As is the case for most healthcare systems, security at Children's Hospital of Philadelphia (CHOP) is a top priority. With that in mind, the hospital recently established an IT and business team to develop a new role-based security system as part of a larger Epic EHR implementation project.
Role-based security is based on the scope of practice (i.e., role) of each clinician working at the hospital. So clinicians would gain access to various components of the EHR system based on their scope of practice, which varies among MDs, RNs, LPNs, and so on. Each role required that the hospital create templates within Epic. In total, the system had to accommodate 9,000+ users and nearly 500 roles.
To reach its goal, the project team developed a custom table within the hospital's HR database and mapped a user's job title and department to his or her Epic role template. Given the large number of users and various roles involved, CHOP incorporated Epic templates that supported multiple departments and clinical units so a user can be anywhere in CHOP's Care Network and still have the same level of access to support patient care.
The project has borne fruit: It has significantly reduced user-specific access to key clinical systems by linking 89% of active users to role templates. Epic also reported that the overall Epic Acute implementation was the most successful in its history.