CPSI determines ePHI risk level of user based on all the permissions, securities, applications etc., assigned to the user

HIPAA Security rule requires us to determine what users have what level of access to ePHI. With all the different security switches, applications, behaviors, and screens allowed to different individuals (since most of your clients are small facilities and all users may wear multiple hats so the cookie cutter roles don't cover all that some users may be responsible for), It would be great if CPIS had an algorithm that would determine the access level to ePHI for us based on the role and the number of permissions, securities, etc assigned to not only that role, but if any additional permissions in CPSI were assigned to the individual. Get rid of "Security Switches" and incorporate it all into Applications, Behaviors, and Screens and then give an overall score of how much or little access the user would have to e-PHI throughout all the Thrive, ThriveUX, and TWC platforms.