Roles and Permissions Guide

A complete, page by page breakdown of every level of access that each role grants.

AngelTrack uses "role-based access control". Employees are granted access to AngelTrack's various features via belonging to roles. Each role confers access to certain features.

An employee can belong to any number of roles, even all of them.

AccessBadge

Permissions Always Held by All Employees

At all times, all active employees (but not Onlookers) can do any of the following:

  • Use the timeclock and view one's personal timecard
  • View and re-view announcements which are targeted at them, or which are targeted at "Everyone".
  • Clock-in or out, if one's computer or mobile device is connected to a company-owned network
  • Use the incident system to:
    • Submit a new incident;
    • View any incident which is:
      • assigned to me,
      • submitted by me and not assigned to anyone, or
      • submitted by me and marked ☑ Always readable by the submitter.
    • Edit any incident which is:
      • assigned to me, or
      • submitted by me and not assigned to anyone.

☑ Provisional

Membership in the Dispatcher, Biller, Lieutenant, and Captain role can be granted provisionally: the role can be exercised only when connected to a company-owned network. That is to say: Provisional role membership grants no privileges while the employee is in the field, or is logging in from home.

AngelTrack determines that an employee is connected to a company-owned network by consulting the Timeclock Hosts List, which is the list of internet IP addresses of company facilities. When the employee's computer or mobile device is connected to one of the networks in that list, their provisional role memberships take effect.

If you do mark an employee as provisional, then make sure they understand that they will receive various "Access denied" error messages if they are accessing AngelTrack on their mobile device when they leave the office.

Movi integration

Because provisional dispatcher accounts are restricted to company-owned IP addresses, they cannot be used for Movi integration or for the third-party CAD API. When Movi or a third-party CAD connects to AngelTrack via a provisional dispatcher account, AngelTrack will refuse the connection, and note it as a failed logon attempt in the employee's logon history.

☑ Call-taker

Call-takers have the following privileges:

  • Create new dispatch records.
  • Create new facility records, as part of creating new dispatches.
  • Create new patient records, as part of creating new dispatches.
  • Edit existing patient records' basic demographic data, and the billing data for the current checkpoint.

If someone with call-taker access is also a crew member, then AngelTrack will grant them all the privileges of Self-Dispatch PCR mode, allowing them to fully self-dispatch even if Self-Dispatch PCR mode is not otherwise active. In other words, the call-taker role is a way of granting Self-Dispatch PCR mode access to individual crew members, rather than to all crew members companywide. To learn more, read the Self-Dispatch PCR Mode Guide.

☑ Dispatcher

Dispatches have all the privileges of Call-takers plus:

  • View and modify all aspects of the dispatch board, the call schedule, and the call calendar.
  • Assign, unassigned, and reassign dispatches to and from shifts and affiliates.
  • Advance and close an active dispatch, and view and modify all aspects of its followup data.
  • View and modify all non-billing information in closed dispatches.
  • Create and modify all aspects of the Patient records and the Facility records, and (if necessary) merge duplicate records together.
  • View the list of employees, showing each employee's phone number, station assignment, security roles, crew status, and certificate level.
  • View, add to, and modify the collection of prior-auth documents.
  • View and modify all aspects of affiliates, stations, vehicles (except maintenance and damage records), tags, and zones.
  • Begin, modify, and end shifts.
  • Create, modify, and delete scheduled shifts aka the employee scheduler.
  • As crew members on any call, set or change the destination facility, via the Hospital ER list page accessible from the Run Call page.
  • View, but not modify, anyone's time card, including weekly labor hours totals.
  • Remotely clock-out any hourly employee. Set or change timeclock flags on any employee's timecard.

☑ Biller

Billers have the following privileges:

  • Control the postprocess workflow, moving dispatches to any point in the workflow or cancelling them altogether.
  • View and service all of the Billing Queues. For each dispatch they can alter followup information, attach documents, and move it through the postprocess workflow.
  • Use the Invoice Generators to create invoices, modify all aspects of them, and then close them as paid/cancelled/sold.
  • Create and modify all aspects of the patient records and the facility records, and (if necessary) merge duplicate records together.
  • Create and modify all aspects of the affiliate records.
  • View, add to, and modify the collection of prior-auth documents.
  • Use the Payment Event page to process EOBs and other incoming payments, moving the relevant dispatches out of the postprocess workflow as 'Finished'.
  • View the many reports concerning postprocess workflows, receivables, and invoices.
  • View and add AngelTrack licenses.

