IMPORTANT INFORMATION REGARDING NEW REMOTE ACCESS …

[Pages:8]IMPORTANT INFORMATION REGARDING NEW REMOTE ACCESS WITH PRINT PROCESSING

In order to apply for access to the new remote access system, the remote portal access agreement must be completed for each physician/office staff user.

? All forms must be signed by the physician for Nurse Practitioners / PA and office managers, all other staff forms can be signed by the office manager.

? All office staff should check off DRRAS (Physician Office Staff / Vendor) on the form and indicate the campus where access is needed.

? All physicians who currently do not have access to portal must complete the form and check off Dashboard.

? All physicians who currently have a remote portal account will automatically have access to this new application.

? Any staff that does not have access to the clinical application must complete the Physician Office Staff request form (instructions are on the form).

? Any vendors that require access should go through their Meridian Health contact.

? All forms to be faxed to Meridian IT Customer Support at (732) 897-7318

? Once access is granted, you will be contacted via email regarding your login information and sent documentation on how you will access the new system. Please do not provide a generic email account (i.e. info@)

? All forms should expect at least a 5 business day turn-around.

System Specifications for Remote Portal Access:

? Windows 2000, Windows XP, Windows 2003. Please note Windows 95 and 98 is not supported.

? Internet Explorer 5.5 or higher ? Citrix ICA Client Version 10 (Instructions will be attached with confirmation email.)

If you have any questions or concerns, please contact IT Customer Support at 732-897-7333.

PORTAL ACCESS REQUEST AGREEMENT

INTRODUCTION: This agreement sets forth the terms and conditions for remote access to certain Meridian Health information systems through the Meridian Portal, including Dashboard/ESA. By signing the Agreement, the person seeking access to information systems states and agrees that they understand all of the terms and conditions of this Agreement and agree to be bound by them. Remote access to the Meridian Health information systems, pursuant to this Agreement, is provided at the sole and absolute discretion of Meridian Health.

AUTHORIZED USE: Authorized remote access to certain components of Meridian Health patient records, as well as access to other information systems, through the Meridian Portal is granted only upon proper execution of this Agreement and submission of the properly authorized request form, which is the last page of this Agreement. Authorized persons using the systems through the Meridian Portal shall be responsible for proper use of the information set forth in this Agreement.

CONFIDENTIALITY: The right of access to the Meridian Health information systems, as covered by this Agreement, is intended to enhance the efficiency, effectiveness, and quality of care for Meridian Health patients. All authorized persons using the right of access shall be personally responsible for maintaining the confidentiality of PHI (Protected Health Information) to the fullest extent as required by professional ethics, as well as the Federal Healthcare Insurance Portability and Accountability Act (HIPAA).

USER ID/PASSWORDS: 1. User shall select passwords that bear no obvious relation to the user, the user's organizational group, or the user's work project, and that is not easy to guess. 2. A user ID and password may only be used by the single, authorized person for whom they are designated. Passwords may not be "shared," "loaned," "transferred," "borrowed," or otherwise used in any fashion with, to, or from any other person. 3. The authorized person for whom a user ID and password is designated, shall be absolutely and unconditionally responsible for their proper use. Use of the user ID/password by the authorized user shall be the equivalent of their signature being affixed to all transactions being entered. 4. For users such as vendors, students, temps, physician office staff, consultants, or any other nonMeridian employee user with remote access to information systems, User agrees to immediately notify IT Security if any username, user ID or password becomes obsolete or available at any time to an unauthorized individual. 5. Passwords may be changed at any time at the discretion of the authorized user. Passwords MUST be changed if the user has any reason to believe the integrity or confidentiality of his/her password has been compromised. 6. If the authorized user has any difficulty at any time with his/her password, the user must contact the IT Customer Support at 732-776-3333 or 732-897-7333 for assistance.

VIOLATIONS: 1. Any Meridian Health information system user who violates this Agreement shall be subject to disciplinary action up to and including revocation of access and termination of employment (or disciplinary action up to and including termination of a physician's medical staff appointment or panel participation in accordance with the Meridian Health medical staff bylaws and rules and regulations). 2. Under HIPAA, a violation of patients' right to privacy may be subject to fines and/or criminal penalties up to $250,000 and imprisonment up to 10 years. 3. Meridian Health shall have the right to revoke passwords at any time with or without cause. If a password has been revoked with cause, at the sole discretion of Meridian Health, a new password will generally not be reissued for at least one year and may never be reissued. Cause for action

Revised:4/4/2007

regarding improper use of the Meridian information system shall include, but may not be limited to, the following:

a) Sharing, lending, transferring, loaning, etc. a User ID/Password to another person. b) Unauthorized access to or use of the information of the computer system. c) Any tampering with any Meridian Health information system d) Any violation of a term or provision of this agreement.

