Kipu Health will assist and guide your facility's Super Admins in the setup and management of users. However, for the protection of our clients and the PHI in your instance, it is Kipu's policy not to add, edit, enable or disable any user profiles on behalf of our clients.
If a user in your organization is experiencing difficulties related to logging in, their user profile setup or access permissions, they must contact their facility's Super Admin or user with the Manage users feature. For help setting up and managing your users, refer to User Roles and User Features articles, or contact our Support team.
Consistent with the Privacy Rule standard that limits uses and disclosures of PHI to the "minimum necessary" standard, HIPAA requires a covered entity to implement policies and procedures for authorizing access to digital PHI only when such access is appropriate based on the user or recipient's role (noted as role-based access). Source: HHS.gov: Health Information Privacy/Administrative safeguards.
Giving users (especially external service providers) more access than needed to perform their jobs may put you at risk of violating HIPAA guidelines.
The Super Admin role should be reserved for a select few people in your organization, as such users may, accidentally or intentionally, modify settings and content, or delete records. If you need help assigning the best combination of roles and features for your users to perform their job, please contact us.