Use

Persons involved in the treatment of a patient must have a treatment authorization if they are to have access to the patient's medical data. When a user attempts to access patient data in the system, the system checks SAP Patient Management (IS-H) and the Clinical System (i.s.h.med) to determine whether the logon user has a treatment authorization for the selected patient. A distinction is made between authorization to access all the patient's data and authorization for data for the current case.

The treatment authorization does not prevent the entry of data for a patient. The user has access to the create functions for the following objects:

• Admission
• Transfer
• Outpatient visit
• Appointment
• Preregistration
• Clinical order
• Request

The system checks for a treatment authorization for specific dates based on rules defined in Customizing relating to the following:

• The user's OU jurisdiction for departmental, treatment, and nursing organizational units (OUs)
• The patient's OU relationship to departmental, treatment, and nursing organizational units

If a patient's OU relationship matches one of the user's OU jurisdictions, the system issues the treatment authorization and the user can access the patient's medical data in accordance with their SAP user authorizations. The treatment authorization is checked and issued based on the current OU constellation without dialog.

A patient's relationship to an OU is created on the basis of a planned or existing movement that has been entered in the system. This could be an admission, a transfer, or an outpatient visit. The patient also has an OU relationship for:

• An existing appointment
• A preregistration
• A clinical order
• A request

The start and end of the patient-OU relationship are derived from the absence period or time specified in the case data, or from the time or period of a planned movement. An OU relationship also comes into being independently of an appointment, relative to the date on which the following are created:

• Preregistration
• Clinical order
• Request

A user's treatment authorization is only valid for as long as the patient has an OU relationship with the user's OU jurisdiction. If a follow-up period has been defined in Customizing, this begins for the same OU constellation directly after the end of the treatment authorization The follow-up period gives the user access to the data for postprocessing.

If the follow-up period is past and a request period has been defined in Customizing, the user can request a temporary treatment authorization for specific dates within this period, provided he or she previously had treatment authorization

If a user requires temporary treatment authorization for a patient who is no longer present but is unable to request it him or herself, the request can be delegated to another user who is specially authorized as initiator; this is only possible if the initiator himself has a treatment authorization within the follow-up time or is authorized to make a temporary request during the request period.

@1B@ NOTE

If a patient is not present in any of the organizational units in the hospitaln and a follow-up period for existing medical data has not been defined, the system does not automatically issue a treatment authorization when a user accesses this data.
If this user is not allowed to request temporary treatment authorization according to the Customizing settings and delegation by another user is not possible, the system prevents access to the patient's existing medical data.

If a patient who is not currently present in the hospital has a medical emergency, a user may need to access the medical data in the system. The system does not display the data to the user because the treatment authorization cannot be determined or requested temporarily due to the Customizing settings.

We recommend that you do not restrict the request period for issuing a temporary treatment request for users who can be involved in treating patients in medical emergencies.
[ END OF NOTE ]

If a user does not have treatment authorization for a patient who is present, they can request a temporary treatment authorization in case of emergencies.

The system logs request and delegation activities. You can evaluate the logs using report RN1TC_REPORTING.

A treatment authorization that has been requested temporarily or delegated is always valid until midnight on the date in question.

Requirements

If you use the i.s.h.med treatment authorization for documents, we recommend deactivating this function once you have activated the treatment authorization function for IS-H and i.s.h.med. However, it is possible to use both functions.

Table maintenance in Customizing for assigning OU jurisdictions to roles is protected by special security mechanisms. For this purpose, your authorizations contain the authorization object S_TABU_DIS with the attributes nu and nc.

Standard settings

Activities

You make the following settings in the Customizing activities for the treatment authorization:

• Global settings
• Texts for OU jurisdictions
• OU constellations within OU jurisdictions
• Assignments of OU jurisdictions to user roles
• Follow-up/request periods for OU jurisdictions
• Follow-up/request periods for OU constellations

The functions of the treatment authorization are activated automatically when you specify a security level in the global settings. When you activate a treatment authorization at security level "Permitting" ON, this has no effect for users who are not assigned an OU jurisdiction.

Maintain Activity 01 in the authorization object N_TC_DG for users who are to act as initiators when delegating a treatment authorization.

Since the system checks the treatment authorization every time a user accesses patient- or case-related data, optimizing performance is very important. For this reason, the system stores all positive check results for each user, together with the date, in a buffer table. This means it is only necessary to check whether the user has treatment authorization once a day. The check results are deleted automatically from the database the next day. When switching to a different security level, you must clear the buffer in the Customizing activity Clear Treatment Authorization Buffer, so that the checks are run again based on the new rules.