diff --git a/modules/candidate_profile/test/TestPlan.md b/modules/candidate_profile/test/TestPlan.md
index 664ad07c5c6..53bda8a7767 100644
--- a/modules/candidate_profile/test/TestPlan.md
+++ b/modules/candidate_profile/test/TestPlan.md
@@ -50,6 +50,7 @@ that widget (ie. the media module for CandID 587630 (DCC090) or CandID 300001 (M
 4. Ensure that, when the module which added the extra `CandidateInfo` terms
    is disabled, the terms from that module no longer show up in the
    `Candidate Info` card.
+5. Ensure that you can always only see visits from projects that you are affiliated with.
 
 All other widgets are part of other modules, and should be tested as
 part of that module's testing.
diff --git a/modules/timepoint_list/php/timepoint_list.class.inc b/modules/timepoint_list/php/timepoint_list.class.inc
index 9ec68246c77..107ffcf5806 100644
--- a/modules/timepoint_list/php/timepoint_list.class.inc
+++ b/modules/timepoint_list/php/timepoint_list.class.inc
@@ -99,15 +99,12 @@ class Timepoint_List extends \NDB_Menu
             },
             $listOfSessionIDs,
         );
-
-        if ($user->hasPermission('access_all_profiles') === false) {
-            $listOfTimePoints = array_filter(
-                $listOfTimePoints,
-                function ($timePoint) use ($user) {
-                    return $timePoint->isAccessibleBy($user);
-                }
-            );
-        }
+        $listOfTimePoints = array_filter(
+            $listOfTimePoints,
+            function ($timePoint) use ($user) {
+                return $timePoint->isAccessibleBy($user);
+            }
+        );
 
         /*
          * List of visits
diff --git a/modules/timepoint_list/test/TestPlan.md b/modules/timepoint_list/test/TestPlan.md
index 7e9a020ce34..f9e7990b69c 100644
--- a/modules/timepoint_list/test/TestPlan.md
+++ b/modules/timepoint_list/test/TestPlan.md
@@ -5,6 +5,7 @@
     - For a candidate of a different site than your user, ensure that either 
         - `access_all_profiles` permission is required 
         - or that the candidate's registration site is the same as the user's site
+    - Ensure that you can always only see visits from projects that you are affiliated with.
 2. **Action buttons** 
     - For a candidate of a different site than your user, attempt to access the timepoint list via the url. The page should load with a message of 'Permission Denied'.
     - For a candidate of the same site as your user, there should be up to 3 additional buttons: