Supersedes: June 1, 2007 Effective: December 9, 2009

Similar documents
Access to Electronic Health Records Policy Franciscan Health System

DEPARTMENTAL POLICY. Northwestern Memorial Hospital

Regulatory Compliance Policy No. COMP-RCC 4.03 Title:

JMH User Access Request Form

EXPRESSPATH PROVIDER PORTAL USER GUIDE AUGUST 2013

Access Control Policy

CAQH ProView. Practice Manager Module User Guide

MEDICAL TRAINEE DATA FORM (This information is required for all medical students)

Surgical Center of Greensboro/Orthopaedic Surgical Center Div of Surgical Care Affiliates

COMPREHENSIVE REMOTE ACCESS AGREEMENT FOR PRIVATE MEDICAL PRACTICES OR NURSING HOMES

Policy No.: CR006_07. Title: Delegated Credentialing and Recredentialing Policy QM CR 04 02, CR 07 08

The Internet and 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

Frequently Asked Questions regarding Nurse Practitioners and Protocol Agreements

PHYSICIAN APPLICATION FOR EMPLOYMENT

Chapter 2 Security Table of Contents

Delegation of Services Agreements Change in Regulations

BEHAVIORAL HEALTH PROVIDER PROFILE FORM

Management of Access and Permissions to the ERP and STATS Systems

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development

Clinician Add/Change Application Form

LOCUM TENENS APPLICATION Page 1 of 4

8.03 Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Compliance for Students

The George Washington University Hospital

Training Guide for Florida Practitioners and Pharmacists. Florida Department of Health Prescription Drug Monitoring Program

Caldwell Community College and Technical Institute

HIPAA POLICY PROCEDURE GUIDE

PRACTITIONER CREDENTIALING APPLICATION Advanced Practice Nurse Prescriber, Certified Nurse Midwife, Physician Assistant

The Basics of HIPAA Privacy and Security and HITECH

*Signature: Trained by:

EDI Support Services

Authorized. User Agreement

Virginia Commonwealth University Information Security Standard

Streamlined Access to PECOS, EHR, and NPPES. November 15, 2013

EFFECTIVE DATE: 10/04. SUBJECT: Primary Care Nurse Practitioners SECTION: CREDENTIALING POLICY NUMBER: CR-31

Patient Privacy and HIPAA/HITECH

How To Bill Medicaid As An Individual Physician Or Non-Physician Practitioner

PROVIDER APPLICATION

Administrative Procedures Memorandum A1452

ICT USER ACCOUNT MANAGEMENT POLICY

HIPAA Breach Notification Policy

To Apply for BlueCross BlueShield of South Carolina and BlueChoice HealthPlan

Compliance Document for Holland Public Schools, G-768

Independent Contractor Information CRNA

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

ANESTHESIOLOGIST ASSISTANT PROTOCOL INSTRUCTIONS AND INFORMATION

3.Prescriber DEA: 4.Board Registration Number: 5.Business Tel:

Chronic Disease Management

ANCILLARY PROVIDER APPLICATION FOR PARTICIPATION PHYSICIANS HEALTH PLAN PO Box 30377, Lansing, MI

SANGER BANK ONLINE BANKING AGREEMENT AND DISCLOSURE

NATIONAL PROVIDER IDENTIFIER (NPI) APPLICATION/UPDATE FORM

HealthInfoNet HELP DESK REFERENCE GUIDE. Revised on Page 1 of 26

Hamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)

CITY OF BOULDER *** POLICIES AND PROCEDURES

Musina Local Municipality. Information and Communication Technology User Account Management Policy -Draft-

STANDARD ADMINISTRATIVE PROCEDURE

Security Frequently Asked Questions And General Information

Usage Policy of GCRI

Denver Public Schools - East High School

UNITED BEHAVIORAL HEALTH (UBH) PROVIDER NETWORK PARTICIPATION FREQUENTLY ASKED QUESTIONS Release Date:

Oregon Prescription Drug Monitoring Program. Terms & Conditions of Account Use Agreement. Statutory Authority:

PHYSICIAN ASSISTANT PROVIDER PROFILE FORM

New Jersey Physician Recredentialing Application (Please type or print)

Online Account Management Broker s User Guide

Stewart Secure User Guide. March 13, 2015

Nursing Home Facility Implementation Overview

FAQs for OPEN PAYMENTS Mobile for Physicians & OPEN PAYMENTS Mobile for Industry

Department of Medicine Faculty Checklist New Hire

Clinical Observership Program

FAQs for OPEN PAYMENTS Mobile for Physicians & OPEN PAYMENTS Mobile for Industry

If you have any questions about this notice, please contact Mimi McNichol ext. 223.

Last Name First Middle

College of Education Computer Network Security Policy

Identity & Access Frequently Asked Questions (FAQs)

NURSE PRACTITIONER/PHYSICIANS ASSISTANT APPLICATION GENERAL INFORMATION. Last Name First Middle. Place of Birth Social Security #

How to Utilize the Security Portal to Access PDMP (User Guide for Practitioners, Pharmacists, CRNPs, Physician Assistants, Law Enforcement, and CNMs)

HEALTH INFORMATION MANAGEMENT SERVICES

NOTICE OF THE NATHAN ADELSON HOSPICE PRIVACY PRACTICES

HIPAA Privacy & Security Training for Clinicians

Provider Selection Criteria for PreferredOne Participating Certified Registered Nurse Anesthetists

Alberta Health Services Identity & Access Management (IAM) Alberta Netcare Access Request Process User Reference Guide

NOVA SCOTIA DRUG INFORMATION SYSTEM

DEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

PDMP User s Guide. Oregon Health Authority Prescription Drug Monitoring Program

Caldwell Community College and Technical Institute

How To Monitor A Municipality

Physician, Health Care Professional, Facility and Ancillary Provider Administrative Guide for American Medical Security Life Insurance Company

Visiting Residents enrolled in ACGME-accredited specialty and sub-specialty training programs in JCAHO accredited Hospitals in U.S.

M E M O R A N D U M. Revised Information Technology Security Procedures INFORMATION TECHNOLOGY SECURITY PROCEDURES. I. General

4. No accounting of disclosures is required with respect to disclosures of PHI within a Limited Data Set.

Medical Credentials Management System

Ministry of Children and Family Development (MCFD) Contractor s Information Management Guidelines

University of Limerick Data Protection Compliance Regulations June 2015

PROGRAM PARTICIPANT (STUDENT PARTICIPANT OR FACULTY PARTICIPANT) SIGNS:

California Fetal Death Registration System Participation Agreement

North Carolina Delta Dental s Recredentialing Application

Dental Initial Credentialing Application

Disability Insurance Claim Packet Instructions. Your Disability Benefit Claim. How To Apply For Benefits

Transcription:

