Client Journal Permissions
This article outlines how the Site/Service assigned to a Client Journal enforces privacy barriers around the Journal.
It also explains the different requirements for accessing Journals aligned with the different types of Services, Standard Services e.g. In-Home, Day Services etc., Specialist Services i.e. NDIS Financial Plan Management (FPM) and NDIS Support Coordination, and the default Administration Service.
Additional privacy barriers can also be set for 'Team Leaders Only' and/or 'Managers Only' access in which case only Staff with access to the Client record and who have the related privilege can access these Journals.
This article focuses on the requirements for accessing Journals rather than the requirements for editing a Journal and is relevant to the period prior to a Journal becoming locked.
Audience: All
Summary
The following list summarises the content of this article. Click on the links below to take you to the relevant sections:
- How is access to Client Journals managed?
- Client Journals for Standard Services
- Client Journals for Specialist Services
- Client Journals for the default Administration Service
- Additional privileges required to access Client Journals
- Editing Access
How is access to Client Journals managed?
Privacy and access to Client Journals is primarily enforced via Site/Services. For this reason, selecting the Site/Service a Journal relates to is a mandatory requirement when creating a Journal:
N.B. This is automatically selected when creating a Client Journal from an Activity record based on the Site/Service the Activity is being facilitated by.
Access to Client Journals is managed differently for different Service Types. There are also additional privacy barriers that can be utilised to restrict who can access Client Journals as outlined below.
What are the different types of Services in SupportAbility?
There are two different types of Services in SupportAbility; 'Standard' and 'Specialist'.
Newly created Services are 'Standard' Services by default. However, these can be configured by the team at SupportAbility to the relevant 'Specialist' Service Type, i.e. NDIS Support Coordination or NDIS Financial Plan Management, when additional privacy barriers are required.
In addition, all SupportAbility installations include a default 'Administration' Service when provisioned, which serves multiple purposes, as outlined further below.
Client Journals for Standard Services
SupportAbility works on a collaborative access model for all Standard Services. Examples of 'Standard' Services include the following:
- Day Service
- Community Access
- In-Home Care
- Therapeutic Support
- Accommodation
- Supported Employment or an Australian Disability Enterprise (ADE) business
A Staff Member who works in any one of the Standard Sites/Services a Client participates in can view Journals created for any of the other Standard Sites/Services the Client participates in.
For example, Client Amy participates in multiple Standard Services i.e. Community Participation, Day Services and In-Home at the Melbourne (HQ) Site. She also participates in a Specialist Service, Support Coordination at this Site, as entered in the Client Service Participation section of her Client record:
Staff Member Corina works in one of the Standard Services in common with Amy i.e. In Home @ Melbourne (HQ), as listed in her Staff Account:
Corina, therefore, has access to Amy's Client record and can access any of the Journals related to the Standard Services in which Amy participates i.e. Community Participation, Day Services and In-Home, due to the collaborative access model for Standard Services.
If Journals have been created for a Specialist Service for the Client e.g. Support Coordination, Staff who do not have the required access to these do not have visibility of these Journals.
A red notification message is displayed at the top of the Journal list referring to this, explaining that the list of Journals being viewed has been filtered, based on the Staff Members' access:
While Corina can access each of the Standard Service Journals, she can only edit the one she is the Author of e.g. 'Cleaning In-Home' for the In Home Service, up to the point the Journal is locked.
For more information regarding editing a Client Journal, please refer to the How to edit and delete a Client Journal article, linked below for reference.
Client Journals for Specialist Services
Additional privacy barriers apply to Services configured with either of the following Specialist Service Types, designed to meet NDIS compliance requirements.
- NDIS Support Coordination
- Only Staff with access to Services of this type can create, view and edit Client Journals for these Services
- Staff solely working in Services of this type cannot see the Client Journals for Standard Services
- Where applicable, Staff solely working in Services of this type also cannot see Client Journals for 'NDIS Financial Plan Management' Service Types
- NDIS Financial Plan Management - only applicable to providers registered to deliver Plan Management Services
- The Plan Management functionality is enabled for Clients who participate in Services of this type
- Only Staff with access to Services of this type can create, view and edit Client Journals for these Services
- Staff solely working in Services of this type cannot see the Client Journals for Standard Services
- Where applicable, Staff solely working in Services of this type also cannot see Client Journals for 'NDIS Support Coordination' Service Types
NDIS Support Coordination
Additional privacy barriers for Specialist Services will only be applied if this Service has been configured accordingly in the Services tab in System Preferences:
N.B. It is important to clarify that only the team at SupportAbility can configure this Specialist Service Type. If your organisation has any Services that are not configured accurately, please ask your organisation's Authorised Representatives to reach out to us at support@supportability.com.au to assist with this.
