Roles & Permissions
Healthiago uses role-based access control (RBAC). Each user has one or more roles that determine which patients, features, and actions they can access.
Common roles
| Role | Typical access |
|---|---|
| Organization Admin | User management, organization settings, broad patient access |
| Provider / Prescribing Provider | Full clinical access for assigned patients |
| Care Coordinator / RN | Monitoring, alerts, documentation for assigned patients |
| Billing / Compliance | Reporting and billing-readiness views (no unnecessary PHI) |
| Patient / Caregiver | Portal access to own or linked patient data only |
Exact role names and permissions may vary by organization configuration.
Organization isolation
All PHI is scoped to your organization. Users cannot access patients or records belonging to another organization unless explicitly granted cross-organization permissions (rare, master-admin workflows only).
Patient assignment
Many clinical roles require patient assignment — a user sees only patients on their caseload. Administrators can assign patients individually or by program.
Permission changes
Role changes take effect on next login. Contact your organization administrator to request access adjustments.
Audit
Healthiago logs access to protected health information for compliance. Your organization's security contact may request audit summaries under your BAA.