Security

User Permissions and Roles

ResiDex has fine-grained controls called Staff Roles that allow administrators to set exactly what each staff member can view, add to or change within ResiDex.

Note: If a user does not have BOTH Staff roles (role 15) AND Supervisor (role 13) they cannot add/edit any of their own staff roles.  They can add or edit roles for other staff but not their own.

Review Roles for All users

Managing staff roles in ResiDex is very important. As you grow and implement you may wish to reduce roles for several people to "tighten down" security. You can remove roles from a staff member one individual at a time OR you can use the Security Overview Screen.

This screen will also highlight roles that we recommend giving to a few key people due to the  impact they can have on the database.  These are highlighted as "Sensitive Roles".

HIPAA & Staff Accounts

An important part of being HIPAA compliant is up to users. It is essential that ResiDex users do not share their login usernames. The ResiDex username/password locking system is a very important part of being HIPAA compliant and keeping private medical information secure.

Account Security

Each RTasks user is responsible for maintaining a secure password, documenting in RTasks only under their own login, and observing HIPAA Privacy practices.

Limited Resident Access

ResiDex's "Limited View of Residents" feature allows certain staff to have RTask access limited to only one or a few residents. This is helpful if you have an outside agency that needs to view information or chart services for individuals, but for whom you would not want to give access to all residents (hospice workers, consultant physicians, therapists, or Medicare/skilled nursing providers, surveyors etc).

If you opt not to provide limited access, RTasks does offer a variety of reports that can be provided to the consultant or surveyor.  

Restrict Access by IP Address

RTasks.net is a website on the internet, meaning it can be accessed from anywhere there is an internet connection.  You may want to restrict access to RTasks for some of your staff unless they are actually in your building(s); this can be achieved with our IP Address Restriction controls.

This feature allows you to allow some individual users (such as on-call nurses or administrators) to log in from anywhere, and restrict others (HHAs, CNAs, housekeeping, etc) so they can only log in from your pre-authorized network. 

To use this feature, your building must have a Static IP address from your Internet Service Provider (Comcast, CenturyLink, etc). 

If you do not have a Static IP address, your IP Address will change unpredictably (IP addresses used by cell phones on cellular data plans will change very rapidly and frequently) locking your staff out in the process, which is very disruptive. 

Staff the 'Manager' or 'Supervisor' permissions can manage this setting.