Security and User Access
Setting up security for the Open Dental program will help protect patient data and track user access. This is an important component of a security plan as well as a requirement for HIPAA compliancy. Only users with the 'Security Admin' permission can access the Security area.
- Every person who uses Open Dental should have a unique user name and password for logging on.
- Every user will be part of a user group and each user group can have specific permissions.
- Other options, such as automatic logoff and lock dates, can also be set.
- See also Computer System Security Issues.
Also available: Webinar: Security and User Permissions
- Create employees (if using the time clock).
- Create user groups.
- Create users (enter user names, assign to user groups, set passwords).
- Assign security permissions for user groups.
- Employees log on to Open Dental and change their passwords to a unique password only they know.
Create User Groups
Create User Profiles
Assigning Security Permissions
- Permissions: A list of all permissions, what they allow/block, and whether they are tracked in the Audit Trail or affected by lock dates.
- Lock Dates: Set date limitations to prevent editing of historical data or backdating.
Main Security Window
In the main menu, click Setup, Security.
Users: By default, all Users set up are listed. When you click on a user, all users in the same user group will turn red and the group's permissions will show on the right. Double click a user to edit User Profiles (username, password, user group, employee/provider/clinic association, or alert subscriptions).
Limit the users that show by changing filter criteria.
- Show Only: Click the dropdown to filter results by providers, employees, all users, or other. The search box label will change based on the selection. Enter text in the search box to return exact matches.
- Group: Click the Group dropdown to filter results by security group.
- Clinic: If using Clinics, click the Clinic dropdown to filter results by clinic.
- Show hidden users: Check the box to show users who have been marked Is Hidden. Uncheck the box to hide users who have been marked Is Hidden.
- If using Dental Schools, the Show Only dropdown includes options to filter by instructors and students. When filtering by students, an additional option to filter by Class shows.
User Group Permissions: To assign permissions for a user group, select a user in the group then check/uncheck a box.
- See Permissions for a list of all permissions and their behavior. See Assigning Security Permissions for step by step instructions.
- To automatically check all permissions except Security Admin, click Set All. The Security Admin permission should only be given to the Admin user and must be individually selected.
- The Reports checkbox can have one of three states:
- Checked: User has access to reports.
- Solid square: User has access to some reports, but not all.
- Blank: User has no access to reports. Click in the box to give access. Clicking in a blank box will also open the Report Setup - Security Permissions window so you can assign access to individual reports.
Edit Groups: Create, edit, or delete user group names. See User Groups.
Add User: Create a new user and associate to a user group, employee, provider, and/or clinic. Also set user passwords. See User Profiles.
Log On/Off Options
- Domain Login Enabled / Domain Path: Check to enable single sign on to Open Dental using the user's Windows domain user. You must also enter the Domain Path and associate each user with their domain user. For complete instructions, see Setting up Single Sign On / LDAP.
- Log off after 0 minutes. 0 to disable: Set a time when, after a period of inactivity, Open Dental will automatically log off the current user. Enter 0 if you do not want an automatic log off time. If automatic log off is turned on, and you manually click Log Off, any unsaved changes will be lost, and no warning message will show.
- Log off when Windows logs off: Check this box to automatically log the current user out of Open Dental whenever they log out of Windows.
- Manually enter log on credentials: Check this box to require users to manually type their user name when logging in. If unchecked, users will select their user name from a list. See Logging On/Off.
Time Card Options. See Time Cards
- TimecardSecurityEnabled: When checked, the 'Users cannot edit their own time card' box is enabled.
- Users cannot edit their own timecard: If checked, individual users cannot make changes to their time card. Since error fixing is tracked well in time cards, most offices keep this box unchecked because it is useful when employees can make notes and fix errors. This option can only be changed if the TimecardSecurityEnabled box is also checked. The setting of this box will override the Edit All timecards permission.
The Edit All Timecards permission should also be given to the appropriate user group. Normally, regular users should not have this permission, only the office manager or administrator.
Disable Monthly Backup Reminder: Check this box to no longer show the monthly Backup reminder. Do not disable unless you have an established backup and recovery process (for HIPAA compliancy). A password is required to change this option. It is "abracadabra". If deselected, the next backup reminder will show one month after the date it is deselected.
Password Options: These options affect password requirements.
- Passwords must be strong: When checked, all passwords must be at least 8 characters and contain at least one number, one uppercase letter, and one lowercase letter.
Note: If using Mobile Web and passwords are changed to 'must be strong',
users who do not have a strong password must Change Passwords to meet the criteria before they can access the Mobile Web. Users who already have a strong password do not need to go through this process.
- Strong passwords require special character: When checked, and when 'passwords must be strong', the password must also contain at least one special character (e.g. #, $, !).
- Force password change if not strong: When checked, and when 'passwords must be strong', users who do not have a strong password will be required to change their password the next time they log on so it meets criteria.
Note: Users with strong passwords will have an X in the Strong column under Users. If this setting is changed, current users/passwords will continue to be accepted, but any password changes will need to meet the strong criteria.
Lock Date/Days: Click Change to set a global lock date that affects procedures, exam sheets, insurance and patient payments and adjustments. This can prevent editing of old items and is the only way to prevent backdating of new items. See Security Lock Dates.
Track Authorized Use of Open Dental
In version 14.3 and greater, every time a user logs in, logs off or closes Open Dental, a log is created in the Audit Trail. Another option is to use the Windows audit feature. Set up Windows so that each user is required to log in separately, then use the Security Log to view valid and invalid log attempts. To view the Windows audit log go to My Computer, right-click and choose Manage, expand Event Viewer, expand Windows Logs, left-click on the Security log.