☑ QA Reviewer

QA Reviewers have the following privileges:

  • View the QA Review Queue and review dispatches that are in it, marking each as Passed or Failed.
  • View the complete run report and/or open the PCR for any dispatch that is at any of the following postprocess states:
    • 0: Awaiting report completion
    • 1: Awaiting QA review
    • 2: Awaiting corrections
  • View and modify individual patient records (but cannot view the full Patients List).
  • View, but not modify, the shift records of the crews assigned to the dispatches in QA.
  • Read crew members' email addresses in order to communicate with them offline.

☑ Human Resources

Members of Human Resources have the following privileges:

  • Create and modify scheduled shifts, and view (but not modify or end) the active shifts.
  • View and modify all aspects of the timeclock, including creating new entries for absences and remote clock-ins.
  • View and modify all aspects of the incident system, including reassigning incidents, though they cannot view a locked incident assigned to someone else.
  • View and modify the HR fields of each employee's record, including pay type, pay rate, and their list of keys and codes.
  • View all reports pertaining to labor hours or costs.
  • Use the Payroll Calculator to do payroll.
  • Add new employees to AngelTrack, and add them to any role except Human Resources.
  • View and modify any employee's role memberships, but cannot modify membership in the Human Resources role (only the Administrator can do that).
  • Reset employee passwords, and unlock employee accounts locked due to too many incorrect password attempts.
  • View the Calendars of Upcoming, in order to allocate manpower.
  • Create, modify, retarget, and expire announcements.
  • Grant employee achievements.
  • Create new certificate types, and deactivate and reactivate existing certificate types.
  • View the narcotics usage reports.

☑ Lieutenant

Lieutenants have the following privileges:

  • View, but not modify, the dispatch board, the schedule, the calendars of upcoming, and the list of closed dispatches. However, Lieutenants cannot view any dispatch's detailed settings and notes.
  • View any crew member's home page to look in on reports and corrections due.
  • View, but not modify, the PCR records for any dispatch, with a view to coaching other crew members in proper recordkeeping.
  • View and modify the list of vehicles, including their certificates, maintenance logs, damage logs, and completed checklists.
  • Record a fuel purchase, view the list of all fuel purchases, modify fuel purchase records, and view the Fuel Status Report.
  • View the charts and graphs of vehicle costs, fuel usage, fuel analysis, and mileage driven.
  • View and modify the lists of stations, including their certificates and completed checklists.
  • View all non-HR fields of anyone's employee settings, including certificates. They can also view any employee's performance statistics.
  • Create, modify, retarget, and expire announcements.
  • View most reports relating to employee performance, including call times and QA statistics.
  • View, but not modify, anyone's time card, including weekly labor hours totals (but not pay rates).
  • Remotely clock-out any hourly employee. Set (but not clear) the "Needs Attention" flag on any timeclock entry.
  • Acknowledge new vehicle damage reports, new checklists with problems, and new fuel receipts with problems.
  • Grant employee achievements.
  • Check AngelTrack's license status, and purchase additional licenses as needed.

☑ Captain

Captains have all of the privileges of Lieutenants plus:

  • View, but not modify, the details of individual dispatches.
  • View, modify, reassign, and close any incident record, though they cannot view a locked incident assigned to someone else.
  • View and modify the lists of lab tests, zones, facilities, and affiliates.
  • View and modify all non-HR fields of anyone's employee settings, including the employee's Certificates and blamed incident list.
  • Set or change timeclock flags on any employee's timecard.
  • View all reports relating to call volume, facility behavior, and on-time performance.
  • View, add to, and modify the collection of prior-authorization documents (PCS, PAN, McPAN).
  • View, but not modify, the QA Review Queue.
  • View, modify, deactivate, and reactivate checklists and checklist items.
  • Create new certificate types, and deactivate and reactivate existing certificate types.

