Security Policies: Attribute Based Access Control

Security policies can be applied to all customizable objects within the Designer tool. CRUD (Create, Read, Update, Delete) actions can be controlled for every field within a Custom Data Type, giving an organization complete control over what level of security access should be set up for the specific type of data and user. Security policies can also be applied to Patient Profile access, Forms, Calendar, Communication Center, Documents, Internal (system) data types, Encounters, Data Exports, Insights, Programs and Dictionaries.


Security policies are used to create the different User Roles that are required to run your Care Program. In the Designer tool, roles can be created with one or more security policies. This helps organizations assign the correct level of security needed for each of the different types of users who are using Welkin.  

Territories and Regions

Territories and Regions enables another layer of patient access control. Territories and Regions are configurable in the Designer tool, giving customers full control over how to set up patient access for their care program. Patients who are assigned to a territory/region will only be accessible to those users who have also been assigned to that territory/region.

Self service user management

Within the Customer Admin tool, a SuperAdmin user can manage user access for their Welkin environments. They can invite new users to use any or all of the 3 Welkin tools (Admin, Designer, Care Portal). Access to any of these tools can also be revoked from the Customer Admin tool. For Designer and Care Portal, if there are multiple environments set up for the customer, user access to any or all of those environments can be granted from the Customer Admin tool. Temporary access can be set up for any user who needs access for a specific period of time. Security roles and Territory/Region assignment can also be applied to the user profile for any/all customer environments by the Customer Admin user. If a user forgets their password, password resets can also be performed from the Customer Admin tool.