1 / 5

Information Security Management

Information Security Management. 2008 Programs. Data Security. The data security team processes 120,000 requests per year and is staffed with five FTE. Each task could be anything from a simple question to an S/OLAR with access requests to 15 separate applications.

yadid
Download Presentation

Information Security Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information SecurityManagement 2008 Programs

  2. Data Security • The data security team processes 120,000 requests per year and is staffed with five FTE. • Each task could be anything from a simple question to an S/OLAR with access requests to 15 separate applications. • Provide some type of user administration for 97 applications • The following is a list of services • Provide users with access to systems • Remove users access to systems • Create, Maintain, Remove ID’s for non-users such as auto-logins (kiosks), vendors, etc. • Maintain physician master records in Cerner, SMS, and other downstream systems • Maintain BAA HIPAA contracts for vendors • IHIE & VPN download from pulse • Maintain applications and routing in SOLAR • Pulse registration troubleshooting while maintaining CDS • Assist in the investigation of HIPAA audits and incidents • Badges to South Campus and Data Centers • Set up framework for granting groups of users similar access (NT Groups) • Audit response and research

  3. Research Access Methodology • Own the data and who has access to it • Design what tokens (transactions) get assigned to which roles • Define the roles and how they are allocated to individuals • Test, approve design, & approve access MGR Users Data Custodians IRB OLAR Ticket Cerner Application Security Data Security • Expert on Security Design and Development • Develop Profiles, Security Classes, Groups • Consult with others to design working security • Maintain updates from custodians • Manage User Identity’s & match to predefined access • Receive approved requests to create new users ID’s • Give access or remove access to/from users • Provisioning and De-provisioning

  4. Research Access - OLAR • Where to get the OLAR • http://pulse.clarian.org/portal/intranet/home/content?url=/ClarianWebForms/IS/online_access_request_internal.doc • General instructions are on this site • What access do I ask for if I’m doing research? • Cerner for physician notes and drugs • Careweb has other medical record information • What do I do when the project ends or I’m not longer doing research? • Notify the IRB by completing an OLAR that says to remove your access

  5. OLAR and Responsibility Statement

More Related