Isite 3 5 security administration i
Download
1 / 59

iSite 3.5: Security Administration I - PowerPoint PPT Presentation


  • 107 Views
  • Uploaded on

iSite 3.5: Security Administration I. Table of Contents. Objectives Terminology Security Overview User Account Management Define Access Groups Assign User Privileges. Learning Objectives. Understand the purpose and configuration of:. Adding Users Adding Access Groups

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' iSite 3.5: Security Administration I' - jaxon


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Table of contents
Table of Contents

  • Objectives

  • Terminology

  • Security Overview

  • User Account Management

  • Define Access Groups

  • Assign User Privileges


Learning objectives
Learning Objectives

Understand the purpose and configuration of:

  • Adding Users

  • Adding Access Groups

  • Assigning Security Codes to Access Groups

  • Resetting User Passwords


Terminology
Terminology

  • PACS (Picture Archive and Communications System)

    • Information Systems designed to manage, store and distribute medical images and related information throughout the healthcare enterprise

  • HIS (Hospital Information System)

    • Information Systems designed to manage patient records; including patient registration, billing, order entry

  • RIS (Radiology Information System)

    • Information Systems designed to manage exams (orders); including filling orders and scheduling


Terminology1
Terminology

  • MRN (Medical Record Number)

    • A unique patient identifier (also known as Patient ID) used for auditing of billing and scheduling for patients

  • Accession Number (ACCession Number)

    • A unique exam identifier (also known as an order number or requisition number) used for auditing of billing and scheduling of scheduled procedures

  • SUID (Study Instance Unique IDentifier)

    • A unique study identifier used for auditing of performed imaging service requests


Terminology2
Terminology

  • DICOM (Digital Imaging COmmunication in Medicine)

    • DICOM is the predominant communication standard between imaging equipment throughout the Healthcare Enterprise

  • HL7 (Health Level 7)

    • HL7 is the predominant messaging standard for exchanging key sets of administrative and clinical data in the healthcare enterprise



Security overview1
Security Overview

  • Security Administration is the management of Users, Access Groups and Security Codes to ensure that users have the permissions and therefore the functionality necessary to perform their job functions

  • User Accounts using iSite User Database

    • Users must belong to at least one Access Group

    • Access Groups are assigned Security Codes

    • Security Codes designate permissions

    • Access Group Security Codes are cumulative


Security overview2
Security Overview

Security Code

User

Security Code

User

Security Code

Access Group

User

Security Code

User

Security Code

User

Security Code

User

Security Code

User

Security Code

Access Group

User

Security Code

User

Security Code

User


Security overview3
Security Overview

  • User Accounts using iSite User Database

  • Background:

    • Users must be members of at least one Access Group

    • An Access Group is made up of Multiple Security Codes

    • Each Security Code designates a function

    • Need to review the Default Access Group Settings and modify any Security Codes to fit your needs

    • User determined passwords - If users forget passwords, the iSite System Administrator can only Reset password

    • First time users login or if password Reset

      • Password = User ID or Username

    • Users cannot re-use their previous 10 passwords


Security overview4
Security Overview

  • Password default = “UserID”

  • Users are prompted to change password at initial log-in

  • iSite Administrator may reset passwords

  • Password Enforcement:

    • Users may not re-use previous 10 passwords

    • Minimum password length = 3 characters

    • iSite Enterprise = NO maximum log-in attempts

    • iSuite = 3 maximum log-in attempts


Security overview5
Security Overview

  • Session Timeouts are assigned to Access Groups

  • Session Timeout = xx minutes

  • Default Session Timeouts = 20 minutes (max)

  • Auto Logouts may be assigned to individual Workstations in the iSite client Machine Preferences

  • Auto Logout overrides Session Timeout

  • Auto Logout = xxxxx seconds

  • Auto Logout may be utilized for workstations requiring lengthy periods of inactivity (O.R.) or to accommodate high traffic zones (E.R.)



