Nutrition Management User Roles & Permissions
Home / Clinical Modules / Nutrition Management / Roles & Permissions

Nutrition Management User Roles & Permissions

This document defines role-based and context-based access control for the Nutrition Management (nutrition) module of the Gates Group HIS, aligned with UAE regulations (Federal Law No. 2 of 2019, UAE PDPL, DOH ADHICS, DHA/NABIDH). It covers inpatient dietary workflows, nutrition screening/assessment, meal production, tray delivery, and enteral/parenteral nutrition management.

Role Definitions

Note: Authentication, user lifecycle, and global roles are defined in ../ehr-patient-mgmt/02-roles-permissions.md. This file defines module-specific roles and permissions for Nutrition.

1. Clinical Dietitian

  • Description
    Licensed clinical dietitian providing direct patient care: nutrition screening review, comprehensive assessments, care plans, diet order review, and monitoring of EN/TPN adequacy.

  • Typical UAE Job Titles

  • Clinical Dietitian
  • Inpatient Dietitian

  • Senior Dietitian (non-managerial)

  • Scope of Access

  • Patients:
    • All inpatients and day-care patients in assigned facilities/wards.
    • Outpatients only where a nutrition referral/encounter exists.
  • Data (within Nutrition module):
    • Full read/write on:
    • nutrition_screening (view, update risk interpretation; not overwrite nursing entries)
    • nutrition_assessments (create/modify own assessments)
    • diet_orders (review, suggest changes; may modify if local policy allows dietitian-initiated orders)
    • meal_plans, meal_service_records (view; limited edit for intake notes)
    • enteral_parenteral_orders (view; propose changes, cannot sign orders)
    • food_allergen_alerts (view; propose updates)
    • Read-only on:
    • menu_items, menu_cycles, diet_type_definitions, kitchen_production_orders, tray_tickets.

  • Exclusions:

    • No access to billing configuration or financial reports beyond nutrition KPIs.
    • No cross-facility access unless explicitly assigned.

  • Reporting Hierarchy

  • Reports to: Chief Dietitian or Head of Nutrition Services.
  • Collaborates with: Physicians, Nursing, Pharmacy, Kitchen Manager.
  • No direct staff management responsibilities.

2. Chief Dietitian

  • Description
    Departmental leader responsible for clinical governance of nutrition services, menu design, diet policies, quality indicators, and staff oversight.

  • Typical UAE Job Titles

  • Chief Dietitian
  • Head of Clinical Nutrition

  • Nutrition Services Manager

  • Scope of Access

  • Patients:
    • All patients receiving nutrition services in the facility(ies) under their remit.
  • Data:
    • All Clinical Dietitian permissions (inherits all Clinical Dietitian permissions).
    • Administrative/configuration access:
    • Full CRUD on diet_type_definitions, menu_items, menu_cycles.
    • Configure nutrition screening tools and thresholds.
    • Access to nutrition_assessments, nutrition_screening, meal_service_records, enteral_parenteral_orders for quality review.
    • Access to Nutrition Analytics Dashboard (SCR-NUT-008) across facilities they manage.

  • Exclusions:

    • No ability to change enterprise-wide security policies; that remains with HIS/System Admin.

  • Reporting Hierarchy

  • Reports to: Clinical Support Services Director / Chief Medical Officer / Chief Operating Officer (depending on facility structure).
  • Manages: Clinical Dietitians, Diet Technicians (professionally), may co-manage Kitchen Manager.

3. Diet Technician

  • Description
    Technical staff supporting dietitians in implementing diet orders, assembling trays, recording intake, and managing floor stock.

  • Typical UAE Job Titles

  • Diet Technician
  • Nutrition Assistant

  • Diet Aide (clinical)

  • Scope of Access

  • Patients:
    • Inpatients on assigned wards/units and meal services.
  • Data:
    • Read-only:
    • diet_orders, meal_plans, food_allergen_alerts, tray_tickets for assigned wards.
    • Write:
    • meal_service_records (delivery time, consumption %, satisfaction score, notes).
    • Intake documentation fields exposed via Tray Assembly & Delivery (SCR-NUT-007).
    • Floor stock logs (if implemented in nutrition module).

  • Exclusions:

    • Cannot create/modify diet orders or nutrition assessments.
    • No access to configuration of menu items or diet types.

