Skip to main content

User Roles and Access

The Medical Second Opinion (MSO) System is a role-based platform that assigns specific permissions and access levels to each user type. This ensures that every participant in the second-opinion workflow — from case creation to completion — can perform their tasks efficiently while maintaining data confidentiality and compliance with Saudi health data regulations.

1. User Roles Overview

The system defines three main user roles, each responsible for specific functions within the MSO process.

1.1 Requester

  • Represents the healthcare institution or organization submitting a medical second opinion request.
  • Creates and manages new cases on behalf of patients.
  • Uploads patient information, clinical documents, and case details.
  • Reviews the recommendations submitted by providers.
  • Views reported issues related to the case.
  • Can request, accept, or reject appointment requests related to the case.
  • Can create and manage patient profiles.
  • Can review invoices generated for their institution.

1.2 Provider

  • A specialized medical expert assigned by the Admin to review submitted cases.
  • Can accept or reject assigned cases.
  • Reviews case details and adds medical recommendations.
  • Flags the case as done once the second opinion is completed.
  • Can report, edit, delete, or resolve issues related to the case.
  • Can request, accept, or reject appointments related to the case.

1.3 Admin

  • Manages users, institutions, cases, and overall platform operations.
  • Assigns providers to new cases submitted by requesters.
  • Can report, edit, delete, or resolve case issues.
  • Can request, accept, or reject appointments related to the case.
  • Manages service prices and billing details.
  • Reviews all invoices across institutions.
  • Creates and manages institutions.
  • Creates and manages patients.
  • Oversees general platform compliance and performance.

2. Case Management Workflow

The case management process defines how cases move between different users in the MSO System.

2.1 Case Lifecycle

  1. Creation: Requester creates a new case and submits it with required documents.
  2. Assignment: Admin reviews the request and assigns the case to a qualified Provider.
  3. Acceptance/Rejection: Provider reviews the assigned case and either accepts or rejects it.
  4. Review and Recommendation: Provider conducts a detailed medical review and submits a recommendation.
  5. Completion: Provider flags the case as done once the review is finalized.
  6. Issue Reporting: Admin or Provider can report, delete, edit, or resolve issues within the case. Requesters can view issues for transparency.
  7. Appointments: Admin, Provider, and Requester can request an appointment related to the case. Providers and Requesters can accept or reject appointment requests.
  8. Invoices: Admin and Requester can review invoices linked to completed cases.

3. Access Levels and Permissions

FunctionalityRequesterProviderAdmin
Create Case🔒🔒
Assign Case🔒🔒
Accept/Reject Case🔒🔒
Add Recommendation🔒🔒
Flag Case as Done🔒🔒
Report/Edit/Delete/Resolve Issues🔒
View Issues
Request Appointment
Accept/Reject Appointment
Manage Service Prices🔒🔒
Review Invoices🔒
Manage Institutions🔒🔒
Manage Patients🔒

4. Authentication and Account Access

4.1 Login Process

1.Go to the official MSO System login page.
2.Enter your registered Email and password.
3.Click Login.

Login

4.2 Password and Security Guidelines

  • Passwords must include a minimum of 8 characters.
  • Do not share credentials or store them insecurely.
  • If you forget your password, use the Reset option on the login page to reset it securely.

4.3 Reset Password

  • From the login page, click on Reset
  • Enter registered email
    Reset Password Enter Email

  • From the email, click on Reset Password button
    Reset Password Email
  • Enter register email with the new password and confirm the password
    Update Password Form
  • Click Update Password

5. Account Management

There are two main ways to create user accounts in the MSO System:

1. Self-Registration (Requester and Provider)

  • Requesters and Providers can register directly through the authentication (login) page.
  • They must fill out the registration form with all required details.
  • An account verification email is sent automatically after submission.

Requester account validation:

  • When creating a Requester (institution) account, the requester must upload a valid institutional license.
  • This license is verified via a governmental service API.
  • The requester’s account remains inactive until the license validation is successfully approved.

Provider account validation:

  • When creating a Provider account, a verification email is sent to confirm the email address.
  • No governmental validation is required, and once verified, the account becomes active immediately.

2. Admin Registration

  • Admin users can create new Requester and Provider accounts from the User Management page.
  • Admin accounts themselves can only be created by another existing Admin (no public registration).

5.2 Account Deactivation

User access can be deactivated when:

  • The user leaves their organization.
  • The institution's access agreement ends.
  • A policy or security violation occurs.

6. Session Management and Logout

Users are automatically logged out after a period of inactivity to ensure system security.
To log out manually:

  1. Click the profile icon in the upper-right corner.
  2. Select Logout from the dropdown menu.
  3. Confirm when prompted.