When a Service is configured in this manner, this ensures that privacy barriers are in place for Client Journals recorded for NDIS Support Coordination Services, meaning Staff must have access not only to the Client record the Journal entry is for but also specifically to this Service, in order to see these Journals.
For example, Staff Member Felix works in the Support Coordination Service at the Melbourne (HQ) Site as itemised in his Staff Account:
As he has this Service in common with Client Amy he has access to her Client record, and as this Service is itemised in his Staff Account he can access the Journals related to the Specialist Service, Support Coordination:
Staff who only work in a Specialist Service will not be able to view Journals relating to Standard Services, or the Administration Service and a red notification message will display at the top of the Journal list; ' *** Note: These journal entries have been filtered based on your staff account privileges and the service/s you have access to':
However, it is important to note that any Staff Members with high-level Security privileges such as 'Team Leader for ALL Services', or 'Edit Client Records Across ALL Services' will have access to all Client Journals, including those for Specialist Service Types.
Therefore, if these Staff Members should not have access to Support Coordination Journals, for example, we would recommend removing their high-level Security privileges and itemising access in the 'Sites and services this staff member works in' section of their Staff Account.
Please see the NDIS Support Coordination article for more information, linked below for reference.
NDIS Financial Plan Management
Similarly, additional privacy barriers for Specialist Services will only be applied if this Service has been configured accordingly in the Services tab in System Preferences:
N.B. It is important to clarify that only the team at SupportAbility can configure this Specialist Service Type. If your organisation has any Services that are not configured accurately, please ask your organisation's Authorised Representatives to reach out to us at support@supportability.com.au to assist with this.
Only Staff working in the NDIS Plan Management Service can access the Client Journals for this Specialist Service. They cannot access any Journals related to Standard, Administration or other Specialist Services i.e. Support Coordination if they do not have access to these Services:
Similarly, Staff working in Standard Services and other Specialist Services i.e. Support Coordination cannot access the Client Journals for NDIS Plan Management if they do not have access to this Service.
However, it is important to note that any Staff Members with high-level Security privileges such as 'Team Leader for ALL Services', or 'Edit Client Records Across ALL Services' will have access to all Client Journals, including those for Specialist Service Types.
Therefore, if these Staff Members should not have access to NDIS Plan Management Journals, for example, we would recommend removing their high-level Security privileges and itemising access in the 'Sites and services this staff member works in' section of their Staff Account.
Multiple Services configured with Specialist Service Types
It is important to note that if multiple Services are configured with the same Specialist Service Type, Staff will be able to access Client Journals for all Services of this type when the Client participates in these Services.
For example, our organisation delivers Support Coordination and Psychosocial Recovery. Each of these Services has been configured with the 'NDIS Support Coordination' Service Type.
Therefore, if a Client, e.g. Tim, participates in both of these Services, our Support Coordinator Abel can view and edit Journals for Psychosocial Recovery in addition to Journals for Support Coordination, even though he doesn't have access to the Psychosocial Recovery Service in his Staff Account.
Conversely, our Psychosocial Recovery Coach Athena can view and edit Tim's Support Coordination Journals even though she doesn't have access to the Support Coordination Service in her Staff Account.
Access to Client Journals when Staff who work in a Specialist Service also work in a Standard Service
When a Staff Member works in a Specialist Service that a Client participates in and has access to the Client record due to this, if the Staff Member also works in any Standard Service this grants them access to all of the Client's Standard Service Journals, even if the Standard Service the Client participates in is not the same Standard Service the Staff Member works in. This is due to the collaborative access model for all Standard Services.
For example, our Staff Member Felix works in the Support Coordination Service at the Melbourne Site, and has access to Client Amy's record as she also participates in Support Coordination at the Melbourne Site.
Given Felix also works in a Standard Service e.g. Therapeutic Supports, as itemised in his Staff Account:
Even though he does not work in any of the Standard Services the Client participates in, he is able to access Amy's Standard Service Journals:
N.B. Felix will not, however, have access to Journals for other Specialist Services such as NDIS Financial Plan Management as he does not have this Specialist Service itemised in his Staff Account.