User account management1
User Account Management

  • In iSuite, select the ‘Sys Admin’ module

  • Click the ‘Security’ tab


User account management2
User Account Management

  • To add a new user, from the pull-down menu select ‘Users’ and click ‘continue’


User account management3
User Account Management

  • Click the ‘add new’ button


User account management4
User Account Management

  • An empty User Information page is displayed


User account management5
User Account Management

  • Fill in the user information as requested

    • Enter the user’s name (Last, First)

    • Give the user a ‘Title’ in accordance to their role; this has no use in iSite other than for organized user management

    • The ‘Employee #’ field also has no specific use in iSite

    • Assign a User ID


User account management6
User Account Management

  • Fill in the user information as requested

    • Select the user’s default organization in the drop-down ‘Primary Org’ box

    • Select the number of days to force the user to change the password in the ‘Chg PW Days’ - The maximum is 999 days

    • Currently, ‘Discount Approval’ has no functionality in iSite

    • Check the ‘Active’ box for a currently active user account


User account management7
User Account Management

  • Once information is complete, click “add” to create a new user


User account management8
User Account Management

  • To assign the user to an Access Group, select the ‘+ - access groups’ button


User account management9
User Account Management

  • Administrators must be familiar with the definitions of the access groups before assigning users to them

  • Assigning users to inappropriate access groups could compromise sensitive data


User account management10
User Account Management

  • Select the Access Group(s) to which the user will belong

  • Click the ‘ok’ button


User account management11
User Account Management

  • User Information screen returns and the Access Groups for the user are displayed

  • iSite Enterprise cannot be used by the new user until the user has been assigned to at least one access group


User account management12
User Account Management

  • If a user forgets their password, it can be reset in iSuite from the User Information screen

  • Select the ‘reset pw’ button

  • The password is immediately reset to the default password, which is the same as the ‘User ID’



Define access groups1
Define Access Groups

  • When creating an access group, a set of security codes is grouped together, thereby enabling access to the modules and options in which users can work

  • Changes made to an access group concerning associated security codes affects all users assigned to that access group

  • If a user is logged into iSite Enterprise when you edit their access group information, changes to user privileges do not take effect until the user logs out of iSite Enterprise and then logs back into the system


Security by organization
Security by Organization

  • Users can view patients who belong to the same organization as the Access Group(s) with which the users are associated

  • Organizations are designated via Access Group setup

  • If a user belongs to multiple Access Groups which have different organizations, the user has the cumulative security rights and access to all patients in all associated organizations

  • For example, if a user is given Mark Read security in Access Group A of ORG A and the user also belongs to Access Group B of ORG B which does not grant Mark Read rights, the user has Mark Read rights for both ORG A and ORG B


Security by organization1
Security by Organization

  • With Security by Organization, a user cannot access exams that are not in the user’s organization(s)

  • If a Patient’s History Timeline contains exams that were performed at different organizations, the user will only have access to view those exams that were acquired at the organization to which the user belongs


Define access groups2
Define Access Groups

  • To create a new access group, select Access Groups from the pull-down menu and click continue


Define access groups3
Define Access Groups

  • Click the ‘add new’ button in the Access Groups window


Define access groups4
Define Access Groups

  • Enter all pertinent information to define and describe the new Access Group


Define access groups5
Define Access Groups

  • Enter the title of the role in the Name field

  • Enter the description of the role in the Description field

  • Check the Active box for a currently active Access Group

  • Determine the length of the Session Timeout assigned to this Access Group

  • Session Timeout = xx minutes

  • Default Session Timeouts = 20 minutes (max)


Security by organization2
Security by Organization

  • iSite 3.5 Security by Organization feature allows customers to prevent specific users or user groups from accessing exams in organizations (ORGs) to which they do not have clinical privileges

  • This gives customers from institutions in competitive situations an additional level of access security


Security by organization3
Security by Organization

  • Security by Organization supports multi-organization customers sharing an iVault who do not want users from one organization to view patients from another organization for patient confidentially reasons


