diff --git a/internal/lib/auth/tycovar.go b/internal/lib/auth/tycovar.go
index 3567cd61..70a6fec2 100644
--- a/internal/lib/auth/tycovar.go
+++ b/internal/lib/auth/tycovar.go
@@ -92,3 +92,7 @@ func (a AuthInfo) IsNurseIntern() bool {
 	}
 	return *a.Intern_Position_Code == string(ero.IPCNurse)
 }
+
+func (a AuthInfo) HasEmployeePosition() bool {
+	return a.Employee_Position_Code != nil
+}
diff --git a/internal/use-case/main-use-case/encounter/case.go b/internal/use-case/main-use-case/encounter/case.go
index 8a006a35..e3d564ff 100644
--- a/internal/use-case/main-use-case/encounter/case.go
+++ b/internal/use-case/main-use-case/encounter/case.go
@@ -78,8 +78,19 @@ func Create(input e.CreateDto) (*d.Data, error) {
 		}
 	}
 
+	// check if user has employee position
+	if !input.AuthInfo.HasEmployeePosition() {
+		event.Status = "failed"
+		event.ErrInfo = pl.ErrorInfo{
+			Code:   "auth-forbidden",
+			Detail: "user has no employee position",
+			Raw:    errors.New("authentication failed"),
+		}
+		return nil, pl.SetLogError(&event, input)
+	}
+
 	// check only user with registration position is allowed to create encounter
-	if input.AuthInfo.User_ContractPosition_Code != string(erg.EPCReg) {
+	if input.AuthInfo.Employee_Position_Code != nil && *input.AuthInfo.Employee_Position_Code != string(erg.EPCReg) {
 		event.Status = "failed"
 		event.ErrInfo = pl.ErrorInfo{
 			Code:   "auth-forbidden",
@@ -328,8 +339,19 @@ func Delete(input e.DeleteDto) (*d.Data, error) {
 	// Start log
 	pl.SetLogInfo(&event, input, "started", "delete")
 
+	// check if user has employee position
+	if !input.AuthInfo.HasEmployeePosition() {
+		event.Status = "failed"
+		event.ErrInfo = pl.ErrorInfo{
+			Code:   "auth-forbidden",
+			Detail: "user has no employee position",
+			Raw:    errors.New("authentication failed"),
+		}
+		return nil, pl.SetLogError(&event, input)
+	}
+
 	// check only user with registration position is allowed to create encounter
-	if input.AuthInfo.User_ContractPosition_Code != string(erg.EPCReg) {
+	if input.AuthInfo.Employee_Position_Code != nil && *input.AuthInfo.Employee_Position_Code != string(erg.EPCReg) {
 		event.Status = "failed"
 		event.ErrInfo = pl.ErrorInfo{
 			Code:   "auth-forbidden",
@@ -517,7 +539,18 @@ func UpdateStatusCode(input e.UpdateStatusDto) (*d.Data, error) {
 				string(erg.EPCDoc),
 			}
 
-			if !pu.Contains(roleAllowedToCancel, input.AuthInfo.User_ContractPosition_Code) {
+			// check if user has employee position
+			if !input.AuthInfo.HasEmployeePosition() {
+				event.Status = "failed"
+				event.ErrInfo = pl.ErrorInfo{
+					Code:   "auth-forbidden",
+					Detail: "user has no employee position",
+					Raw:    errors.New("authentication failed"),
+				}
+				return pl.SetLogError(&event, input)
+			}
+
+			if input.AuthInfo.Employee_Position_Code != nil && !pu.Contains(roleAllowedToCancel, *input.AuthInfo.Employee_Position_Code) {
 				event.Status = "failed"
 				event.ErrInfo = pl.ErrorInfo{
 					Code:   "auth-forbidden",