FAIRFIELD MEDICAL CENTER Subject: Computer Access and Security ADMINISTRATIVE POLICIES & PROCEDURES Supersedes: June 1, 2007 Effective: December 9, 2009 POLICY Fairfield Medical Center computer access User ID, passwords and security codes will be issued for ALL Center employees, medical residents, graduate medical students and member s of the Medical Staff and their employees after a security agreement is signed. PURPOSE The objective of this policy is to delineate guidelines for computer access so as to maintain security of data, protection of files and consistency of information regarding use of the system. This policy applies to all employees of the Center or its affiliates who have or are responsible for a computer account or any form of access that supports or requires a password on any system that resides at any Center facility, has access to the Center network or stores any non-public Center information. PROCEDURE I. ESTABLISHING USER ACCOUNTS A. Fairfield Medical Center Staff New Employee 1. All employees are required to electronically acknowledge the Systems Access Security Agreement form (see Attachment A). within Active Staffer in the orientation process. 2. Assignment of systems to be accessed by the user will be determined by the user s manager. A log of these preferences, organized by unit and position, will be kept in the Learning and Development Department and updated yearly. 3. Selection of the approved systems will be documented on the New Employee Network Security Request Form (see Attachment B) for each new user by the Learning and Development staff based on infor mation from the log. 4. Learning and Development staff will for ward complete forms to the Systems Depar tment. 5. The Systems Access Security Agreement form will be electronically stored in Active Staffer until the employee resigns or is terminated. B. Fairfield Medical Center Staff: Established Employee 1. Employees requiring additional or changed security access will need to apply for these privileges by having their manager place a request with the Help Desk. The Help Desk will create a ticket and forward it to the appropriate Systems administrator. 2. Systems staff will ensure the Systems Access Security Agreement form has previously been completed and is on file, or will have the user accept the Systems agreement form on Active Staffer. Systems staff will ensure that the access requested is appropriate. 3. The Systems Access Security Agreement form will be electronically stored in Active Staffer where it will be kept until the employee resigns or is terminated. C. Physicians, Licensed Individual Pr actitioners (LIP) and Medical Students 1. The Medical Staff Office completes the Request to Add New Physician form (see Attachment C) and e-mails it to the Systems Programmer for physicians and LIP s. 2. After all requested computer accounts have been established, the Physician Clinical Analyst will shar e the usernames and passwords with the physician during their orientation and obtain their signature on the Systems Access Security Agreement form. 3. Medical Students and Residents will complete their orientation with the program coordinator. The Systems Access Security Agreement form will be completed at this time in paper format and electronically scanned to the Physician Clinical Analyst for account creation. Accounts will be established per the physician protocol. Usernames, passwords and computer training will be shared with the medical student or resident by the Physician Clinical Analyst following account cr eation. Page 1 of 8

FAIRFIELD MEDICAL CENTER Subject: Computer Access and Security ADMINISTRATIVE POLICIES & PROCEDURES Supersedes: June 1, 2007 Effective: December 10, 2009 4. The completed Systems Access Security Agreement form will be forwarded to the electronically shared folder where it will be kept until the practitioner is no longer affiliated with FMC. D. Physician Office Staff and Other Entities Requesting Por tal Access II. 1. Entities such as extended care facilities, home health care agencies, and medical offices using FMC for patient results and information necessary to care for their patients must obtain and complete or have on file a Business Agreement form prior to receiving systems access. 2. The request for access to the Center s portal is generated through a call to the Help Desk or through the Systems Physician Clinical Analyst who will cr eate the Help Desk ticket. 3. The requesting office or facility will be sent a Systems Access Security Agreement form by the Help Desk, Portal Administrator or Physician Clinical Analyst upon receiving the request or Help Desk ticket. The completed form can be returned via fax, interoffice mail, or postal mail to the Systems depar tment. 4. The Physician Clinical Analyst will telephone or visit the user to release their username and password and provide education as applicable to the individual s needs. MANAGING USER ACCOUNTS A. Portal accounts not used in 90 days shall be disabled. The account may be reestablished by following the Established Employee protocol above. B. Physicians and LIP s will update their Systems Access Security Agreement form every three years upon their reapplication of privileges with the Center. This form will be included in their application packet. C. Employees will update their Systems Access Security Agreement form yearly by January 31 through Active Staffer. Failure to complete required annual systems access secur ity agreement by Januar y 31 will result in: 1. A notice of delinquency will be sent to the employee and his/her manager, noting failure to complete required agreement by the deadline and giving notice of a grace period of 14 days in which to complete the required agreement. Employee will also receive an unacceptable r ating on his/her next performance appraisal. 2. If not completed by February 15, a second notice of delinquency will be sent to the employee, his/her manager and Human Resources. The notice will outline that the employee has failed to complete the required agreement for the year and is to be removed from the scheduled immediately until completion of the r equired agreement. This will count as an attendance occurrence under FMC s Attendance Policy. The manager will notify the employee of his/her removal from the schedule. 3. Once completed, the employee may return to work. The manager will notify Human Resources that the employee has returned to work. 4. If the employee has not completed the required agreement by February 28, the employee will be removed from active status. 5. An employee returning from LOA during December or January will have 30 days from his/her return to work date to complete the required agreement. The process listed above will be invoked should the employee not complete the required education within the 30 -day period. D. All physician office staff and other outside agency staff will update a paper version of the Systems Access Secur ity Agreement form yearly by January 31. Failure to meet this deadline will result in deactivation of their personal portal account. Page 2 of 8