Security by organization4
Security by Organization

  • Users can view patients who belong to the same organization as the Access Group(s) with which the users are associated

  • Organizations are designated via Access Group setup

  • If a user belongs to multiple Access Group(s) which have different organizations, the user has the cumulative security rights and access to all patients in all associated organizations

  • For example, if a user is given Mark Read security in Access Group A of ORG A and the user also belongs to Access Group B of ORG B which does not grant Mark Read rights, the user has Mark Read rights for both ORG A and ORG B


Security by organization5
Security by Organization

  • With Security by Organization, a user cannot access exams that are not in the user’s organization(s)

  • If a Patient’s History Timeline contains exams that were performed at different organizations, the user will only have access to view those exams that were acquired at the organization to which the user belongs


Security by organization6
Security by Organization

  • Philips recommends that all customers verify their Access Group configurations to ensure that they are associated with the desired organization(s)


Security by organization7
Security by Organization

  • If the iSite System Administrator does not want to restrict user access enforced by Security by Organization, the iSite System Administrator should make sure that all Access Groups are configured to associate with the “Enterprise” umbrella organization immediately after the upgrade

  • This gives users with Access Groups configured with the “Enterprise” organization access to patients across all organizations


Security by organization8
Security by Organization

  • Features Not Impacted by Security by Organization

  • Security by Organization does not apply to system-wide features such as Public Folders

  • For example, if User A in ORG A is given security code access to Public Folders that contain patient exams from ORG A and ORG B, User A will have access to view those exams from ORG B. Likewise, if User A (in ORG A) is given security code access to Merge Patients, User A can merge patients from multiple organizations


Security by organization9
Security by Organization

  • The following features are not affected by Security by Organization:

    • Public Folders

    • Viewing Access: Exceptions

    • Merge Candidates List

    • System Preferences: Window Width/Center

    • System Preferences: Image Processing

    • System Preferences: DICOM Sources

    • System Preferences: Screen Overlays

    • System Preferences: Paper Printing

    • System Preferences: Print to Film

    • System Preferences: System Plug Ins

    • System Preferences: System Filters

    • System Preferences: iExport

    • System Preferences: iQuery


Define access groups6
Define Access Groups

  • After entering all the pertinent information, click ‘add’


Define access groups7
Define Access Groups

  • Information is saved and the access group created appears as an editable entry

  • From the window shown here, the entries can be changed and security codes may be added


Define access groups8
Define Access Groups

  • Click the ‘+ - security codes’ button to add security codes to this access group


Define access groups9
Define Access Groups

  • Select the security codes to grant access to the group just created

  • Click the ok button


Define access groups10
Define Access Groups

  • Access Group entry window reappears and clicking the update button finalizes the changes



Assign user privileges1
AssignUserPrivileges

  • PACS Admin Team shall have all features and functions available (SYSADMINALL Access Group)

  • Caution: To enable Exceptions Handler Tab for iSite Enterprise the ISTSUPPORTSecurity Code must be active for the related Access Group; however, ISTSUPPORT allows Access Groups withISTUSRPREF active to access System Preferences and Machine Preferences as well


Assign user privileges2
Assign User Privileges

  • The following list demonstrates all necessary Access Groups that may be created to assign the appropriate permissions to all iSite users based upon previous experiences

    • PACS Administration Team

    • Quality Assurance Clinical Staff

    • Information Technology (Support and Security)

    • Radiologists

    • Radiology Residents

    • Clinical Supervisors, Leads, and 3rd Shift Techs (Radiologic Technologists)

    • Staff Radiologic Technologists

    • Clerical Staff

    • Medical Staff Specialists (Cardiologists, Endoscopy and Surgeons)

    • Medical and Clinical Staff (Physicians, Nurses)

    • EMR Integration Access Group










For assistance please call customer support at 1 877 328 2808 or 1 877 328 2809
For assistance, please call customer support at 1-877-328-2808 or 1-877-328-2809


ad