4. If a non-physician, Meridian Health employee uses a physician's access code, such violation shall be considered a Level II disciplinary infraction under the provisions of the noted in the Meridian Health Employee Handbook.

5. If a user who violates this Agreement is a Vendor, Contractor or otherwise has a written employment agreement with Meridian Health, such violation shall be cause for termination of the contract, whether or not such cause is specifically stated in the employment contract. By signing this Agreement, the user agrees that this Agreement is incorporated into their employment contract by this reference.

6. Failure to maintain confidentiality of a patient's condition and/or illness is a Level II infraction.

BUSINESS USAGE: All electronic media is the sole property of Meridian Health. Every Meridian system user is to ensure that this technology is used for proper business purposes and in a manner that does not compromise the confidentiality of proprietary, PHI, patient, or other sensitive information. All users shall be aware by virtue of this Agreement that their use of the information systems will be monitored, and that they shall have no expectation of privacy when using the Meridian information system, including, but not limited to Siemens, Email, and Internet.

SUPPORT: The portal application is supported during normal business hours. System user understands that portal issues occurring outside of normal business hours will be addressed by IT the following business day, during normal business hours.

RESERVATION: Meridian Health reserves the right to change the terms and conditions of this Agreement for any reason, with or without prior notice, in its sole and absolute discretion. Changes may be necessitated by technological changes, by changes in laws or regulations or by budgetary limitations. This is not an all-inclusive list of reasons for change. In addition, Meridian Health may terminate this Agreement at any time in its sole discretion.

Please keep this Agreement for your information and record.

Revised:4/4/2007

Ticket#

Request for Remote Access (Portal Access)

. Please print legibly. Please complete form in its entirety. Illegible or incomplete forms will delay processing. Please note that being granted remote access to an application does not give you access to the application. It gives you the ability to use it remotely if you have an existing sign-on and password for that application.

User's Legal Name: First:

MI:

Company/Practice Name (For Physician Office or Agency/Vendor):

Campus/Location (for MH Employees): JSUMC RMC OMC

Department:

Title:

E-mail address: (Non-generic office e-mail address or personal e-mail address.)

Last:

Corp Other: Work Phone No.:

Type of User:

Meridian Health Employee Physician's Office Staff

Physician Physician Assistant/Nurse Practitioner Agency/Vendor/Consultant

Please indicate only the system(s) to which user is requesting remote access in order to perform your job in accordance with

the Minimum Necessary Standards set by HIPAA. The applications below are the only applications currently available

remotely.

Dashboard Document Imaging E-mail ESA [If you do not have access to ESA, please follow

procedure for enrolling for ESA through selection 23 on your clinical

system master menu.] IDX Lawson

Other (Please specify):

Kronos Matrix Novius PACS DRRAS (Physician Office Staff / Vendor) (Check applicable JSUMC, OMC, RMC) Softmed (specify access)

By signing this document, I acknowledge that I have read and understand the attached Meridian Health Portal Access Request

Agreement. I shall abide by the terms of the Agreement and shall at all times, during and after the course of my tenure at Meridian

Health, maintain the confidentiality of all information (electronic, written, and oral) to which I may have access in the course of my day.

I understand that failure to abide by these terms will result in disciplinary action up to, and including, termination. I have read and

agree to these policies.

Users Signature:

Today's Date:

Name of Manager [Meridian Health Employees only] (Please Print):

Signature of Manager [Meridian Health Employees only]:

Name of Physician or Physician Practice Manager [Physician Practices Only]:

Signature of Physician or Physician Practice Manager [Physician Practices Only]:

Please fax this page to IT Customer Support at (732) 897-7318. Confirmation of access being granted will be sent to the e-mail address provided above no later than two (2) business days after receipt of request. Please contact IT Customer Support on x3333 or 732-776-3333, should you not receive confirmation or if you have any questions regarding this form. Please check your e-mail carrier's "Junk Mail" folder prior to calling as on occasion our confirmation winds up in it.

PLEASE RETAIN AGREEMENT FOR YOUR RECORDS.

Revised:4/4/2007

Meridian Health

User Agreement for Access to Information Systems

INTRODUCTION:

This agreement sets forth the terms and conditions for access to all Meridian Health information systems that are supported by the Information Technology Department (I.T), which include, but are not limited to, Siemens (SMS), Email, Internet, and VPN. By signing this Agreement, the person seeking access to information systems states and agrees that they understand all of the terms and conditions of this Agreement and agree to be bound by them. Access to the Meridian Health information systems, pursuant to this Agreement, is provided at the sole and absolute discretion of Meridian Health.

