Isite 3 5 security administration i
This presentation is the property of its rightful owner.
Sponsored Links
1 / 59

iSite 3.5: Security Administration I PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on
  • Presentation posted in: General

iSite 3.5: Security Administration I. Table of Contents. Objectives Terminology Security Overview User Account Management Define Access Groups Assign User Privileges. Learning Objectives. Understand the purpose and configuration of:. Adding Users Adding Access Groups

Download Presentation

iSite 3.5: Security Administration I

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Isite 3 5 security administration i

iSite 3.5: Security Administration I


Table of contents

Table of Contents

  • Objectives

  • Terminology

  • Security Overview

  • User Account Management

  • Define Access Groups

  • Assign User Privileges


Learning objectives

Learning Objectives

Understand the purpose and configuration of:

  • Adding Users

  • Adding Access Groups

  • Assigning Security Codes to Access Groups

  • Resetting User Passwords


Terminology

Terminology

  • PACS (Picture Archive and Communications System)

    • Information Systems designed to manage, store and distribute medical images and related information throughout the healthcare enterprise

  • HIS (Hospital Information System)

    • Information Systems designed to manage patient records; including patient registration, billing, order entry

  • RIS (Radiology Information System)

    • Information Systems designed to manage exams (orders); including filling orders and scheduling


Terminology1

Terminology

  • MRN (Medical Record Number)

    • A unique patient identifier (also known as Patient ID) used for auditing of billing and scheduling for patients

  • Accession Number (ACCession Number)

    • A unique exam identifier (also known as an order number or requisition number) used for auditing of billing and scheduling of scheduled procedures

  • SUID (Study Instance Unique IDentifier)

    • A unique study identifier used for auditing of performed imaging service requests


Terminology2

Terminology

  • DICOM (Digital Imaging COmmunication in Medicine)

    • DICOM is the predominant communication standard between imaging equipment throughout the Healthcare Enterprise

  • HL7 (Health Level 7)

    • HL7 is the predominant messaging standard for exchanging key sets of administrative and clinical data in the healthcare enterprise


Security overview

Security Overview


Security overview1

Security Overview

  • Security Administration is the management of Users, Access Groups and Security Codes to ensure that users have the permissions and therefore the functionality necessary to perform their job functions

  • User Accounts using iSite User Database

    • Users must belong to at least one Access Group

    • Access Groups are assigned Security Codes

    • Security Codes designate permissions

    • Access Group Security Codes are cumulative


Security overview2

Security Overview

Security Code

User

Security Code

User

Security Code

Access Group

User

Security Code

User

Security Code

User

Security Code

User

Security Code

User

Security Code

Access Group

User

Security Code

User

Security Code

User


Security overview3

Security Overview

  • User Accounts using iSite User Database

  • Background:

    • Users must be members of at least one Access Group

    • An Access Group is made up of Multiple Security Codes

    • Each Security Code designates a function

    • Need to review the Default Access Group Settings and modify any Security Codes to fit your needs

    • User determined passwords - If users forget passwords, the iSite System Administrator can only Reset password

    • First time users login or if password Reset

      • Password = User ID or Username

    • Users cannot re-use their previous 10 passwords


Security overview4

Security Overview

  • Password default = “UserID”

  • Users are prompted to change password at initial log-in

  • iSite Administrator may reset passwords

  • Password Enforcement:

    • Users may not re-use previous 10 passwords

    • Minimum password length = 3 characters

    • iSite Enterprise = NO maximum log-in attempts

    • iSuite = 3 maximum log-in attempts


Security overview5

Security Overview

  • Session Timeouts are assigned to Access Groups

  • Session Timeout = xx minutes

  • Default Session Timeouts = 20 minutes (max)

  • Auto Logouts may be assigned to individual Workstations in the iSite client Machine Preferences

  • Auto Logout overrides Session Timeout

  • Auto Logout = xxxxx seconds

  • Auto Logout may be utilized for workstations requiring lengthy periods of inactivity (O.R.) or to accommodate high traffic zones (E.R.)


