Roles and Permissions Guide

A complete, page by page breakdown of every level of access that each role grants.

AngelTrack uses "role-based access control". Employees are granted access to AngelTrack's various features via belonging to roles. Each role confers access to certain features.

An employee can belong to any number of roles, even all of them.

AccessBadge

Permissions Always Held by All Employees

At all times, all active employees (but not Onlookers) can do any of the following:

  • Use the timeclock and view one's personal timecard
  • View and re-view announcements which are targeted at them, or which are targeted at "Everyone".
  • Clock-in or out, if one's computer or mobile device is connected to a company-owned network
  • Use the incident system to:
    • Submit a new incident;
    • View any incident which is:
      • assigned to me,
      • submitted by me and not assigned to anyone, or
      • submitted by me and marked ☑ Always readable by the submitter.
    • Edit any incident which is:
      • assigned to me, or
      • submitted by me and not assigned to anyone.

☑ Provisional

Membership in the Dispatcher, Call-taker, Biller, Lieutenant, and Captain role can be granted provisionally: the role can be exercised only when connected to a company-owned network. That is to say: Provisional role membership grants no privileges while the employee is in the field, or is logging in from home.

AngelTrack determines that an employee is connected to a company-owned network by consulting the Timeclock Hosts List, which is the list of internet IP addresses of company facilities. When the employee's computer or mobile device is connected to one of the networks in that list, their provisional role memberships take effect.

If you do mark an employee as provisional, then make sure they understand that they will receive various "Access denied" error messages if they are accessing AngelTrack on their mobile device when they leave the office.

Movi integration

Because provisional dispatcher accounts are restricted to company-owned IP addresses, they cannot be used for Movi integration. When Movi connects to AngelTrack via a provisional dispatcher account, AngelTrack will refuse the connection, and note it as a failed logon attempt in the employee's logon history.

☑ Call-taker

Call-takers have the following privileges:

  • Create new dispatch records.
  • Create new facility records, as part of creating new dispatches.
  • Create new patient records, as part of creating new dispatches.
  • Edit existing patient records' basic demographic data, and the billing data for the current checkpoint.
  • As crew members on a call they've assigned to themselves, set or change the destination facility, via the Hospital ER list page accessible from the Run Call page.

☑ Dispatcher

Dispatches have all the privileges of Call-takers plus:

  • View and modify all aspects of the dispatch board, the call schedule, and the call calendar.
  • Assign, unassigned, and reassign dispatches to and from shifts and affiliates.
  • Advance and close an active dispatch, and view and modify all aspects of its followup data.
  • View and modify all non-billing information in closed dispatches.
  • Create and modify all aspects of the Patient records and the Facility records, and (if necessary) merge duplicate records together.
  • View the list of employees, showing each employee's phone number, station assignment, security roles, crew status, and certificate level.
  • View, add to, and modify the collection of prior-auth documents.
  • View and modify all aspects of affiliates, stations, vehicles (except maintenance and damage records), tags, and zones.
  • Begin, modify, and end shifts.
  • Create, modify, and delete scheduled shifts aka the crew scheduler.
  • As crew members on any call, set or change the destination facility, via the Hospital ER list page accessible from the Run Call page.
  • View, but not modify, anyone's time card, including weekly labor hours totals.
  • Remotely clock-out any hourly employee. Set or change timeclock flags on any employee's timecard.

☑ Biller

Billers have the following privileges:

  • Control the postprocess workflow, moving dispatches to any point in the workflow or cancelling them altogether.
  • View and service all of the Billing Queues. For each dispatch they can alter followup information, attach documents, and move it through the postprocess workflow.
  • Use the Invoice Generators to create invoices, modify all aspects of them, and then close them as paid/cancelled/sold.
  • Create and modify all aspects of the patient records and the facility records, and (if necessary) merge duplicate records together.
  • Create and modify all aspects of the affiliate records.
  • View, add to, and modify the collection of prior-auth documents.
  • Use the Payment Event page to process EOBs and other incoming payments, moving the relevant dispatches out of the postprocess workflow as 'Finished'.
  • View the many reports concerning postprocess workflows, receivables, and invoices.
  • View and add AngelTrack licenses.

