Because of the potentially sensitive nature of the data recorded in Clinical's patient database, security is implemented using a User Database and access levels. Access levels determine what information a user has access to.

Every user of Clinical must be defined in the user database. Each user's record will include the user's name, password and access level. When a user logs on, their password is matched against the user database to determine who they are and what level of access they have.

Clinical defines two separate classes of user: practitioners and users (users other than clinical staff).

Practitioner Access

Practitioners automatically have access to all patient demographic and clinical data. Details of the practitioner currently logged-in will appear on scripts, in patient records and notes, and at the bottom of the Clinical window.

When adding a practitioner to the database, there are three options available:

• Top-Level Access: Permits practitioners to access the User Database, and add, delete and modify practitioner and user details. If this option is not selected, the User Database is unavailable to the practitioner.
• Allow Data Export: Permits practitioners or users to export patient demographics and clinical information, and perform backups.
• Allow Options Editing: Permits access to Clinical Options and Print Options.

User Access

Non-clinical staff are entered as 'Users' into the same database as practitioners. There are three levels of access for Users; Full Access, Limited Access and Basic Access. The Allow Data Export and Allow Options Editing options are available to users with Full or Limited access, but not Basic Access users.

• Full Access: Permits access to patient records, with the ability to add and edit history, immunisation, cervical screening, and antenatal data. Summary sheets can be printed, and letters written, saved, and printed. Access to a patient's My Health Record data is granted. Medications cannot be added, changed or deleted. Pathology/Radiology requests cannot be generated. Pathology results cannot be checked. This level is appropriate for nursing staff who may need to add details of immunisations, cervical screening, antenatal visits, and so forth, after the practitioner has seen the patient.
• Limited Access: Essentially the same as Full Access, except that whilst databases can be viewed, they cannot be edited. This provides users access to the Letter Writer to create letters containing patient information drawn from the databases.
• Basic Access: Permits limited access to demographic information using the options provided from the main screen.