NaviNet comes with a default set of permissions, as determined by each health plan for their own transactions. These permissions govern which transactions appear for each user – Users who do not have permission for a transaction, will not see it in the workflow menu for that plan. Generally, the default permissions are broad, so that most users can access most transactions.
The Security Officer has the authority to change permissions – either grant access or deny access. Setting permissions is helpful because it allows you to give the correct access to the correct transactions. For example, if someone in your office is only responsible for claims, you may not want him or her to have access to clinical alerts, as they are not necessary for that person’s daily activities. Permissions can be set at a very detailed level, including by health plan and by transaction type.
Here are two common situations where a Security Officer might want to change the default permissions:
- Certain sensitive transactions, such as EFT registration and other financial transactions, are restricted to only the Security Officer as the default. The Security Officer could then enable the permission for that transaction to a small number of selected individuals as per the office policy.
- Some transactions, such as those accessing clinical information, are available by default, but the Security Officer can restrict access. For instance, the Security Officer might restrict the billing department from doing an inquiry to retrieve a patient clinical summary.
Note: Health plans sometimes restrict transactions from entire offices. This occurs most frequently for offices designated as Billing Agencies – certain provider-only transactions are not available to them.