In summary, it is important to be aware that Staff Members with access to a Specialist Service, as well as any Standard Service will be granted access to all of the Standard Service Journals for the Clients they have access to.
Client Journals for the default Administration Service
An 'Administration' Service is included in every SupportAbility installation by default for multiple purposes, including facilitating access across 'ALL SERVICES' at specific Sites.
Having this level of access is best suited to Team Leaders or Managers of a specific Site and is a quick way that access can be granted to all of the Services available from that Site e.g:
It is important to note that if Specialist Services are also available from the Site e.g. Support Coordination and/or NDIS Plan Management, Staff with access to Administration [ALL SERVICES] will be able to access all Journals for Clients who participate in any of the Services available from this Site, including those for Specialist Services.
If this should not be the case, we recommend revising the individual's Staff Account privileges, by removing access to Administration [ALL SERVICES] and itemising their access in the 'Sites and services this staff member works in' section of their Staff Account.
In addition to the above, any Client Journals created for the Administration Service e.g. Immunisation Admin:
Are accessible by everyone who has access to the Client record and works in a Standard Service. This includes Staff Members with global privileges such as 'Edit Client Records Across All Services' and/or 'Team Leader for ALL Services'.
Further information on this Service is outlined in the Default Administration Service article, linked below for reference.
Additional privileges required to access Client Journals
In addition to the inbuilt privacy barriers outlined above, additional privacy barriers can be applied to Client Journals limiting access to the Client Journal to 'Managers Only' and/or 'Team Leaders Only' as required.
When either of these privacy checkboxes has been selected in the Journal, only Staff who have the related privileges, as well as access to the Client record and can access these Journals.
Client Journals set to 'Managers Only'
Additional privacy settings are available to further restrict Journal access to 'Managers Only' by selecting the relevant checkbox:
Once selected, Staff must have the 'User is a Manager' Security privilege, in addition to meeting the other requirements for Journal access, to see the Journal displayed in the Journal list and be able to access it.
Staff who do not have the required privilege will not see these Journals and a red notification message will display at the top of the Journal list; ' *** Note: These journal entries have been filtered based on your staff account privileges and the service/s you have access to':
Client Journals set to 'Team Leaders Only'
Additional privacy settings are available to further restrict Journal access to 'Team Leader's Only' by selecting the relevant checkbox:
Once selected, Staff must have either the 'Team Leader' privilege for the Site/Service the Journal is related to or the global 'Team Leader for ALL Services' privilege to see the Journal displayed in the Journal list and be able to access it.
Staff who do not have one of the required privileges will not see these Journals and a red notification message will display at the top of the Journal list; ' *** Note: These journal entries have been filtered based on your staff account privileges and the service/s you have access to':
Important Considerations
Journal Author
If a Journal Author selects the 'Managers Only' or 'Team Leaders Only' setting and saves the Journal, they will lose access to the Journal if they do not have this privilege.
We, therefore, recommend Staff complete all data entry and updates prior to selecting and saving this setting.
Staff assigned a Journal Action
If a Staff member has been assigned a Journal Action, but they do not have the "Managers Only' or 'Team Leader' privileges, they will not see the related notification on their Dashboard, nor be able to access this Journal once this setting has been saved.
A possible workaround may be to create a separate Journal with the required Journal Action, leaving out any sensitive information relevant for Managers or Team Leaders Only, and reference each Journal in the other Journal for context.
Editing Access
Only the Journal Author or a Staff Member with the Team Leader privilege that has access to the Client Journal, has the ability to edit a Client Journal prior to the Journal being locked.
Journals are set to lock five days from creation by default, however, this can be configured in System Preferences as required by your organisation. Please see the Configuring Journals article for more information.
Staff with access to the Client record by way of 'Administration [ALL SERVICES]' or the 'Edit Client Records Across ALL Services' privileges will have read-only access to Client Journals unless they are the Journal Author.
Once a Journal is locked only Staff with the 'Edit Locked Journals' privilege are able to edit it. However, this Security privilege is not provisioned by default and special authorisation is required in order to do so. Please see the ‘Delete Records’ and ‘Edit Locked Journals’ Staff Account privileges article for more information.
Detailed information regarding editing Journals is outlined in the How to edit and delete a Client Journal article, linked below for reference.