590 likes | 724 Views
iSite 3.5: Security Administration I. Table of Contents. Objectives Terminology Security Overview User Account Management Define Access Groups Assign User Privileges. Learning Objectives. Understand the purpose and configuration of:. Adding Users Adding Access Groups
E N D
Table of Contents • Objectives • Terminology • Security Overview • User Account Management • Define Access Groups • Assign User Privileges
Learning Objectives Understand the purpose and configuration of: • Adding Users • Adding Access Groups • Assigning Security Codes to Access Groups • Resetting User Passwords
Terminology • PACS (Picture Archive and Communications System) • Information Systems designed to manage, store and distribute medical images and related information throughout the healthcare enterprise • HIS (Hospital Information System) • Information Systems designed to manage patient records; including patient registration, billing, order entry • RIS (Radiology Information System) • Information Systems designed to manage exams (orders); including filling orders and scheduling
Terminology • MRN (Medical Record Number) • A unique patient identifier (also known as Patient ID) used for auditing of billing and scheduling for patients • Accession Number (ACCession Number) • A unique exam identifier (also known as an order number or requisition number) used for auditing of billing and scheduling of scheduled procedures • SUID (Study Instance Unique IDentifier) • A unique study identifier used for auditing of performed imaging service requests
Terminology • DICOM (Digital Imaging COmmunication in Medicine) • DICOM is the predominant communication standard between imaging equipment throughout the Healthcare Enterprise • HL7 (Health Level 7) • HL7 is the predominant messaging standard for exchanging key sets of administrative and clinical data in the healthcare enterprise
Security Overview • Security Administration is the management of Users, Access Groups and Security Codes to ensure that users have the permissions and therefore the functionality necessary to perform their job functions • User Accounts using iSite User Database • Users must belong to at least one Access Group • Access Groups are assigned Security Codes • Security Codes designate permissions • Access Group Security Codes are cumulative
Security Overview Security Code User Security Code User Security Code Access Group User Security Code User Security Code User Security Code User Security Code User Security Code Access Group User Security Code User Security Code User
Security Overview • User Accounts using iSite User Database • Background: • Users must be members of at least one Access Group • An Access Group is made up of Multiple Security Codes • Each Security Code designates a function • Need to review the Default Access Group Settings and modify any Security Codes to fit your needs • User determined passwords - If users forget passwords, the iSite System Administrator can only Reset password • First time users login or if password Reset • Password = User ID or Username • Users cannot re-use their previous 10 passwords
Security Overview • Password default = “UserID” • Users are prompted to change password at initial log-in • iSite Administrator may reset passwords • Password Enforcement: • Users may not re-use previous 10 passwords • Minimum password length = 3 characters • iSite Enterprise = NO maximum log-in attempts • iSuite = 3 maximum log-in attempts
Security Overview • Session Timeouts are assigned to Access Groups • Session Timeout = xx minutes • Default Session Timeouts = 20 minutes (max) • Auto Logouts may be assigned to individual Workstations in the iSite client Machine Preferences • Auto Logout overrides Session Timeout • Auto Logout = xxxxx seconds • Auto Logout may be utilized for workstations requiring lengthy periods of inactivity (O.R.) or to accommodate high traffic zones (E.R.)
User Account Management • In iSuite, select the ‘Sys Admin’ module • Click the ‘Security’ tab
User Account Management • To add a new user, from the pull-down menu select ‘Users’ and click ‘continue’
User Account Management • Click the ‘add new’ button
User Account Management • An empty User Information page is displayed
User Account Management • Fill in the user information as requested • Enter the user’s name (Last, First) • Give the user a ‘Title’ in accordance to their role; this has no use in iSite other than for organized user management • The ‘Employee #’ field also has no specific use in iSite • Assign a User ID
User Account Management • Fill in the user information as requested • Select the user’s default organization in the drop-down ‘Primary Org’ box • Select the number of days to force the user to change the password in the ‘Chg PW Days’ - The maximum is 999 days • Currently, ‘Discount Approval’ has no functionality in iSite • Check the ‘Active’ box for a currently active user account
User Account Management • Once information is complete, click “add” to create a new user
User Account Management • To assign the user to an Access Group, select the ‘+ - access groups’ button
User Account Management • Administrators must be familiar with the definitions of the access groups before assigning users to them • Assigning users to inappropriate access groups could compromise sensitive data
User Account Management • Select the Access Group(s) to which the user will belong • Click the ‘ok’ button
User Account Management • User Information screen returns and the Access Groups for the user are displayed • iSite Enterprise cannot be used by the new user until the user has been assigned to at least one access group
User Account Management • If a user forgets their password, it can be reset in iSuite from the User Information screen • Select the ‘reset pw’ button • The password is immediately reset to the default password, which is the same as the ‘User ID’
Define Access Groups • When creating an access group, a set of security codes is grouped together, thereby enabling access to the modules and options in which users can work • Changes made to an access group concerning associated security codes affects all users assigned to that access group • If a user is logged into iSite Enterprise when you edit their access group information, changes to user privileges do not take effect until the user logs out of iSite Enterprise and then logs back into the system