ATTACHMENT A FAIRFIELD MEDICAL CENTER SYSTEMS ACCESS SECURITY AGREEMENT (Last name, First name, Middle initial), have read, understand, and will comply with the following: I am the only person authorized to use my password(s) and user ID(s). I will not disclose my password(s) or user ID(s) to anyone. I will not attempt to learn another person s password(s)/user ID(s). I will not attempt to access information by using a password(s) or user ID(s) other than my own. I will retrieve or attempt to retrieve from the computer system only medical data that is directly related to the treatment of patients with whom I have a clinical relationship or those patients for whom I have been asked to provide a consultation or for approved educational or research purposes. I agree to maintain the confidentiality of all such patient data. I will access patient data only as required by my employment or medical staff responsibilities or for approved educational or research purposes. It is my responsibility to logout of the system. I will not, under any circumstances, leave a computer terminal to which I have logged in unattended. If I have reason to believe that the confidentiality of any of my password(s)/user ID(s) has been compromised, I will contact the Systems Department immediately so that my password(s)/user ID(s) can be deleted and a new password(s)/user ID(s) assigned to me. I will immediately report any known or suspected breach of the confidentiality of the system or records/data obtained from it to the Medical Information Services manager. I understand that my password(s)/user ID(s) will be deleted from the system when I am no longer employed or have privileges at this institution or when my job duties do not require access to the medical record database. I will immediately report any such status change to the Systems Department. I understand my access will be automatically deactivated after 90 days of non-use. I understand that medical records confidentiality is required by law, and that there are statutes specifically mandating the confidentiality of, among other areas, mental health, HIV, and drug and alcohol-related treatment records. I understand that any fraudulent application, violation of confidentiality or any violation of the above provisions may result in disciplinary action from termination of access to the system or appropriate medical staff or University disciplinary measures up to and including termination of my employment with the University or the hospital. I understand that the Systems department maintains an audit trail of accesses to patient information that records the user, date, and patient identification of all accesses to electronic medical records. I understand that my access rights are subject to periodic review, revision and annual renewal. I understand that if I do not accept these restrictions of access I may be denied access or have access terminated to relevant computer systems and networks. Applicant Printed Name: Office/Department/Unit: Title/Position: For Students: Start Date End Date Physician Preceptor: E-Mail Address: Telephone Number: Signature Date Supervisor of Person Approving Issuance of this Account: Name: Telephone Number: Title/Position: Signature Date

ATTACHMENT B FAIRFIELD MEDICAL CENTER NEW EMPLOYEE NETWORK SECURITY REQUEST FORM Department: Dept. Code: Date: Manager/Supervisor (please print): Ext: User s Legal Name (please print): First: Middle Initial: Last: Credentials: Position: Employee #: Security Access required for the following Applications (Manager/Supervisor should check all that apply): Help Desk Network Login Username: Password: Portal (You will be prompted to set your own password the first time you log in.) PaceArt E-mail Email Address: @fmchealth.org Network folder needed Network Path: PMM/PFM Username: Password: Compliance Checker Username: Password: Encompass, MUSE Username: Password: Other: Wellness Connection, Synapse, Username: Password: Provation, HSM, PHS Operations (AS400) AS400 Username: Password: Security Code: Clinical Documentation Horizon Expert Documentation (HED) Username: Password: ED Tracking Board Username: Lab Password: Lab System Username: Password: Accounting/Systems API/Report Express Username: Password: Active Staffer

ATTACHMENT C Fairfield Medical Center Request to Add New Physician Date Requested Physician Number Name (Last, First, Middle Initial Physician Type ( MD, DO, PA, etc) Office Address City, State, Zip Telephone Number (Including Area Code) Fax Number (Including Area Code) Date of Birth Date on Staff Status Code Medical Service Code Specialty Code State License Number Federal DEA Number Medicaid Provider Number Medicare Provider Number UPIN Number NPI Number Comments: Physician Privileges: Systems Requested: Request For: Admitting AS 400 Discharge AD/PACS Ordering Portal Orientation Date/Time: Termination Date: Date of Last Log In:

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information