Journal Permissions

A comprehensive overhaul has been undertaken, in each of the areas Journals are used in SupportAbility to ensure privacy is upheld. This applies to all places where Journals are searched for, viewed and created. 


Client Journals


When a Client Journal is created, the Site/Service it relates to, must first be selected.  When a Journal is aligned with a particular Site/Service this helps to enforce the privacy barriers around who can view that Journal.

Privacy and access to Client information, including Client Journals, is first enforced via the Site/Services a Staff member has listed in their Staff Account, and furthermore via any additional Staff Account privileges they have been granted, either at the Site/Service level (e.g. 'Team Leader', or 'Administration [ALL SERVICES]'), or via a Security Privilege (e.g. 'User is a Manger' or 'Edit Client Records Across ALL Services'.)

By default, SupportAbility employs a collaborative Journal access model for Standard Services.  Specific privacy barriers are required and enforced for Private Services i.e. NDIS Financial Plan Management (FPM) and/or Support Coordination.

Journal Actions, and Journals linked to Client Goals and Client Goal Strategies apply the same rules, relative to the Service they relate to.

Return to Summary


Journal Service Terminology

  • Administration: Is the generic default Service designed to record details either relating to all Services at a Site, or on an organisational level, rather than for a specific Service.
  • Private Service: An NDIS related Service that requires a privacy barrier such as Financial Plan Management (FPM) or Support Coordination.

    N.B. the privacy barriers will only be applied if these Services have been set accordingly in System Preferences::Services.

  • Standard Service: Any Service that is not Administration, NDIS Financial Plan Management (FPM) or NDIS Support Coordination. These Services work on a collaborative model whereby a Staff member who works in one of the Standard Services which a Client participates in can view the Client's Information pertaining to all of the Standard Services which that Client participates in. 

Return to Summary


Accessing Client Journals follows these conditions:

  • The Staff member first requires access to the Client record i.e. works in one of the same Service/s the Client participates in.

  • If the Journal is attached to the Administration Service, it can be viewed by any Staff member that has access to the related Client record. 

  • If the Journal is attached to one of the Private Services (NDIS Financial Plan Management (FPM) or Support Coordination), the Staff member must work in the same Private Service in order to access the Journal.

  • If the Journal is attached to a Standard Service, it can be viewed by any Staff member that has access to the related Client record and also works in one of the Standard (collaborative model) Services.

  • Where the additional privacy setting of Team Leaders (TL) Only has been selected, to access the Journal, Staff must have either:

    • the Team Leader for ALL Services privilege, OR

    • the Team Leader privilege for the Site and Service the Journal entry is attached to. 

    • N.B. if a Staff member is assigned to a Journal Action, but they do not have the TL privileges, they will not see this notification on their Dashboard, or be able to access this Journal once this privacy setting has been saved. 

  • Where the additional privacy setting of Managers Only has been selected, staff must have the Managers Only privilege for the Site and Service the journal entry is attached to. N.B. if a Staff member is assigned to a Journal Action, but they do not have the Managers Only Privilege, they will not see this notification on their Dashboard, or be able to access this Journal once this privacy setting has been saved. 

  • Staff with Team Leader for ALL Services or Edit Client Records Across ALL Services can view all Client Journals. However, in this case the Managers Only restriction still applies.

NDIS Financial Plan Management (FPM) and Support Coordination

Additional privacy barriers for Client Journals are enforced for NDIS FPM and Support Coordination Services to meet NDIS compliance requirements.
For a Staff member to be able to access Journal entries created for one of these Private Services, a Staff member's Staff Account must have one of the following:  
  • the relevant Private Site/Service specifically itemised,
  • 'Administration [ALL SERVICES]' listed for the relevant Site where the Private Service is delivered from,
  • the Edit Client Records across ALL Services Staff Account Privilege,  OR
  • the Team Leader for ALL Services Staff Account Privilege.

Who can access and edit Client Journal entries?

The following scenarios help demonstrate how the configuration of Staff Accounts i.e. Site/Services itemised and/or Staff Account Privileges granted, affect Journal access.

In our example, Client Tim Swanston participates in three Services, two of which are Standard Services e.g.Day Services and Therapeutic Support, and one which is a Private Service i.e. Support Coordination:

The Staff members listed below have each written a Journal for Client Tim relevant to the Service they work in.  

N.B. 

  • The Journal created on 9/8/2019 for 'Therapeutic Support' was marked as 'Managers Only'
  • The Journal created on 10/8/2019 for 'In Home Support' is not a Service which Tim participates in and therefore is not listed in his Client record.  The Journal relates to a one-off participation in this Service.

The full list of Journals created by these Staff Members is displayed here:  

Based on the conditions for Journal access outlined in the above sections of this article, not all Journals may be visible/accessible to all Staff members.  Assuming a Staff member has access to the relevant Client record, they may notice a red warning bar at the top of the Journal list advising "Note: These journal entries have been filtered based on your staff account privileges and the service/s you have access to":

Return to Summary


The following outlines which Services have been itemised in each of our sample Staff members' Staff Accounts and the Staff Account Privileges they have been granted. It also details which of these Journal entries are visible to and editable by each Staff member, along with details of the conditions governing their access.