  • Reporting Hierarchy

  • Reports to: Clinical Dietitian (functional) and/or Chief Dietitian.
  • Operationally coordinated with: Kitchen Manager and Nursing.

4. Kitchen Manager

  • Description
    Operational manager for kitchen production, inventory, and staff scheduling; ensures compliance with food safety and halal standards.

  • Typical UAE Job Titles

  • Kitchen Manager
  • Food Services Manager

  • Catering Manager (Hospital)

  • Scope of Access

  • Patients:
    • All inpatients in the facility for the purpose of meal production and delivery (name, bed, diet type, allergens, but not full clinical details).
  • Data:
    • Read:
    • diet_orders (limited view: diet type, texture, restrictions, allergens).
    • meal_plans, tray_tickets, food_allergen_alerts.
    • Write:
    • kitchen_production_orders (create/update per meal service).
    • tray_tickets operational fields (status, preparation notes).
    • menu_items, menu_cycles operational attributes (availability, stock status) where delegated by Chief Dietitian.
    • Analytics:
    • Access to operational KPIs (tray counts, waste, production completion times).

  • Exclusions:

    • No access to clinical notes, lab values, or detailed nutrition assessments.

  • Reporting Hierarchy

  • Reports to: Hospital Support Services Manager / Facilities & Hospitality Director.
  • Collaborates with: Chief Dietitian, Clinical Dietitians, Kitchen Staff.

5. Kitchen Staff

  • Description
    Frontline staff preparing meals, assembling trays, and performing temperature logging.

  • Typical UAE Job Titles

  • Cook
  • Food Service Worker
  • Tray Line Staff

  • Catering Assistant

  • Scope of Access

  • Patients:
    • Only identifiers necessary for tray assembly and delivery: patient name, MRN, bed, diet type, allergens, special instructions.
  • Data:
    • Read-only:
    • kitchen_production_orders (assigned meal services).
    • tray_tickets (assigned trays).
    • Write:
    • Preparation status updates (e.g., prepared, plated).
    • Temperature logs associated with production orders.

  • Exclusions:

    • No access to nutrition assessments, screening, or EN/TPN orders.
    • No access to analytics dashboards.

  • Reporting Hierarchy

  • Reports to: Kitchen Manager.

6. Nurse

  • Description
    Clinical nurse responsible for initial nutrition screening, administering enteral feeding, and documenting intake.

  • Typical UAE Job Titles

  • Registered Nurse (RN)
  • Staff Nurse

  • Charge Nurse (with same module permissions as RN)

  • Scope of Access

  • Patients:
    • Patients assigned to their ward/shift; ED/ICU nurses may have broader access within their unit.
  • Data:
    • Read:
    • diet_orders, meal_plans, food_allergen_alerts, enteral_parenteral_orders, nutrition_assessments (read-only).
    • Write:
    • nutrition_screening (create/update initial screening).
    • meal_service_records (intake/consumption where required).
    • EN administration details (if documented within nutrition module).

  • Exclusions:

    • Cannot configure diet types, menu items, or screening tools.
    • Cannot sign EN/TPN orders (view/administer only).

  • Reporting Hierarchy

  • Reports to: Nurse Manager / Charge Nurse.
  • Collaborates with: Physicians, Dietitians, Diet Technicians.

7. Physician

  • Description
    Licensed physician responsible for ordering diets, EN/TPN, and reviewing nutrition assessments.

  • Typical UAE Job Titles

  • Consultant Physician
  • Specialist / Registrar

  • Resident (with supervised privileges)

  • Scope of Access

  • Patients:
    • Patients under their care (attending-of-record, consulting, or covering physician).
  • Data:
    • Read:
    • All nutrition-related data for their patients: diet_orders, meal_plans, meal_service_records, nutrition_screening, nutrition_assessments, enteral_parenteral_orders, food_allergen_alerts.
    • Write:
    • diet_orders (create/modify/cancel).
    • enteral_parenteral_orders (create/modify/cancel EN/TPN orders).
    • Order-level instructions impacting meal plans (e.g., NPO, fluid restriction).

  • Exclusions:

    • No access to configure menu items or diet types.
    • No direct access to kitchen production configuration.

  • Reporting Hierarchy

  • Reports to: Department Head / Medical Director.
  • Collaborates with: Dietitians, Nurses, Pharmacists (for TPN).

8. Nutrition Analytics / Quality Analyst (Optional Module Role)

  • Description
    Non-clinical analyst role focused on nutrition KPIs, waste, and quality improvement.

