Regardless of whether your organization has been live on Epic for years or has just recently implemented, security tends to be a burning topic. Even with thorough testing, it is difficult to get it right on the first try given the hundreds of security points available for each security class in Epic. Most of Epic’s functionality is enabled or blocked by the Standard ECL Security Class and Point Model. ECL is the Epic Database that holds all Security Class records. One security class record can be shared with any number of users and each record is linked to a specific application, such as Ambulatory, Cadence, or Resolute Professional Billing. Most users require multiple ECL records to cover when job necessary features belong to different applications. Security Points grant access to a specific feature. Points are either standalone items in the class record or category values within a single large list item. Some points are more complex than a simple yes or no answer and require detailed research and testing to ensure set up is accurate.
Walking in and taking over existing build is often more difficult than starting from scratch. Aside from inheriting problematic build, you may also inherit stigmas that end-users may have developed. As frustrating as it may be to deal with those stigmas, it provides an excellent opportunity to redefine your relationship with the end-users.
In several recent engagements, Culbert was assigned to provide lead analyst support of security for organizations that had been on Epic for several years. After digging into user security and conducting Chronicles searches, we quickly identified disorganization within user templates to the extent that individuals with the same job description and function were assigned to considerably different access roles. This was the result of security related help desk tickets being resolved in a ‘one-off’ manner and in most cases because operations did not fully understand security build in Epic. In order to streamline security set up, security roles should have a 1-to-1 relationship with job descriptions and/or functions. One by one we evaluated the existing security templates and selected the job title that was the most scattered and started to map out what a consolidated template would look like. We started with Resolute Professional Billing because there were 5 different security classes for what appeared to be a single job function. In order to determine which was the most accurate, we needed input from the operational managers.
When we engaged the operational managers to describe the scope and solicit feedback, their initial response was less than enthusiastic. They were concerned that changes would only make things worse, and while existing setup was clunky at best, it did allow them to get their work done. We knew that a new consolidated template would make things more efficient for everyone, but we needed operational buy in to move forward. We began by providing the operational managers with a deep dive into how security works in Epic. This gave them a greater understanding of templates, security classes and even individual security points. Once the managers understood templates and security classes it gave us a common ground to work from. We shared an export of all the available security points for us to review together in order to develop security templates that aligned with Epic best practice and met the needs of the individual users. We ended up with 2 Resolute Professional Billing security templates, one of which allowed more advanced users with additional security points than entry level users.
By taking the time to thoroughly explain what we were trying to do and including the managers in the planning process, we were able to turn the project into a positive experience for everyone. This further created a long-term collaborative working relationship between IT and operations, making day-to-day resolution of issues more efficient and effective. If you’d like to learn more about Culbert and how we can help you with your Epic Security Optimization , please let us know. firstname.lastname@example.org