Staff member Corina Petrella works in the Day Service and has no additional Staff Account privileges granted in her Staff Account:

Therefore Corina has access to the following Journals:

  • As Corina is the author of one of the Journals she is able to both access and edit that Journal. 
  • As she has the Standard Service 'Day Services' listed in her Staff Account as where she works, Corina has access to the Journals created for other Standard (collaborative model) Services i.e. 'In Home Support' and 'Therapeutic Support'. However, she has 'read only' access to these Journals.
  • She does not, however, have access to the Journal created on 9/8/19 for the Standard Service of 'Therapeutic Support' as this Journal was marked as 'Managers Only' and Corina does not have the 'User is a Manager' Security Privilege.
  • She also does not have access to the two Journals created for the Private Service of 'Support Coordination' as she does not have this Service listed as to where she works in her Staff Account, nor does she have any additional global Security Privileges.

Return to Summary


Staff member, Freddie Mow works in the Support Coordination Service and has no additional Staff Account privileges granted in his Staff Account:

Therefore Freddie has access to the following Journals:

  • Freddie can only see the Journals created for the 'Support Coordination' Service as he only has this Private Service listed where he works in his Staff Account.  
  • He is able to edit the Journal he is the author of and has 'read only' access to the Journal created by Abel.
  • As he does not have any Standard (collaborative model) Services listed in his Staff Account he cannot see any of the Journals created for the Standard Services.

Return to Summary


Staff member Stephen Sayas works in the Therapeutic Support Service and has no additional Staff Account privileges granted in his Staff Account:

Therefore Stephen has access to the following Journals:

  • As Stephen is the author of the Journal for 2/8/2019 he is able to both access and edit that Journal. 
  • He is not however able to see or access the Journal he created for 'Therapeutic Support' on 9/8/2019 as he marked it 'Managers Only' and he does not have the 'User is a Manager' Security Privilege.
  • As Stephen has the Standard Service 'Day Services' listed in his Staff Account where he works, he has access to the Journals created for other Standard (collaborative model) Services i.e. 'In Home Support' and 'Therapeutic Support'. However he has 'read only' access to these Journals.
  • He also does not have access to the two Journals created for the Private Service of 'Support Coordination' as he does not have this Service listed where he works in his Staff Account, nor does he have any additional global Security Privileges.

Return to Summary


Staff member Tameka Pujol has access to all Services at the Melbourne (HQ) Site as she has 'Administration [ALL SERVICES]' selected where she works, but she has no additional Staff Account privileges granted in her Staff Account:  

Therefore Tameka has access to the following Journals:

  • As Tameka is the author of one of the Journals she is able to both access and edit that Journal. 
  • As she has 'Administration [ALL SERVICES]' at the Melbourne (HQ) Site, listed where she works in her Staff Account, she is able to access all of the Journals created for Tim for all of the Services at this Site both Standard and Private.  She will however have 'read only' access to these Journals.
  • The only Journal she is not able to access is the Journal created for 'Therapeutic Support' on 9/8/2019 as it was marked 'Managers Only' and she does not have the 'User is a Manager' Security Privilege.

Return to Summary


Staff member Abel Mccaa works in two Services, one Standard  Service - 'Therapeutic Support' and one Private Service - 'Support Coordination'.  He has also been granted the 'User is a Manager' Security Privilege and 'Team Leader' privilege for the 'Support Coordination' Service in his Staff Account:

Therefore Abel has access to the following Journals:

  • As author of one of the Journals Abel is able to both access and edit that Journal. 
  • Abel has access to all of the Journals created for the Standard Services as he has one of the Standard Services listed where he works in his Staff Account i.e. 'Therapeutic Support'.  He will however have 'read only access' to these Journals.
  • Abel is able to see both Journals created for the Private Service 'Support Coordination' as he also has this Service listed where he works in his Staff Account. Abel can also edit these Journals as he has been granted the 'Team Leader' privilege for the 'Support Coordination' Service in his Staff Account.
  • He is also able to access the Journal created for 'Therapeutic Support' on 9/8/2019 which was marked 'Managers Only' as he has the 'User is a Manager' Security Privilege granted in his Staff Account.

Return to Summary


Who can edit Client Journal entries once they have locked?

The default timeframe in which a Journal entry is set to lock after creation, is five days, however this can be customised by your organisation in System Preferences::Journals.  Journal entries can be locked after a minimum of one day (the day following the entry) or any timeframe in days, greater than this:

Within this period, only the author or a Team Leader for the Site/Service this Journal entry was created for, have access to and the ability to edit the Journal.

Once the Journal has locked a (read only) notation will appear next to the Journal Date, Title and Notes fields of the Journal, and these fields can no longer be edited:

Once a Journal has locked 'Standards' also can no longer be added to the Journal entry evidenced by the absence of the + Add Standard button:

However once a Journal has locked, it is still possible to add a Journal 'Action' to the locked Journal:

and link a 'Client Goal' and 'Goal Strategy' including adding a 'Goal Progress Assessment' score:

Return to Summary


Staff Journals

In order for a user to access a Staff member’s Journals, the user will require either:
  • the Human Resources For ALL Staff privilege, OR
  • the Human Resource s privilege for at least one of the Sites and Services that the staff member works in.
By default, SupportAbility restricts access so that staff are not able to access their own HR details. The only exception to this is if the Staff member is a System Administrator AND has a system setting enabled allowing them to access their own HR information.  

Please note that only the Customer Success team at SupportAbility can enable these settings. If this is required, please contact us at support@supportability.com.au.
 
Similar to Client Journals, where the additional privacy setting of Team Leaders Only has been selected, Staff must either have:
  • the Team Leader for ALL Services privilege, OR
  • the Team Leader privilege for Site and Service the Journal entry is attached to.
 
Where the additional privacy setting of Managers Only is selected, staff must have the Managers Only privilege for the Site and Service the Journal entry is attached to.

Still need help? Contact Us Contact Us