  • Typical UAE Job Titles

  • Clinical Quality Analyst
  • Performance Improvement Officer

  • Business Intelligence Analyst (Clinical Services)

  • Scope of Access

  • Patients:
    • Access to de-identified or minimally identified data where possible (e.g., MRN masked) for analytics.
  • Data:
    • Read-only access to aggregated data from:
    • nutrition_screening, nutrition_assessments, meal_service_records, kitchen_production_orders, tray_tickets, enteral_parenteral_orders.
    • Access via Nutrition Analytics Dashboard (SCR-NUT-008) and reporting tools.

  • Exclusions:

    • No write access to clinical or operational records.
    • No access to detailed patient identifiers unless explicitly approved and justified (e.g., for case review).

  • Reporting Hierarchy

  • Reports to: Quality & Patient Safety Department or Clinical Governance.

Permission Matrix

Legend:

  • βœ… = Allowed
  • ❌ = Not allowed
  • πŸ”’ = Conditional (depends on facility policy, assignment, or additional approvals)
Permission / Functionality Clinical Dietitian Chief Dietitian Diet Technician Kitchen Manager Kitchen Staff Nurse Physician Nutrition Analytics / Quality
Patient & Census Access
View patient dietary census (SCR-NUT-002) βœ… βœ… βœ… (assigned wards) βœ… βœ… (limited) βœ… (own ward) βœ… (own patients) πŸ”’ (aggregated only)
View basic patient identifiers (name, MRN, bed) βœ… βœ… βœ… βœ… βœ… βœ… βœ… πŸ”’ (pseudonymised)
View full patient demographics (via EHR link) πŸ”’ πŸ”’ ❌ ❌ ❌ πŸ”’ πŸ”’ ❌
Diet Orders (diet_orders)
View diet orders βœ… βœ… βœ… βœ… (limited fields) βœ… (diet type only) βœ… βœ… πŸ”’ (de-identified metrics)
Create new diet order πŸ”’ (per policy) πŸ”’ (per policy) ❌ ❌ ❌ ❌ βœ… ❌
Modify existing diet order πŸ”’ (per policy) πŸ”’ (per policy) ❌ ❌ ❌ ❌ βœ… ❌
Cancel / discontinue diet order πŸ”’ (per policy) πŸ”’ (per policy) ❌ ❌ ❌ ❌ βœ… ❌
Override diet-allergen conflict warning πŸ”’ (with justification) βœ… ❌ ❌ ❌ ❌ πŸ”’ (with justification) ❌
Nutrition Screening (nutrition_screening)
View nutrition screening records βœ… βœ… βœ… ❌ ❌ βœ… βœ… βœ… (aggregated)
Create initial nutrition screening ❌ ❌ ❌ ❌ ❌ βœ… ❌ ❌
Edit nutrition screening (clarifications) βœ… (interpretation only) βœ… ❌ ❌ ❌ πŸ”’ (within time window) ❌ ❌
Configure screening tools & thresholds ❌ βœ… ❌ ❌ ❌ ❌ ❌ ❌
Nutrition Assessment (nutrition_assessments)
View nutrition assessments βœ… βœ… πŸ”’ (summary only) ❌ ❌ βœ… βœ… βœ… (de-identified)
Create new nutrition assessment βœ… βœ… ❌ ❌ ❌ ❌ ❌ ❌
Modify own nutrition assessment βœ… βœ… ❌ ❌ ❌ ❌ ❌ ❌
Modify any nutrition assessment ❌ πŸ”’ (for QA corrections) ❌ ❌ ❌ ❌ ❌ ❌
Meal Plans & Service (meal_plans, meal_service_records)
View patient meal plans βœ… βœ… βœ… βœ… βœ… βœ… βœ… βœ… (aggregated)
Generate meal plan from diet order βœ… βœ… ❌ ❌ ❌ ❌ πŸ”’ (via CPOE order sets) ❌