AUTHORIZED USE: Authorized access to certain components of Meridian Health patient records, as well as access to other information systems, is granted only upon proper execution of this Agreement in addition to submission of the proper authorized request form. The user's level of access will be consistent with user's employment status and functionality. If user has any change in employment status or functionality, it is the user's responsibility to immediately notify the responsible departments so that access can be adjusted accordingly in compliance with the minimum necessary standards. Failure to do so may render the user "unauthorized" and in violation of the terms of this Agreement.. Authorized persons using the systems shall be responsible for proper use of the information set forth in this Agreement.

CONFIDENTIALITY: The right of access to the Meridian Health information systems, as covered by this Agreement, is intended to enhance the efficiency, effectiveness, and quality of care for Meridian Health patients. All authorized persons using the right of access shall be personally responsible for maintaining the confidentiality of the patients information to the fullest extent as required by professional ethics, as well as the Federal Healthcare Insurance Portability and Accountability Act (HIPAA).

USER ID/PASSWORDS: 1. User shall select passwords that bear no obvious relation to the user, the user's organizational group, or the user's work project, and that is not easy to guess. 2. A user ID and password may only be used by the single, authorized person for whom they are designated. Passwords may not be "shared," "loaned," "transferred," "borrowed," or otherwise used in any fashion with, to, or from any other person. 3. The authorized person for whom a user ID and password is designated shall be absolutely and unconditionally responsible for their proper use. Use of the user ID/password by the authorized user shall be the equivalent of their signature being affixed to all transactions being entered. 4. For users such as vendors, students, temps, physician office staff, or any other non-Meridian user with access to information systems, User agrees to immediately notify IT Security if any username, user ID, or password becomes obsolete or available at any time to an unauthorized individual. 5. Passwords may be changed at any time at the discretion of the authorized user. Passwords MUST be changed if the user has any reason to believe the integrity or confidentiality of his/her password has been compromised. 6. If the authorized user has any difficulty at any time with his/her password, the user must contact the Help Desk at 897-7333 for assistance.

TRAINING: 1. The Department shall provide training in the use of certain systems and applications. (Check with your manager or the Help Desk for current schedules). 2. At any time that an authorized user needs or desires, he/she may obtain refresher training in order to receive full authorization.

Revised: 5/18/2007

Page 1 of 4

VIOLATIONS: 1. Any Meridian Health information system user who violates this Agreement shall be subject to disciplinary action up to and including revocation of access and termination of employment (or disciplinary action up to and including termination of a physician's medical staff appointment or panel participation in accordance with the Meridian Hospital medical staff bylaws and rules and regulations). 2. Under HIPAA, a violation of patients right to privacy may be subject to fines and/or criminal penalties up to $250,000 and imprisonment up to 10 years. 3. Meridian Health shall have the right to revoke passwords at any time with or without cause. If a password has been revoked with cause, at the sole discretion of Meridian Health, a new password will generally not be reissued for at least one year and may never be reissued. Cause for action regarding improper use of the Meridian information system shall include, but may not be limited to, the following:

a) Sharing, lending, transferring, loaning, etc. a User ID/Password to another person. b) Unauthorized access to or use of the information of the computer system. c) Any tampering with any Meridian Health information system d) Any violation of a term or provision of this agreement.

4. If a non-physician, Meridian Health employee uses a physician's access code, such violation shall be considered a Level II disciplinary infraction under the provisions of the noted in the Meridian Health Employee Handbook.

5. If a user who violates this Agreement is a Vendor, Contractor or otherwise has a written employment agreement with Meridian Health, such violation shall be cause for termination of the contact, whether or not such cause is specifically stated in the employment contact. By signing this Agreement, the user agrees that this Agreement is incorporated into their employment contract by this reference.

6. Failure to maintain confidentiality of a patient's condition and/or illness is a Level II infraction.

BUSINESS USAGE: All electronic media including, but not limited to, email, MS documents, voice mail, etc., is the sole property of Meridian Health. Every Meridian system user is to ensure that this technology is used for proper business purposes and in a manner that does not compromise the confidentiality of proprietary, patient ,or other sensitive information.

1. All users are aware by virtue of this Agreement that their use of the information systems will be monitored, and that they shall have no expectation of privacy when using the Meridian information system, including, but not limited to Siemens, Email, VPN, and Internet.

2. Employees shall not make multiple copies of proprietary or single-use, licensed software, other than backup copies as part of standard backup procedures.