Security by Organization • Users can view patients who belong to the same organization as the Access Group(s) with which the users are associated • Organizations are designated via Access Group setup • If a user belongs to multiple Access Groups which have different organizations, the user has the cumulative security rights and access to all patients in all associated organizations • For example, if a user is given Mark Read security in Access Group A of ORG A and the user also belongs to Access Group B of ORG B which does not grant Mark Read rights, the user has Mark Read rights for both ORG A and ORG B
Security by Organization • With Security by Organization, a user cannot access exams that are not in the user’s organization(s) • If a Patient’s History Timeline contains exams that were performed at different organizations, the user will only have access to view those exams that were acquired at the organization to which the user belongs
Define Access Groups • To create a new access group, select Access Groups from the pull-down menu and click continue
Define Access Groups • Click the ‘add new’ button in the Access Groups window
Define Access Groups • Enter all pertinent information to define and describe the new Access Group
Define Access Groups • Enter the title of the role in the Name field • Enter the description of the role in the Description field • Check the Active box for a currently active Access Group • Determine the length of the Session Timeout assigned to this Access Group • Session Timeout = xx minutes • Default Session Timeouts = 20 minutes (max)
Security by Organization • iSite 3.5 Security by Organization feature allows customers to prevent specific users or user groups from accessing exams in organizations (ORGs) to which they do not have clinical privileges • This gives customers from institutions in competitive situations an additional level of access security
Security by Organization • Security by Organization supports multi-organization customers sharing an iVault who do not want users from one organization to view patients from another organization for patient confidentially reasons
Security by Organization • Users can view patients who belong to the same organization as the Access Group(s) with which the users are associated • Organizations are designated via Access Group setup • If a user belongs to multiple Access Group(s) which have different organizations, the user has the cumulative security rights and access to all patients in all associated organizations • For example, if a user is given Mark Read security in Access Group A of ORG A and the user also belongs to Access Group B of ORG B which does not grant Mark Read rights, the user has Mark Read rights for both ORG A and ORG B
Security by Organization • With Security by Organization, a user cannot access exams that are not in the user’s organization(s) • If a Patient’s History Timeline contains exams that were performed at different organizations, the user will only have access to view those exams that were acquired at the organization to which the user belongs
Security by Organization • Philips recommends that all customers verify their Access Group configurations to ensure that they are associated with the desired organization(s)
Security by Organization • If the iSite System Administrator does not want to restrict user access enforced by Security by Organization, the iSite System Administrator should make sure that all Access Groups are configured to associate with the “Enterprise” umbrella organization immediately after the upgrade • This gives users with Access Groups configured with the “Enterprise” organization access to patients across all organizations
Security by Organization • Features Not Impacted by Security by Organization • Security by Organization does not apply to system-wide features such as Public Folders • For example, if User A in ORG A is given security code access to Public Folders that contain patient exams from ORG A and ORG B, User A will have access to view those exams from ORG B. Likewise, if User A (in ORG A) is given security code access to Merge Patients, User A can merge patients from multiple organizations
Security by Organization • The following features are not affected by Security by Organization: • Public Folders • Viewing Access: Exceptions • Merge Candidates List • System Preferences: Window Width/Center • System Preferences: Image Processing • System Preferences: DICOM Sources • System Preferences: Screen Overlays • System Preferences: Paper Printing • System Preferences: Print to Film • System Preferences: System Plug Ins • System Preferences: System Filters • System Preferences: iExport • System Preferences: iQuery
Define Access Groups • After entering all the pertinent information, click ‘add’
Define Access Groups • Information is saved and the access group created appears as an editable entry • From the window shown here, the entries can be changed and security codes may be added
Define Access Groups • Click the ‘+ - security codes’ button to add security codes to this access group
Define Access Groups • Select the security codes to grant access to the group just created • Click the ok button
Define Access Groups • Access Group entry window reappears and clicking the update button finalizes the changes
AssignUserPrivileges • PACS Admin Team shall have all features and functions available (SYSADMINALL Access Group) • Caution: To enable Exceptions Handler Tab for iSite Enterprise the ISTSUPPORTSecurity Code must be active for the related Access Group; however, ISTSUPPORT allows Access Groups withISTUSRPREF active to access System Preferences and Machine Preferences as well
Assign User Privileges • The following list demonstrates all necessary Access Groups that may be created to assign the appropriate permissions to all iSite users based upon previous experiences • PACS Administration Team • Quality Assurance Clinical Staff • Information Technology (Support and Security) • Radiologists • Radiology Residents • Clinical Supervisors, Leads, and 3rd Shift Techs (Radiologic Technologists) • Staff Radiologic Technologists • Clerical Staff • Medical Staff Specialists (Cardiologists, Endoscopy and Surgeons) • Medical and Clinical Staff (Physicians, Nurses) • EMR Integration Access Group