Edit meal plan (within diet constraints) βœ… βœ… ❌ ❌ ❌ ❌ ❌ ❌
Record meal delivery time πŸ”’ πŸ”’ βœ… πŸ”’ βœ… πŸ”’ ❌ ❌
Record consumption percentage βœ… βœ… βœ… ❌ πŸ”’ βœ… ❌ ❌
Record patient meal satisfaction score βœ… βœ… βœ… ❌ πŸ”’ βœ… ❌ ❌
Menu & Diet Types (menu_items, menu_cycles, diet_type_definitions)
View menu item library βœ… βœ… βœ… βœ… βœ… βœ… βœ… βœ…
Create / edit menu items πŸ”’ (nutritional fields) βœ… ❌ πŸ”’ (availability, stock) ❌ ❌ ❌ ❌
Activate / deactivate menu items πŸ”’ βœ… ❌ πŸ”’ ❌ ❌ ❌ ❌
Manage menu cycles (create/edit) πŸ”’ βœ… ❌ πŸ”’ (operational fields) ❌ ❌ ❌ ❌
Manage diet type definitions πŸ”’ βœ… ❌ ❌ ❌ ❌ ❌ ❌
Kitchen Production & Tray Tickets (kitchen_production_orders, tray_tickets)
View kitchen production dashboard (SCR-NUT-006) πŸ”’ βœ… πŸ”’ βœ… βœ… πŸ”’ πŸ”’ βœ… (aggregated)
Generate production orders ❌ πŸ”’ ❌ βœ… ❌ ❌ ❌ ❌
Update production status ❌ πŸ”’ ❌ βœ… βœ… ❌ ❌ ❌
View tray tickets πŸ”’ βœ… βœ… βœ… βœ… πŸ”’ πŸ”’ ❌
Edit tray ticket special instructions βœ… βœ… πŸ”’ πŸ”’ ❌ πŸ”’ πŸ”’ ❌
Scan tray barcode for assembly ❌ ❌ βœ… πŸ”’ βœ… ❌ ❌ ❌
Scan tray + wristband for delivery ❌ ❌ βœ… ❌ πŸ”’ βœ… ❌ ❌
Food Allergen Alerts (food_allergen_alerts)
View food allergen alerts βœ… βœ… βœ… βœ… βœ… βœ… βœ… πŸ”’ (de-identified)
Create/modify food allergen alerts πŸ”’ (propose) πŸ”’ (approve) ❌ ❌ ❌ ❌ ❌ ❌
Override non-critical allergen alert (with justification) πŸ”’ πŸ”’ ❌ ❌ ❌ ❌ πŸ”’ ❌
Enteral & Parenteral Orders (enteral_parenteral_orders)
View EN/TPN orders βœ… βœ… πŸ”’ (summary) ❌ ❌ βœ… βœ… βœ… (aggregated)
Create EN/TPN order ❌ ❌ ❌ ❌ ❌ ❌ βœ… ❌
Propose EN/TPN regimen (draft) βœ… βœ… ❌ ❌ ❌ ❌ πŸ”’ (via CPOE CDS) ❌
Modify EN/TPN order ❌ ❌ ❌ ❌ ❌ ❌ βœ… ❌
Record EN administration details πŸ”’ (if dietitian-administered) πŸ”’ ❌ ❌ ❌ βœ… ❌ ❌
Reporting & Analytics (SCR-NUT-008)
View patient-level nutrition KPI dashboard βœ… (own patients/facility) βœ… (all managed facilities) ❌ πŸ”’ (operational metrics) ❌ πŸ”’ (own ward) πŸ”’ (own patients) βœ… (aggregated, de-identified)
Export de-identified nutrition data πŸ”’ (for research, with approval) πŸ”’ ❌ ❌ ❌ ❌ ❌ βœ… (per policy)
Security & Oversight
Break-the-glass access to restricted nutrition records πŸ”’ πŸ”’ ❌ ❌ ❌ πŸ”’ πŸ”’ ❌
View nutrition module audit logs πŸ”’ (own actions) βœ… (department scope) ❌ πŸ”’ (operational logs) ❌ πŸ”’ (own actions) πŸ”’ (own actions) πŸ”’ (aggregated)

Notes:

  1. πŸ”’ (per policy) indicates permissions that may be enabled for specific facilities under documented governance (e.g., dietitian-initiated diet orders allowed in some UAE hospitals).
  2. All patient-level access is further constrained by context-based rules (facility, department, treating relationship, shift) described below.
  3. Export of data for research or external reporting must comply with UAE PDPL and Federal Law No. 2 of 2019, with ethics and management approvals.

