'Delete Records' and 'Edit Locked Journals' Staff Account privileges
There are two Security Privileges in a Staff Account that grant high-level access to delete records and edit locked Journals in SupportAbility: Delete Records and Edit Locked Journals.
Audience: Authorised Representatives, Executive Management
Authorisation to grant these privileges
Given that these privileges allow Staff to edit and/or delete important information, we recommend providers exercise caution with regard to who in your organisation is granted these privileges.
While the 'Delete Records' privilege is usually reserved for an organisation's Authorised Customer Representatives, the 'Edit Locked Journals' privilege is, by default, not granted to any User Accounts. In many instances, organisations continue with this and choose not to provide any of their Staff Members with the 'Edit Locked Journals' privilege to ensure that the evidence contained in these records is preserved.
However, if it is absolutely required, SupportAbility can provision the 'Edit Locked Journals' privilege as needed. To do so, special authorisation must be submitted in writing by your organisation's Authorised Customer Representatives authorising SupportAbility Software to provision the required privilege for the approved Staff Member/s.
N.B. If a Staff member at your organisation has the privileges to 'Edit User Accounts' as well as either of the aforementioned privileges, they will be able to provision these privileges to other Staff Members.
'Delete Records'
Please be aware that Client records cannot be deleted in cases where they are attached to records such as:
- Activities
- Journals
- External Invoices (for providers of Plan Management Services)
- Client Incidents
- Organisational Accident Incident Register (AIR) Incidents - People Involved
- Organisational Accident Incident Register (AIR) Incidents - Injured Parties
In addition, even though SupportAbility prompts the Staff Member to confirm that they are absolutely sure before they delete a record, any records deleted using this privilege will be deleted permanently and are rarely recoverable. Related records are also deleted. For example, if a Client record is deleted, all of their associated data is also deleted (Goals, Documents, etc.).
Investigating and potentially recovering a record could only be completed under paid support time. This often takes our Engineering team a significant amount of time with no guarantee on the outcome of recovering the record successfully.
For these reasons, we recommend limiting the delete privilege to one or two senior Staff Members within your organisation.
'Edit Locked Journals'
Please also note that any changes made through the use of this access privilege will still generate auditable logs in the SupportAbility database backend and as such could potentially still be subject to a subpoena under legislation.