Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
There are lots of posts within the general Community site regarding Section Access. They will help you figure out how to limit a Doctor to seeing just their patients. You will also find posts regarding ways to use the OMIT keyword to ensure that a user can't see any patients PHI information or analysts can't see an employees SALARY information.
But what happens in the healthcare world when you want a physician to be able to see lots of patients but they should only see the PHI for their patients? Or a department manager should be able to see employees in other departments but they should only see the SALARY information for their specific employees? Being able to meet those kind of exacting specifications and needs is where Qlik earns it's marks. In these cases we need to forget about the word OMIT and simply make some slight changes to our data model and utilize just the data reduction aspects of Section Access.
For simplicity we will focus on just the PHI limitation but you will be able to quickly correlate to salary as well. Imagine we have a data table with patient information like the following:
Patients:
LOAD
EpisodeID,
Specialty,
DischargeMethod,
AdmissionMethod,
LinkDate,
"Age",
"Age Groups",
PHI_Field
FROM [lib://HospitalDataDirectory/Patients Details Dalton.qvd]
(qvd);
The first thing we need to do to support our use case is separate the PHI field(s) into another table and force the EpisodeID field to be upper case so that Section Access will work:
Patients:
LOAD
EpisodeID as EPISODEID,
Specialty,
DischargeMethod,
AdmissionMethod,
LinkDate,
"Age",
"Age Groups"
FROM [lib://HospitalDataDirectory/Patients Details Dalton.qvd]
(qvd);
PatientS_PHI:
LOAD
EpisodeID as PHI_EPISODEID,
PHI_Field
FROM [lib://HospitalDataDirectory/Patients Details Dalton.qvd]
(qvd);
Now we have the infrastructure in place to construct section access in a way that allows users to see patients demographics without seeing their PHI or vice versa potentially. The following code is built for Qlik Sense and includes some basic internal users as well as my own login to ensure I don't lose access have access to ALL patients handled as you will see by listing all of the patient ID's. Doctor A get's access to whatever patients are listed in the A group and Doctor B gets access to the patients in the B group.
SECTION ACCESS;
AUTHORIZATION:
LOAD * INLINE [
ACCESS, USERID, USERRIGHTS
USER, ADMIN, ALL
USER, USRAD-DRR\QVSERVICE, ALL
USER, INTERNAL\SA_SCHEDULER, ALL
USER, {my own login so I always have access}, ALL
USER, USRAD-DRR\doctora, A
USER, USRAD-DRR\doctorb, B
];
The next section of code that is needed is the association of the USERRIGHTS to the patients they should actually see and please keep in mind this is built by hand simply to demonstrate what can be done. In your system you will load this data from a SQL select statement or Excel file so don't get overwhelmed thinking about typing. For the user group ALL I've listed the 3 patients and the episode id's that match both of the tables above. In others words the users assigned to the group all can see the patient demographics as well as the PHI data. DoctorA who was assigned to userrights group A can also see all 3 patients but can only see the PHI data for the first 2 patients. While DoctorB has permissions to see only 2 of the 3 patients and they can only see the PHI for 1 of them.
SECTION APPLICATION;
REDUCTION:
LOAD * INLINE [
USERRIGHTS, EPISODEID, PHI_EPISODEID
ALL, 'Pat00073','Pat00073'
ALL, 'Pat00147','Pat00147'
ALL, 'Pat00240','Pat00240'
A, 'Pat00073','Pat00073'
A, 'Pat00147','Pat00147'
A, 'Pat00240',
B, 'Pat00147',
B, 'Pat00240','Pat00240'
];
Via the application here is what I get to see, what Doctor A sees and finally what Doctor B sees:
Section Access can be tricky business to begin with, and sometimes the requirements we face in the healthcare field just complicate it even more. Hopefully, this post will help you should you ever find yourself in a situation where you need to selectively show or hide field values based on the users permissions and it's not as simple as just using the OMIT keyword along with Section Access.
Note: Keep in mind the code for QlikView might be slightly different than above.
Hi Dalton,
you can explain me why you write:
force the EpisodeID field to be upper case so that Section Access will work:
I always use Section Access without any changes, any upper, about field name, and it work like a charm.
You are sure that you have configured correctly your Section Access script?
Regards,
Ely Malki
In preparation for this post I tried to get my example working with mixed cases but couldn't. I read other posts that recommended converting to upper case and once I did it with upper case field names I had success.
Great to know that you are working with mixed cases so others should try that first then. Great catch and tip.
Hi Dalton,
you can modify your post like :
(ansi, txt, delimiter is ',', embedded labels);
Regards,
Ely Malki