Role Hierarchy

flowchart TD A["Hospital Executive / COO / CMO"] --> B["Clinical Support Services Director"] B --> C["Chief Dietitian"] C --> D["Clinical Dietitian"] C --> E["Diet Technician"] B --> F["Hospital Support Services / Facilities Director"] F --> G["Kitchen Manager"] G --> H["Kitchen Staff"] A --> I["Chief Nursing Officer"] I --> J["Nurse Manager / Charge Nurse"] J --> K["Nurse"] A --> L["Medical Director / Department Heads"] L --> M["Physician"] B --> N["Quality & Patient Safety Director"] N --> O["Nutrition Analytics / Quality Analyst"] C -.inherits clinical nutrition permissions.-> D C -.oversight of.-> E G -.operational oversight of.-> H

Inheritance Principles

  • Chief Dietitian inherits all Clinical Dietitian permissions plus configuration and quality oversight capabilities.
  • Nurse Manager / Charge Nurse inherit Nurse permissions but may have additional reporting/override rights defined in nursing module.
  • Kitchen Manager inherits all Kitchen Staff operational permissions plus production planning and limited configuration rights.
  • Nutrition Analytics / Quality Analyst does not inherit clinical write permissions; access is strictly read-only and often de-identified.

Context-Based Access Rules

Context-based controls ensure that Nutrition module access adheres to UAE data protection and health data confidentiality requirements.

1. Facility-Based Restrictions (Multi-Facility)

  1. Users are assigned one or more facility_ids in the central users / user_facility_assignments tables.
  2. Nutrition module queries must enforce: - diet_orders.facility_id IN (user_assigned_facilities) - Same pattern for meal_plans, kitchen_production_orders, tray_tickets, nutrition_assessments, etc.
  3. Cross-facility access is disabled by default; enabling requires: - Documented business justification (e.g., centralized nutrition service). - Approval by Data Protection Officer / Compliance.
  4. Nutrition Analytics / Quality roles may access aggregated cross-facility data where patient identifiers are removed or pseudonymised.

2. Department- and Ward-Based Restrictions

  1. Nurses, Diet Technicians, and Kitchen Staff are assigned to departments/wards.
  2. Access to patient-level nutrition data is limited to: - Patients currently admitted to the user’s ward/department (via encounters.location_id / departments.department_id). - Exceptions:
    • Dietitians may have cross-ward access within their facility.
    • Kitchen Manager/Staff may view tray tickets across all wards for production and delivery.
  3. When a patient is transferred: - ADT-triggered workflow (WF-NUT-006) updates routing and access; previous ward staff lose access after a configurable grace period (e.g., 2 hours).

3. Patient Relationship Requirements

  1. Physicians: - Can access nutrition data only for patients where they are:
    • Attending-of-record, or
    • Listed as consulting/covering provider in encounters or assignment tables.
  2. Clinical Dietitians: - Can access:
    • Patients with active diet orders or nutrition referrals in their facility.
    • Patients flagged as moderate/high risk in nutrition_screening for their facility.
  3. Nurses: - Access limited to patients assigned to their current shift/ward.
  4. Kitchen Staff / Manager: - Access limited to data required for meal production and delivery (diet type, allergens, bed, name). - No access to detailed clinical notes or lab values.
  5. Nutrition Analytics / Quality: - Default access to de-identified datasets. - Any patient-identifiable access requires documented case review or investigation purpose and higher-level approval.

4. Time-Based Access (Shift-Based)

  1. For Nurses, Diet Technicians, and Kitchen Staff: - Access is limited to active shift windows (e.g., Β±30 minutes from scheduled shift start/end). - Outside shift hours, access to patient-level nutrition data is blocked unless:
    • User is on-call and flagged as such in scheduling system.
  2. For Clinical Dietitians: - Standard access during working hours; after-hours access may be limited to:
    • On-call dietitian(s) for urgent consults.
  3. Audit logs must capture: - User shift status at time of access. - Whether access occurred during or outside scheduled hours.

5. Emergency / On-Call Overrides

  1. In emergencies (e.g., rapid deterioration requiring urgent EN/TPN decisions, ICU admission), on-call clinicians may need broader access: - On-call Physicians and Dietitians can access nutrition data for any patient in the emergency/ICU department during the emergency episode.
  2. Emergency overrides must: - Be time-limited (e.g., 2–4 hours). - Be tied to a documented emergency encounter or code event. - Be fully audited and subject to post-event review.

Break-the-Glass (BTG) Procedures

BTG is required when a user needs access to nutrition-related data that is normally restricted by facility, department, or treating relationship rules, especially for sensitive nutrition data (e.g., in sealed-envelope mental health or VIP cases).

