CPOE User Roles & Permissions
Role Definitions
Attending Physician
- Description: Board-certified physician with full, independent ordering privileges.
- Scope: Can order medications (including controlled substances), laboratory tests, imaging studies, and procedures for patients under their care.
- Credentials Required: Active medical licence (DOH or DHA), MOH unified licensing record, UAE MOH controlled substance authorisation (for CDa/CDb prescribing).
Resident Physician
- Description: Physician in post-graduate training with supervised ordering privileges.
- Scope: Can order most items; CDa controlled substances require attending co-signature; may have formulary-level restrictions per training programme.
- Credentials Required: Active training licence (DOH/DHA), assigned supervising attending.
Nurse Practitioner / Physician Assistant
- Description: Advanced practice provider with ordering privileges within defined scope of practice.
- Scope: Can order within collaborative agreement; CDa ordering dependent on individual MOH controlled substance authorisation.
- Credentials Required: DOH/DHA licence, collaborative practice agreement on file, MOH controlled substance authorisation if applicable.
Pharmacist
- Description: Clinical pharmacist with verification and advisory role. Cannot create orders but critical for controlled substance dual verification.
- Scope: Verify orders, flag safety concerns, perform dual verification for CDa medications, recommend alternatives.
- Credentials Required: DOH/DHA pharmacist licence, MOH registration.
Registered Nurse
- Description: Cannot independently create orders. Can enter verbal/telephone orders on physician's behalf (requires co-signature within 24 hours).
- Scope: Read-only access to orders; verbal order entry; order clarification requests; MAR acknowledgement.
- Credentials Required: DOH/DHA nursing licence.
Unit Clerk
- Description: Administrative staff supporting order management workflows.
- Scope: Can enter verbal orders on behalf of physicians (requires physician co-signature within 24 hours); can print, track, and manage order queues.
- Credentials Required: Facility employment; role assignment by department manager.
Permission Matrix
| Function | Attending MD | Resident MD | NP/PA | Pharmacist | RN | Unit Clerk |
|---|---|---|---|---|---|---|
| View orders | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Create medication order | ✓ | ✓ ^1^ | ✓ ^1^ | ✗ | ✗ | ✗ |
| Create lab order | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Create imaging order | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Enter verbal/telephone order | ✓ | ✓ | ✓ | ✗ | ✓ ^2^ | ✓ ^2^ |
| Order CDa controlled substance | ✓ ^3^ | Co-sign required ^4^ | ✓ ^3^ | ✗ | ✗ | ✗ |
| Order CDb controlled substance | ✓ | ✓ | ✓ ^3^ | ✗ | ✗ | ✗ |
| Modify active order | Own orders | Own orders | Own orders | ✗ | ✗ | ✗ |
| Cancel / discontinue order | Own orders + supervised | Own orders | Own orders | Safety cancel ^5^ | ✗ | ✗ |
| Override CDS alert (soft-stop) | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Override CDS alert (hard-stop co-sign) | ✓ | ✗ — requires attending | ✗ — requires attending | ✗ | ✗ | ✗ |
| Execute order set | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Dual-verify CDa prescription | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ |
| Pharmacy queue: verify order | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ |
| View order audit log | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Break-the-glass access | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Manage order set templates | Dept chairs only | ✗ | ✗ | ✓ ^6^ | ✗ | ✗ |
^1^ May have formulary-level restrictions per training programme or collaborative agreement. ^2^ Requires physician co-signature within 24 hours; CDa verbal orders blocked. ^3^ Only if MOH controlled substance authorisation is on file. ^4^ Resident enters order; supervising attending co-signs before transmission to UEP. ^5^ Pharmacist may place safety-related hold or cancel with documented clinical justification; ordering provider notified. ^6^ Pharmacist (clinical pharmacy lead) can propose order set content; final approval by P&T committee.
UAE Controlled Substance Ordering Privileges
Per Federal Decree-Law No. 30/2021 and Ministerial Decree No. 379/2019 (UEP):
| Role | CDa-Narcotic (Sch 1–3) | CDa-Psychotropic (Sch 4–6) | CDb (Sch 7–8) | UEP Access |
|---|---|---|---|---|
| Attending MD (with MOH CS auth) | ✓ | ✓ | ✓ | Submit + query |
| Attending MD (without MOH CS auth) | ✗ | ✗ | ✓ | Query only |
| Resident MD | Co-sign by attending | Co-sign by attending | ✓ | Query only |
| NP/PA (with MOH CS auth) | ✓ | ✓ | ✓ | Submit + query |
| NP/PA (without MOH CS auth) | ✗ | ✗ | ✓ | Query only |
| Pharmacist | Verify / dual-verify | Verify / dual-verify | Verify | Query + dispense confirmation |
| RN | ✗ | ✗ | Verbal order (CDb only, 24 h co-sign) | ✗ |
| Unit Clerk | ✗ | ✗ | ✗ | ✗ |
Self-prescribing prohibition: Article 82 of Decree-Law 30/2021 prohibits any provider from prescribing controlled substances to themselves. The system enforces ordering_provider_id ≠ patient_id for all controlled substance orders.