☑ QA Reviewer

QA Reviewers have the following privileges:

  • View the QA Review Queue and review dispatches that are in it, marking each as Passed or Failed.
  • View the complete run report and/or open the PCR for any dispatch that is at any of the following postprocess states:
    • 0: Awaiting report completion
    • 1: Awaiting QA review
    • 2: Awaiting corrections
  • View and modify individual patient records (but cannot view the full Patients List).
  • View, but not modify, the shift records of the crews assigned to the dispatches in QA.
  • Read crew members' email addresses in order to communicate with them offline.

☑ Human Resources

Members of Human Resources have the following privileges:

  • Create and modify scheduled shifts, and view (but not modify or end) the active shifts.
  • View and modify all aspects of the timeclock, including creating new entries for absences and remote clock-ins.
  • View and modify all aspects of the incident system, including reassigning incidents, though they cannot view a locked incident assigned to someone else.
  • View and modify the HR fields of each employee's record, including pay type, pay rate, and their list of keys and codes.
  • View all reports pertaining to labor hours or costs.
  • Use the Payroll Calculator to do payroll.
  • Add new employees to AngelTrack, and add them to any role except Human Resources.
  • View and modify any employee's role memberships, but cannot modify membership in the Human Resources role (only the Administrator can do that).
  • Reset employee passwords, and unlock employee accounts locked due to too many incorrect password attempts.
  • View the Calendars of Upcoming, in order to allocate manpower.
  • Create, modify, retarget, and expire announcements.
  • Grant employee achievements.
  • Create new certificate types, and deactivate and reactivate existing certificate types.
  • View the narcotics usage reports.

☑ Lieutenant

Lieutenants have the following privileges:

  • View, but not modify, the dispatch board, the schedule, the calendars of upcoming, and the list of closed dispatches. However, Lieutenants cannot view any dispatch's detailed settings and notes.
  • View any crew member's home page to look in on reports and corrections due.
  • View, but not modify, the PCR records for any dispatch, with a view to coaching other crew members in proper recordkeeping.
  • View and modify the list of vehicles, including their certificates, maintenance logs, damage logs, and completed checklists.
  • Record a fuel purchase, view the list of all fuel purchases, modify fuel purchase records, and view the Fuel Status Report.
  • View the charts and graphs of vehicle costs, fuel usage, fuel analysis, and mileage driven.
  • View and modify the lists of stations, including their certificates and completed checklists.
  • View all non-HR fields of anyone's employee settings, including certificates. They can also view any employee's performance statistics.
  • Create, modify, retarget, and expire announcements.
  • View most reports relating to employee performance, including call times and QA statistics.
  • View, but not modify, anyone's time card, including weekly labor hours totals (but not pay rates).
  • Remotely clock-out any hourly employee. Set (but not clear) the "Needs Attention" flag on any timeclock entry.
  • Acknowledge new vehicle damage reports, new checklists with problems, and new fuel receipts with problems.
  • Grant employee achievements.
  • Check AngelTrack's license status, and purchase additional licenses as needed.

☑ Captain

Captains have all of the privileges of Lieutenants plus:

  • View, but not modify, the details of individual dispatches.
  • View, modify, reassign, and close any incident record, though they cannot view a locked incident assigned to someone else.
  • View and modify the lists of lab tests, zones, facilities, and affiliates.
  • View and modify all non-HR fields of anyone's employee settings, including the employee's Certificates and blamed incident list.
  • Set or change timeclock flags on any employee's timecard.
  • View all reports relating to call volume, facility behavior, and on-time performance.
  • View, add to, and modify the collection of prior-authorization documents (PCS, PAN, McPAN).
  • View, but not modify, the QA Review Queue.
  • View, modify, deactivate, and reactivate checklists and checklist items.
  • Create new certificate types, and deactivate and reactivate existing certificate types.