1. When BTG is Required

  • Accessing nutrition records of: 1. Patients outside the user’s assigned facility or department in an emergency. 2. Patients marked as VIP / restricted (e.g., public figures, staff patients). 3. Patients whose records are sealed due to sensitive conditions where nutrition data may reveal underlying diagnoses (e.g., eating disorders, bariatric surgery, HIV-related wasting).
  • Examples:
  • ICU dietitian covering for another facility during a mass casualty incident.
  • On-call physician needing to review EN/TPN orders for a patient admitted under a different service.

2. BTG Workflow

  1. User attempts to access restricted nutrition record.
  2. System displays BTG warning: - β€œYou are attempting to access a restricted nutrition record. This access will be fully audited and reviewed. Proceed only if necessary for patient care.”
  3. User must: - Select reason code (e.g., emergency care, on-call coverage, clinical consultation). - Enter free-text justification.
  4. System: - Grants temporary access to nutrition data for that patient (scope-limited, e.g., 30–60 minutes). - Flags all subsequent actions on that patient’s nutrition records as BTG-related in audit logs.
  5. Optional: Immediate notification to: - Chief Dietitian (for nutrition-related BTG events). - Data Protection Officer / Compliance for VIP or highly sensitive cases.

3. Audit Trail Requirements

For each BTG event, the system must record:

  • User ID and role.
  • Patient ID and encounter ID.
  • Timestamp (start and end of BTG session).
  • Reason code and free-text justification.
  • Data objects accessed (tables, records, screens).
  • Actions performed (view, edit, export).
  • Access context (facility, department, workstation, IP).

Audit logs must be:

  • Immutable and tamper-evident.
  • Retained per UAE healthcare data retention requirements (often β‰₯ 15 years for clinical records).
  • Searchable by compliance and internal audit teams.

4. Post-Access Review Process

  1. Daily or weekly automated report of BTG events sent to: - Chief Dietitian (for nutrition-related BTG). - Information Security / Data Protection Officer.
  2. Each BTG event is reviewed for: - Clinical appropriateness. - Consistency between justification and actions taken.
  3. Outcomes: - Valid: Documented as appropriate emergency access. - Questionable: Clarification requested from user and line manager. - Invalid / Misuse: Escalated to HR and compliance; may result in disciplinary action and role restriction.
  4. For repeated misuse: - Role reassessment and potential revocation of BTG privileges.

5. UAE PDPL & Federal Law No. 2/2019 Implications

  • BTG is justified under:
  • Healthcare exemption for necessary processing for diagnosis/treatment (PDPL Art. 10).
  • Clinical necessity under Federal Law No. 2 of 2019 for ICT use in health fields.
  • However:
  • BTG must be exceptional, not routine.
  • Data minimization still applies: only nutrition data necessary for care should be accessed.
  • BTG events must be included in the facility’s records of processing activities and may be reviewed by regulators (UAE Data Office, DOH, DHA) if requested.

Segregation of Duties

Segregation of duties reduces the risk of fraud, errors, and inappropriate data access in the Nutrition module.

1. Conflicting Role Combinations

The following combinations must not be assigned to the same user account:

  1. Chief Dietitian + Nutrition Analytics / Quality Analyst - Risk: Ability to both configure data and control interpretation/metrics without independent oversight. - Mitigation: Analytics role should be separate, reporting to Quality/Patient Safety.

  2. Chief Dietitian + System Administrator (global) - Risk: Ability to bypass access controls and modify audit logs. - Mitigation: Technical administration separated from clinical leadership.

  3. Kitchen Manager + Clinical Dietitian - Risk: Single user could both prescribe diets and control production/inventory, reducing checks and balances. - Mitigation: Maintain separation between clinical and operational responsibilities.

  4. Kitchen Staff + Nurse - Risk: Non-clinical staff gaining clinical documentation privileges. - Mitigation: Distinct accounts; if a staff member legitimately holds both roles, separate logins or strict context switching with enhanced audit.

  5. Physician + Nutrition Analytics / Quality Analyst - Risk: Potential misuse of analytics access to review non-patient panel data. - Mitigation: Physicians should access only patient-level data for their own patients; analytics role reserved for non-treating staff with de-identified data.

