Skip to content
  • There are no suggestions because the search field is empty.

Control Provider Access with Confidence

Set up team-based Provider permissions without exposing sensitive client data

Team-based Provider access allows administrators to control which Providers each user or team can see, while ensuring sensitive client, case, and service information remains protected.

Instead of Provider access being all-or-nothing, you can now:

  • Grant access to specific Provider records

  • Allow Providers to function as a secure directory

  • Ensure linked People, Services, Cases, and Intakes are only visible when a user already has permission to see them

Important: Services are not displayed directly on the Provider record. Service visibility continues to follow existing rules and appears in the Services Workload View.

Why Provider access works differently

Provider records often bring a lot of information together in one place. When a provider works with many clients or programs, giving unrestricted access can accidentally expose client details that a staff member doesn’t need to see.

Many users only need:

  • Provider name and address

  • Contact information

  • Services offered or licensing details

They do not need access to:

  • Client lists

  • Service notes

  • Case or Intake details

Team-based Provider access separates Provider visibility from client and service visibility, so staff can get what they need without overexposing data.

How Provider Access Works

Provider access is determined by three layers working together:

  1. Role permissions: Define what actions a user can take with Providers.

  2. Provider access lists:  Define which specific Providers a user or team can see.

  3. Existing permissions for related records:  Control whether People, Services, Cases, or Intakes appear within a Provider.

💡Having access to a Provider does not automatically grant access to linked records.

Step 1: Configure Provider permissions in roles

  1. Go to Admin → Roles 

  2. Select an existing role or create a new one

  3. Locate the Provider Management permission section

  4. Choose the appropriate access level:

  • None: User cannot view Provider records
  • Limited Access (recommended for most users): The user can view the providers they are granted access to, but linked data is restricted
  • All Access:  The user can manage the providers they are granted access to

Best practice: Use Limited Access by default and reserve All Access for Admin or Provider-management roles.

Step 2: Grant access to Providers

Provider visibility is granted explicitly. It is not inherited automatically from roles.

Grant access to an individual Provider

  1. Open a Provider record

  2. Navigate to the Access section

  3. Add the appropriate users or teams

  4. Save your changes

Those users or teams can now view that Provider.

Grant access in bulk (recommended)

  1. Go to the Track Workload View

  2. Select one or more Providers

  3. Choose Edit Access

  4. Assign access to users or teams

  5. Apply changes

Bulk management is the most efficient way to maintain Provider access at scale.

What users will see in the default Provider (directory) view

Visible to the user Not visible to the user
Provider name and address Linked clients
Contact information Service notes
Services offered (Services Workload View) Cases the user does not have access to
License details Intakes the user does not have access to
Provider summary information Other restricted client or service data

This view allows Providers to function as a secure directory, giving staff the information they need to do their work without exposing sensitive client data.

When related records appear

Related People, Cases, and Intakes appear only when:

  • The user already has permission to view those records elsewhere in Casebook

  • The records are relevant to the Provider context

All related lists are automatically filtered to respect existing access rules.

Provider access never overrides Person, Case, or Intake permissions.

Access inheritance and context

Casebook is designed to share only the information a user needs to do their work, while keeping sensitive details protected.

For Providers, this means:

  • Users may see limited Provider context where it’s relevant to their work

  • Sensitive Provider information remains hidden unless access is explicitly granted through roles and Provider access lists

This approach helps staff stay productive while maintaining privacy and appropriate data boundaries.

Managing Provider access over time

Provider access is designed to support shared responsibility and change over time.

  • Multiple users or teams can be assigned to the same Provider

  • Access can be updated as staff change roles or programs

  • You do not need to rely on the “Assigned Staff” field for security

This reduces manual maintenance and keeps permissions accurate.

User Type Role Permission Provider Access Method Use Case
Frontline workers Limited Access Team-based Look up Provider contact information without seeing client data

Supervisors and program managers

Limited Access

Team-based with selective additions

Oversee Providers tied to their program and assigned work
Provider coordinators Limited or Full Access (based on responsibilities) Individual or team-based Maintain Provider records and manage provider relationships
System and organization admins Full Access Individual  Configure permissions, audit access, and maintain data integrity

Best practices

  • Start with Limited Access

  • Grant access to specific Providers only

  • Use teams instead of individuals where possible

  • Review Provider access during onboarding and offboarding

  • Treat Providers as directory-first, not case-first