☑ Mechanic

Members of the Mechanic role have the following privileges:

  • View and modify the list of vehicles, including their certificates, maintenance logs, damage logs, and completed checklists.
  • View reports about vehicle certificate holders and vehicle certificate expirations.
  • Record a fuel purchase, view the list of one's past fuel purchases, and view the Fuel Status Report.
  • Acknowledge new vehicle damage reports.
  • View charts and graphs concerning vehicle costs, fuel usage, fuel analysis, and mileage driven.
  • Use the Checklist Queue and the Checklist Shortfall Report to monitor supply level and restock vehicles.

☑ Salesperson

Members of the Salesperson role have the following privileges:

  • Create new announcements, and modify existing announcements.
  • View, modify, and/or close any incident record whose "Cause" field is set to "Facility request for service".
  • View, but not modify, all price schemas.
  • View, but not modify, all facility records and all affiliate records.
  • View, but not modify, all invoices.
  • Use the following reports:
    • Call Volume Heatmap
    • Consummation Rates by Facility
    • On-Time Performance
    • On-Time Pickup
    • Pickup Delays by Facility
    • Pickup Delays Comparison
    • Last to Destination Analysis
    • Last-Minute Bookings by Facility
    • Top Ten Origins
    • Facilities Payor Matrix
    • Call Payor Visualizer
    • Facilities Revenue Analysis
    • Nonbillables by Origin Facility
    • Facilities with a Balance
    • Affiliates with a Balance
    • Pricing Combination Analyzer
  • Record a fuel purchase, view the list of one's past fuel purchases.

☑ Administrator

Members of the Administrator role can read and write any data anywhere in AngelTrack, at any time. They can also:

  • Add and remove employees from the HR role
  • Add and remove employees from the Administrator role
  • View and change all of AngelTrack's configuration settings (under the Settings page)
  • View and add AngelTrack license keys

If you want to know whether you have Administrator access, do the following:

  1. Click on the Supervisor Home icon in the top ribbon.
  2. From the sidebar, select the Employees List link.
  3. Find your record in the list. If you have Administrator access, you will have a check-mark in every role. Or you can click your record, switch to the "Roles" tab, and see its individual privileges.

☑ ★ Principal

Members of the Principal role can do just three things, all of them critical:

  1. Sign the Terms of Service document, binding your company and AngelTrack LLC in the agreement
  2. Alter your retail prices, which are used in many places including the amounts claimed against insurance carriers
  3. Use the Bulldozer to perform bulk moves of dispatches forward or back in the postprocess workflow

No other role is permitted to do these three critical things; not even Administrators. But these are the only privileges conferred by the Principal role.

Only the staff of AngelTrack Headquarters Technical Support can add or remove employees from the Principal role. Normally this role is assigned only to the proprietor, or to the managing partner, or to the general manager. Nobody else should have these privileges.

How to change the designation of Principal employee

If you wish to change the designation of Principal employee, then send an email to AngelTrack Support, using the support email address shown on your server's Support page.

In the email, specify the name of the new Principal employee and also the name of your AngelTrack server. AngelTrack Support will then call the main dispatch office number configured in your AngelTrack server, and ask the dispatcher for confirmation that the person is indeed the new boss, and then make the necessary change in your employee records.

☑ Onlooker

The Onlooker role is for city and state officials who require real-time oversight of your units, and for hospitals and nursing homes who wish to download completed run reports for trips to and from their location. By issuing them an onlooker account, they can login to your AngelTrack server and pull the relevant data.

To learn more about the Onlooker role, read the Onlooker Guide.

☑ Medical Director

Members of the Medical Director role can access the Medical Director Review Queue and perform medical reviews of completed runs, as required by your city and state health regulations. Naturally, your medical director can perform this task remotely over the internet, from home or work or mobile.

When each review is completed, it subsequently appears at the bottom of the QA Review Form.

Medical directors can also use the incident system and the timeclock. They are not targetable by announcements, except via their membership in other security roles.

☑ Doctor

Members of the Doctor role can be selected as the attending doctor in a telemedicine call. The role confers no other privileges.