☑ Mechanic

Members of the Mechanic role have the following privileges:

  • View and modify the list of vehicles, including their certificates, maintenance logs, damage logs, and completed checklists.
  • View reports about vehicle certificate holders and vehicle certificate expirations.
  • Record a fuel purchase, view the list of one's past fuel purchases, and view the Fuel Status Report.
  • Acknowledge new vehicle damage reports.
  • View charts and graphs concerning vehicle costs, fuel usage, fuel analysis, and mileage driven.
  • Use the Checklist Queue and the Checklist Shortfall Report to monitor supply level and restock vehicles.

☑ Salesperson

Members of the Salesperson role have the following privileges:

  • Create new announcements, and modify existing announcements.
  • View, modify, and/or close any incident record whose "Cause" field is set to "Facility request for service".
  • View, but not modify, all price schemas.
  • View, but not modify, all facility records and all affiliate records.
  • View, but not modify, all invoices.
  • Use the following reports:
    • Call Volume Heatmap
    • Consummation Rates by Facility
    • On-Time Performance
    • On-Time Pickup
    • Pickup Delays by Facility
    • Pickup Delays Comparison
    • Last to Destination Analysis
    • Last-Minute Bookings by Facility
    • Top Ten Origins
    • Facilities Payor Matrix
    • Call Payor Visualizer
    • Facilities Revenue Analysis
    • Nonbillables by Origin Facility
    • Facilities with a Balance
    • Affiliates with a Balance
    • Pricing Combination Analyzer
  • Record a fuel purchase, view the list of one's past fuel purchases.

☑ Administrator

Members of the Administrator role can read and write any data anywhere in AngelTrack, at any time. They can also:

  • Add and remove employees from the HR role
  • Add and remove employees from the Administrator role
  • View and change all of AngelTrack's configuration settings (under the Settings page)
  • View and add AngelTrack license keys

☑ ★ Principal

Members of the Principal role can do just three things, all of them critical:

  1. Sign the Terms of Service document, binding your company and AngelTrack LLC in the agreement
  2. Alter your retail prices, which are used in many places including the amounts claimed against insurance carriers
  3. Use the Bulldozer to perform bulk moves of dispatches forward or back in the postprocess workflow

No other role is permitted to do these three critical things; not even Administrators. But these are the only privileges conferred by the Principal role.

Only the staff of AngelTrack Headquarters Technical Support can add or remove employees from the Principal role. Normally this role is assigned only to the proprietor, or to the managing partner, or to the general manager. Nobody else should have these privileges. If you wish to designate a different employee as the Principal, then you must contact AngelTrack Technical Support.

☑ Onlooker

Members of the Onlooker role can view a special abbreviated dispatch board, which displays all calls that are active and assigned to shifts and affiliates. They can also view these same calls on the Live Map. They cannot see calls that are unassigned or inactive, nor view any details, nor make any changes.

They are also permitted to use the incident system as would any other employee, however they cannot be blamed in any incident. They also cannot be targeted by announcements, even those for "Everyone", unless they belong to other security roles indicating that they are regular employees.

The Onlooker role is intended for use by city and state officials who require real-time oversight of your units. This means you will be issuing an employee account to the official(s), and instructing them how to access and login to your AngelTrack cloud server. Once they log in using an Onlooker account, AngelTrack will automatically take them to the abbreviated dispatch board.

You can restrict each onlooker to a certain city, or a certain county, if they do not have the right to view your other dispatch activity. You can also restrict them to viewing only your emergent and critical calls; AngelTrack will not show them your low-acuity and scheduled work. All of these restrictions can be set for each individual Onlooker, using the Employee Edit page.

☑ Medical Director

Members of the Medical Director role can access the Medical Director Review Queue and perform medical reviews of completed runs, as required by your city and state health regulations. Naturally, your medical director can perform this task remotely over the internet, from home or work or mobile.

When each review is completed, it subsequently appears at the bottom of the QA Review Form.

Medical directors can also use the incident system and the timeclock. They are not targetable by announcements, except via their membership in other security roles.

☑ Doctor

Members of the Doctor role can be selected as the attending doctor in a telemedicine call. The role confers no other privileges.