There are lots of posts within the general Community site regarding Section Access. They will help you figure out how to limit a Doctor to seeing just their patients. You will also find posts regarding ways to use the OMIT keyword to ensure that a user can't see any patients PHI information or analysts can't see an employees SALARY information.

But what happens in the healthcare world when you want a physician to be able to see lots of patients but they should only see the PHI for their patients? Or a department manager should be able to see employees in other departments but they should only see the SALARY information for their specific employees? Being able to meet those kind of exacting specifications and needs is where Qlik earns it's marks. In these cases we need to forget about the word OMIT and simply make some slight changes to our data model and utilize just the data reduction aspects of Section Access.

For simplicity we will focus on just the PHI limitation but you will be able to quickly correlate to salary as well. Imagine we have a data table with patient information like the following:

Patients:

LOAD

    EpisodeID,

    Specialty,

    DischargeMethod,

    AdmissionMethod,

    LinkDate,

    "Age",

    "Age Groups",

    PHI_Field

FROM [lib://HospitalDataDirectory/Patients Details Dalton.qvd]

(qvd);

The first thing we need to do to support our use case is separate the PHI field(s) into another table and force the EpisodeID field to be upper case so that Section Access will work:

Patients:

LOAD

    EpisodeID as EPISODEID,

    Specialty,

    DischargeMethod,

    AdmissionMethod,

    LinkDate,

    "Age",

    "Age Groups"

FROM [lib://HospitalDataDirectory/Patients Details Dalton.qvd]

(qvd);

PatientS_PHI:

LOAD

    EpisodeID as PHI_EPISODEID,

    PHI_Field

FROM [lib://HospitalDataDirectory/Patients Details Dalton.qvd]

(qvd);

Now we have the infrastructure in place to construct section access in a way that allows users to see patients demographics without seeing their PHI or vice versa potentially. The following code is built for Qlik Sense and includes some basic internal users as well as my own login to ensure I don't lose access have access to ALL patients handled as you will see by listing all of the patient ID's. Doctor A get's access to whatever patients are listed in the A group and Doctor B gets access to the patients in the B group.

SECTION ACCESS;

AUTHORIZATION:

LOAD * INLINE [

    ACCESS, USERID,                                 USERRIGHTS

    USER, ADMIN,                                         ALL

    USER, USRAD-DRR\QVSERVICE,           ALL

    USER,  INTERNAL\SA_SCHEDULER,      ALL

           USER, {my own login so I always have access},       ALL

    USER, USRAD-DRR\doctora,                    A

    USER, USRAD-DRR\doctorb,                    B

    ];

The next section of code that is needed is the association of the USERRIGHTS to the patients they should actually see and please keep in mind this is built by hand simply to demonstrate what can be done. In your system you will load this data from a SQL select statement or Excel file so don't get overwhelmed thinking about typing. For the user group ALL I've listed the 3 patients and the episode id's that match both of the tables above. In others words the users assigned to the group all can see the patient demographics as well as the PHI data. DoctorA who was assigned to userrights group A can also see all 3 patients but can only see the PHI data for the first 2 patients. While DoctorB has permissions to see only 2 of the 3 patients and they can only see the PHI for 1 of them.

SECTION APPLICATION;

REDUCTION:

LOAD * INLINE [

    USERRIGHTS, EPISODEID, PHI_EPISODEID

    ALL, 'Pat00073','Pat00073'

    ALL, 'Pat00147','Pat00147'

    ALL, 'Pat00240','Pat00240'

    A, 'Pat00073','Pat00073'

    A, 'Pat00147','Pat00147'

    A, 'Pat00240',

    B, 'Pat00147',

    B, 'Pat00240','Pat00240'

];

Via the application here is what I get to see, what Doctor A sees and finally what Doctor B sees:

Section Access can be tricky business to begin with, and sometimes the requirements we face in the healthcare field just complicate it even more. Hopefully, this post will help you should you ever find yourself in a situation where you need to selectively show or hide field values based on the users permissions and it's not as simple as just using the OMIT keyword along with Section Access.

Note: Keep in mind the code for QlikView might be slightly different than above.