Telehealth prohibition: Controlled substance prescribing is prohibited during telehealth encounters. The system blocks CDa and CDb order entry when encounter_type = 'telehealth'.
Context-Based Restrictions
Patient Relationship
- Attending: Can order for patients on their service (attending of record) or patients for whom they have covering privileges.
- Resident: Can order only for patients on their rotation assignment; system validates against rotation schedule.
- NP/PA: Can order for patients per panel assignment or coverage agreement; validated against collaborative agreement scope.
- Emergency department: All ED providers can order for any patient registered to the ED (location-based override).
Time-Based
- Resident orders placed between 22:00–06:00 trigger notification to supervising attending.
- Controlled substance orders placed outside business hours (20:00–06:00) flagged for next-day compliance review.
- Verbal orders entered during night shift have 24-hour co-signature clock starting from the timestamp of entry (not from the next business day).
Location-Based
- Remote access (VPN from outside hospital network) requires multi-factor authentication (MFA) — ADHICS V2 mandate.
- High-risk medication orders (chemotherapy, anticoagulants, insulin drips) require on-site presence — blocked from remote workstations.
- Operating room context: Only anaesthesia and surgical attending can order for patients with active surgical encounter.
Role Hierarchy
Chief Medical Officer
├── Medical Director / Deputy CMO
│ ├── Department Chairs
│ │ ├── Attending Physicians
│ │ │ ├── Senior Residents (PGY-3+)
│ │ │ ├── Junior Residents (PGY-1–2)
│ │ │ └── Fellows
│ │ └── Nurse Practitioners / Physician Assistants
│ └── Pharmacy Director
│ ├── Clinical Pharmacists
│ └── Staff Pharmacists
└── Chief Nursing Officer
├── Nursing Directors
│ ├── Nurse Managers
│ └── Charge Nurses
│ ├── Registered Nurses
│ └── Unit Clerks
Permissions inherit downward: a Department Chair has all Attending MD permissions plus order set management. The CMO has break-the-glass authority and can override any role restriction with full audit logging.
Escalation Paths
| Scenario | From | To | SLA |
|---|---|---|---|
| Order clarification needed | RN / Pharmacist | Ordering provider | 1 hour (routine), 15 min (STAT) |
| CDS hard-stop override approval | Resident / NP/PA | Supervising attending | 30 minutes |
| Formulary exception request | Ordering provider | Pharmacy director → P&T committee | 24–48 hours |
| Controlled substance co-signature | Resident | Supervising attending | 4 hours |
| Verbal order co-signature overdue | System | Ordering physician → department chair → compliance | 12 h reminder, 24 h escalation |
| Pharmacy safety hold | Pharmacist | Ordering provider | 1 hour |
| UEP rejection | System | Ordering provider + compliance officer | Immediate |
Break-the-Glass Emergency Access
Scenario
Medical emergency requiring immediate order entry for a patient outside the provider's normal assignment, or when normal authentication is unavailable.
Procedure
- User clicks "Emergency Access" button on the CPOE locked screen.
- System displays warning: "This action will be audited and reviewed. Proceed only for genuine patient safety emergency."
- User enters: - Reason for emergency access (required free text, minimum 20 characters) - Patient identifier (MRN or Emirates ID)
- System grants temporary elevated ordering privileges for that patient: - Duration: 15-minute timeout (auto-revokes) - Scope: All order types except CDa controlled substances (CDa requires UEP approval regardless)
- All actions logged with: - User ID and role - Timestamp (start and end) - Reason provided - IP address and workstation ID - Every order placed, viewed, or modified during the session
- Notifications sent automatically: - Compliance officer notified within 1 hour - Patient's attending physician notified - Department chair notified if user is outside their department
- Post-access review: Compliance team reviews within 24 hours; valid uses documented in patient chart; invalid uses result in progressive disciplinary action.
NABIDH Break-the-Glass Alignment
Per NABIDH Standards for Health Information Consent & Access Control v1 (Feb 2025):
- Break-the-glass events are reported to NABIDH
- Patient receives notification of emergency access via portal (if registered)
- Audit log shared with NABIDH on request
Audit
- 100% of break-the-glass events reviewed by compliance
- Monthly aggregate report to CMO
- Invalid use results in access suspension pending investigation
- Audit log retention: 5 years (ADHICS V2)