User account management

User Account Management


User account management1

User Account Management

  • In iSuite, select the ‘Sys Admin’ module

  • Click the ‘Security’ tab


User account management2

User Account Management

  • To add a new user, from the pull-down menu select ‘Users’ and click ‘continue’


User account management3

User Account Management

  • Click the ‘add new’ button


User account management4

User Account Management

  • An empty User Information page is displayed


User account management5

User Account Management

  • Fill in the user information as requested

    • Enter the user’s name (Last, First)

    • Give the user a ‘Title’ in accordance to their role; this has no use in iSite other than for organized user management

    • The ‘Employee #’ field also has no specific use in iSite

    • Assign a User ID


User account management6

User Account Management

  • Fill in the user information as requested

    • Select the user’s default organization in the drop-down ‘Primary Org’ box

    • Select the number of days to force the user to change the password in the ‘Chg PW Days’ - The maximum is 999 days

    • Currently, ‘Discount Approval’ has no functionality in iSite

    • Check the ‘Active’ box for a currently active user account


User account management7

User Account Management

  • Once information is complete, click “add” to create a new user


User account management8

User Account Management

  • To assign the user to an Access Group, select the ‘+ - access groups’ button


User account management9

User Account Management

  • Administrators must be familiar with the definitions of the access groups before assigning users to them

  • Assigning users to inappropriate access groups could compromise sensitive data


User account management10

User Account Management

  • Select the Access Group(s) to which the user will belong

  • Click the ‘ok’ button


User account management11

User Account Management

  • User Information screen returns and the Access Groups for the user are displayed

  • iSite Enterprise cannot be used by the new user until the user has been assigned to at least one access group


User account management12

User Account Management

  • If a user forgets their password, it can be reset in iSuite from the User Information screen

  • Select the ‘reset pw’ button

  • The password is immediately reset to the default password, which is the same as the ‘User ID’


Define access groups

Define Access Groups


Define access groups1

Define Access Groups

  • When creating an access group, a set of security codes is grouped together, thereby enabling access to the modules and options in which users can work

  • Changes made to an access group concerning associated security codes affects all users assigned to that access group

  • If a user is logged into iSite Enterprise when you edit their access group information, changes to user privileges do not take effect until the user logs out of iSite Enterprise and then logs back into the system


Security by organization

Security by Organization

  • Users can view patients who belong to the same organization as the Access Group(s) with which the users are associated

  • Organizations are designated via Access Group setup

  • If a user belongs to multiple Access Groups which have different organizations, the user has the cumulative security rights and access to all patients in all associated organizations

  • For example, if a user is given Mark Read security in Access Group A of ORG A and the user also belongs to Access Group B of ORG B which does not grant Mark Read rights, the user has Mark Read rights for both ORG A and ORG B


Security by organization1

Security by Organization

  • With Security by Organization, a user cannot access exams that are not in the user’s organization(s)

  • If a Patient’s History Timeline contains exams that were performed at different organizations, the user will only have access to view those exams that were acquired at the organization to which the user belongs


Define access groups2

Define Access Groups

  • To create a new access group, select Access Groups from the pull-down menu and click continue


Define access groups3

Define Access Groups

  • Click the ‘add new’ button in the Access Groups window


Define access groups4

Define Access Groups

  • Enter all pertinent information to define and describe the new Access Group


Define access groups5

Define Access Groups

  • Enter the title of the role in the Name field

  • Enter the description of the role in the Description field

  • Check the Active box for a currently active Access Group

  • Determine the length of the Session Timeout assigned to this Access Group

  • Session Timeout = xx minutes

  • Default Session Timeouts = 20 minutes (max)


Security by organization2

Security by Organization

  • iSite 3.5 Security by Organization feature allows customers to prevent specific users or user groups from accessing exams in organizations (ORGs) to which they do not have clinical privileges

  • This gives customers from institutions in competitive situations an additional level of access security


Security by organization3

Security by Organization

  • Security by Organization supports multi-organization customers sharing an iVault who do not want users from one organization to view patients from another organization for patient confidentially reasons


Security by organization4

Security by Organization

  • Users can view patients who belong to the same organization as the Access Group(s) with which the users are associated

