrator privileges) can edit items.