2. Dual Sign-Off Requirements

Certain high-risk actions require dual sign-off or multi-role involvement:

  1. Diet Type & Menu Configuration Changes - Action: Creating or significantly modifying diet_type_definitions or menu_cycles that affect therapeutic diets (e.g., renal, diabetic). - Required:

    • Initiator: Chief Dietitian.
    • Approver: Clinical Governance / Medical Director or Nutrition Committee.
    • System Implementation:
    • Changes remain in β€œpending” state until approved by a second authorized user.

  2. Deactivation of Key Menu Items Used in Therapeutic Diets - Action: Deactivating core items (e.g., renal-safe protein supplements). - Required:

    • Initiator: Kitchen Manager or Chief Dietitian.
    • Approver: Chief Dietitian (if initiated by Kitchen Manager) or Pharmacy/Clinical Governance (if clinical impact).

  3. Export of Identifiable Nutrition Data for Research - Action: Exporting patient-level nutrition data with identifiers. - Required:

    • Initiator: Nutrition Analytics / Quality Analyst.
    • Approvers: Ethics Committee / Research Office + Data Protection Officer.
    • System Implementation:
    • Export function disabled unless dual approvals recorded and linked to a research protocol ID.

  4. Override of Critical Food Allergen Alerts - Action: Overriding a system block where a selected menu item conflicts with a documented severe food allergy. - Required:

    • Initiator: Clinical Dietitian or Physician.
    • Approver: Chief Dietitian or treating Consultant (depending on policy).
    • System Implementation:
    • Hard-stop alert requiring second user confirmation; both users’ IDs logged.

UAE Regulatory Compliance

This section summarizes how Nutrition module roles and permissions support UAE regulatory requirements.

1. Federal Law No. 2 of 2019 (ICT in Health Fields)

  • Electronic Health Records & Confidentiality
  • Nutrition data (diet orders, assessments, EN/TPN) is part of the electronic health record.
  • Role-based and context-based access controls ensure only authorized staff access nutrition data.
  • Data Localization
  • Nutrition data is stored in UAE-based infrastructure in line with system-wide data residency policies.

2. UAE PDPL (Federal Decree-Law No. 45/2021)

  • Sensitive Personal Data
  • Nutrition data is health data and thus sensitive personal data.
  • Access is minimized by role, facility, department, and treating relationship.
  • Lawful Basis
  • Most nutrition processing is covered by the healthcare exemption (treatment and health system management).
  • Research or non-care uses require explicit consent or ethics approval and are supported by dual sign-off and export controls.
  • Data Subject Rights
  • Patients can request access to their nutrition-related data via patient portal (handled by EHR module; Nutrition module exposes data via APIs).
  • Corrections to nutrition records follow standard amendment workflows with full audit.

3. DOH / DHA Requirements (Malaffi / NABIDH, ADHICS)

  • Health Information Exchange
  • Nutrition-related clinical data (e.g., malnutrition diagnoses, EN/TPN orders) may be shared with Malaffi/NABIDH via EHR integration, subject to emirate policies.
  • ADHICS / NABIDH Security Controls
  • Role-based access, least privilege, and audit logging for Nutrition module align with ADHICS and NABIDH security requirements.
  • BTG and sealed-envelope handling for sensitive cases support enhanced confidentiality controls.

4. TDRA / NESA Cybersecurity

  • Access Control
  • Authentication and authorization are centralized; Nutrition module enforces fine-grained authorization consistent with NESA requirements.
  • Audit & Monitoring
  • All access to nutrition data, especially BTG events and configuration changes, is logged and monitored for anomalies.

5. Cultural and Religious Considerations in UAE

  • Halal and Cultural Preferences
  • Menu and diet type configuration supports halal defaults and cultural/religious dietary preferences.
  • Access to these preferences is limited to roles that need them (Dietitians, Kitchen staff) and treated as part of sensitive personal data.
  • Food Allergen and Safety Regulations
  • Food allergen alerts and temperature logging support compliance with UAE food safety standards and internal hospital policies.

This roles & permissions specification should be implemented in coordination with:

  • Global RBAC and user management (../ehr-patient-mgmt/02-roles-permissions.md)
  • Security and audit logging design (../security/uae-regulations.md, ../security/data-protection.md)
  • Nutrition module data model (./03-data-model.md) and workflow specifications (./01-workflows.md).
← Previous Nutrition Management Workflows Next → Nutrition Management Data Specifications
content/clinical/nutrition/02-roles-permissions.md Generated 2026-02-20 22:54