  • Organizations are designated via Access Group setup

  • If a user belongs to multiple Access Group(s) which have different organizations, the user has the cumulative security rights and access to all patients in all associated organizations

  • For example, if a user is given Mark Read security in Access Group A of ORG A and the user also belongs to Access Group B of ORG B which does not grant Mark Read rights, the user has Mark Read rights for both ORG A and ORG B


Security by organization5

Security by Organization

  • With Security by Organization, a user cannot access exams that are not in the user’s organization(s)

  • If a Patient’s History Timeline contains exams that were performed at different organizations, the user will only have access to view those exams that were acquired at the organization to which the user belongs


Security by organization6

Security by Organization

  • Philips recommends that all customers verify their Access Group configurations to ensure that they are associated with the desired organization(s)


Security by organization7

Security by Organization

  • If the iSite System Administrator does not want to restrict user access enforced by Security by Organization, the iSite System Administrator should make sure that all Access Groups are configured to associate with the “Enterprise” umbrella organization immediately after the upgrade

  • This gives users with Access Groups configured with the “Enterprise” organization access to patients across all organizations


Security by organization8

Security by Organization

  • Features Not Impacted by Security by Organization

  • Security by Organization does not apply to system-wide features such as Public Folders

  • For example, if User A in ORG A is given security code access to Public Folders that contain patient exams from ORG A and ORG B, User A will have access to view those exams from ORG B. Likewise, if User A (in ORG A) is given security code access to Merge Patients, User A can merge patients from multiple organizations


Security by organization9

Security by Organization

  • The following features are not affected by Security by Organization:

    • Public Folders

    • Viewing Access: Exceptions

    • Merge Candidates List

    • System Preferences: Window Width/Center

    • System Preferences: Image Processing

    • System Preferences: DICOM Sources

    • System Preferences: Screen Overlays

    • System Preferences: Paper Printing

    • System Preferences: Print to Film

    • System Preferences: System Plug Ins

    • System Preferences: System Filters

    • System Preferences: iExport

    • System Preferences: iQuery


Define access groups6

Define Access Groups

  • After entering all the pertinent information, click ‘add’


Define access groups7

Define Access Groups

  • Information is saved and the access group created appears as an editable entry

  • From the window shown here, the entries can be changed and security codes may be added


Define access groups8

Define Access Groups

  • Click the ‘+ - security codes’ button to add security codes to this access group


Define access groups9

Define Access Groups

  • Select the security codes to grant access to the group just created

  • Click the ok button


Define access groups10

Define Access Groups

  • Access Group entry window reappears and clicking the update button finalizes the changes


Assign user privileges

Assign User Privileges


Assign user privileges1

AssignUserPrivileges

  • PACS Admin Team shall have all features and functions available (SYSADMINALL Access Group)

  • Caution: To enable Exceptions Handler Tab for iSite Enterprise the ISTSUPPORTSecurity Code must be active for the related Access Group; however, ISTSUPPORT allows Access Groups withISTUSRPREF active to access System Preferences and Machine Preferences as well


Assign user privileges2

Assign User Privileges

  • The following list demonstrates all necessary Access Groups that may be created to assign the appropriate permissions to all iSite users based upon previous experiences

    • PACS Administration Team

    • Quality Assurance Clinical Staff

    • Information Technology (Support and Security)

    • Radiologists

    • Radiology Residents

    • Clinical Supervisors, Leads, and 3rd Shift Techs (Radiologic Technologists)

    • Staff Radiologic Technologists

    • Clerical Staff

    • Medical Staff Specialists (Cardiologists, Endoscopy and Surgeons)

    • Medical and Clinical Staff (Physicians, Nurses)

    • EMR Integration Access Group


Access privileges

Access Privileges


Workflow related

Workflow Related


Workflow related1

Workflow Related


Image management

Image Management


Technologist worklist

Technologist Worklist


Patient management

Patient Management


System management

System Management


Isite radiology specific features

iSite Radiology Specific Features


For assistance please call customer support at 1 877 328 2808 or 1 877 328 2809

For assistance, please call customer support at 1-877-328-2808 or 1-877-328-2809


  • Login