3. Only software purchased expressly for use at Meridian Health is to installed on any Computer. Use of unauthorized software is strictly prohibited.

4. All users are prohibited from storing on any Meridian computer hardware any information that is not Meridian business related.

SYSTEM SPECIFIC CRITERIA The below applies to all the specific systems mentioned. The above applies to all systems including those listed below.

SIEMENS (SMS): 1. For registration access, users must first obtain: a. Authorization from an Access Services manager/supervisor b. Proper training 2. For financial/patient accounting access, user must first obtain authorization from Director of Patient Accounting. 3. Use of access to any patient information is only authorized for the purpose of treatment, payment, or healthcare operations for patients in accordance with applicable Federal and/or State laws.. Any other use of the information or the right of access is prohibited. Printing from screens is permitted provided

Revised: 5/18/2007

Page 2 of 4

that the hard copy shall be treated as a component of the patient's record and shall be handled with the same degree of confidentiality.

EMAIL: 1. User must select a password that is 6-8 characters in length which must contain at least one number, letter and special character. 2. Users must strive for good grammar and correct punctuation 3. User shall use the same care in the tone and content of email and other electronic documents as he/she would for any other written communication. 4. Messages sent to all Meridian email users require prior approval by the Vice President or Assistant Vice President of Information Technology.. 5. Emails which are offensive, demeaning, or disruptive to the work place are strictly prohibited. 6. User shall not alter the "From" line or other attribution-of-origin information in messages or posting. Anonymous or pseudonymous emails are prohibited. 7. User shall discard inactive email after 60 days unless otherwise directed by his/her supervisor. 8. Users are prohibited from setting up a rule to forward Meridian Email to a home email address. 9. To ensure misdirected communications are handled appropriately, user agrees to append the following footer to all email sent outside Meridian Health: "This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication may contain material protected by the attorney-client privilege. If you are not the intended recipient or the individual responsible for delivering the email to the intended recipient, please advise that you have received this email in error and that any use, dissemination, forwarding, printing, copying of this email is strictly prohibited. If you have received this email in error, please immediately notify _____________ by telephone _________. You will be reimbursed for reasonable costs incurred in notifying us.

INTERNET. 1. Subscriptions to news groups and mailing lists are permitted only when the subscription is for a work related purpose. 2. Only work related files may be downloaded from a website and must be checked for possible virus. If uncertain whether your virus checking software on a standalone computer is current, you must check with an authorized Information Technology representative prior to download.

VPN (VIRTUAL PRIVATE NETWORK) User must call the Help Desk to obtain the proper request form which, upon completion, will be submitted to the Security Officer for approval. If approved, user will be contacted by IT staff member for details.

RESERVATION: Meridian Health reserves the right to change the terms and conditions of this Agreement for any reason, with or without prior notice, in its sole and absolute discretion. Changes may be necessitated by technological changes, by changes in laws or regulations or by budgetary limitations. This is not an all-inclusive list of reasons for change. In addition, Meridian Health System may terminate this Agreement at any time in its sole discretion.

Please keep this Agreement for your information and record.

Revised: 5/18/2007

Page 3 of 4

Meridian Health

Request for Access to Information Systems for Physician Office Staff

Please read carefully and be sure to complete all applicable areas.

USER INFORMATION User's Name: (please print legibly):______________________________________ Date of Birth__________________ User Title:___________________________________________Work Phone:______________________________

Physician's Name: (please print legibly)_______________________________________________________________

Physician Practice Name and Address: ____________________________________________________________

MH Hospital(s) at which physician has privileges:

JSUMC,

OMC,

RMC

By signing below I attest that I have read and understand the Meridian Health Agreement for Access to Information Systems. I shall abide by the terms of the Agreement and shall at all times maintain the confidentiality of all information (electronic, written, and oral) to which I may have access in the course of my day. I understand that failure to abide by the terms of the Agreement will result in disciplinary action up to, and including, termination. I have read and agree to these terms. User Signature:________________________________________________Today's Date:____________________

AUTHORIZING PHYSICIAN

Authorizing Physician's Name: (please print legibly )_____________________________________________________

Physician Signature:____________________________________________Today's Date:____________________

Additional Comments:__________________________________________________________________________

Upon completion, this form must be returned to the Information Technology office either by faxing to 732-897-7425 or by sending interoffice to the attention of the Security Team, along with a copy of your driver's license. You must call the Help Desk at 732-897-7333 to obtain your SMS User ID. Please allow 2 business days for processing. Keep the Agreement for your records.

Revised: 5/18/2007

Page 4 of 4

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download