1 / 16

Core Services Sandra Toutoungi Delivery Consultant

Core Services. King Saud University Hospitals (KSUHs). Core Services Sandra Toutoungi Delivery Consultant. Security Concepts. What is security?. Security is a workflow initiated by the request of the user to access an application and the data therein.

astro
Télécharger la présentation

Core Services Sandra Toutoungi Delivery Consultant

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Core Services King Saud University Hospitals (KSUHs) Core ServicesSandra Toutoungi Delivery Consultant Security Concepts

  2. What is security? Security is a workflow initiated by the request of the user to access an application and the data therein. Which applications are you authorized to open? Which patient charts can you open? Who are you? Authentication Application Authorization Chart Access Which patient visits can you view? Which specific results, etc. can you view? Encounter Access Data Access

  3. Security Design • Security Risks in Healthcare • Unauthorized disclosure of patient information • Unauthorized disclosure of sensitive information • Substance abuse treatment, abortion, mental health, HIV/AIDS, genetics • Security is not… • An add-on to your solutions • Built after workflow is designed • Recommended to be set up at an user-level

  4. Positions Defined • Role based access to Cerner Applications • Should be based on the role the user has within scope of Cerner Solutions • Not based on job title • Position determines authorization within Cerner

  5. Hybrid Positions • Employees may perform different roles • Ex. Registration Clerk and Scheduling Clerk • Create “hybrid” position if necessary • Combine access from two positions to create a new position • Each user is assigned to ONE position • Make sure positions are designed to encompass all functions the user needs access to within Cerner

  6. Application Groups • Task • Components of Applications- Query, View, Maintain • Application - Cerner Executable • Ex. PowerChart.exe • Application Group - Grouping of like Cerner Applications • Applications within a group are usually dependent on each other to perform a specific function or access Cerner Solutions. • Cerner Recommended design includes Application Groups • Example: Device Cross Reference Clinical Reporting Manual Expedite Request a Chart

  7. Relationships • Relationships are needed for positions to access the EMR via: • PowerChart • FirstNet • SurgiNet • Audit trail of chart access • Assign relationship(s) in Security Data Collection Worksheet

  8. Charge View Only View Allergies PowerChart Common Physician PowerChart.exe CSChargeViewer.exe Query Charge Tasks Apps Tasks Nurse Kate Jones Pete Smith App Group Tasks Apps Tasks User Position Tasks Apps Tasks App Group Tasks Apps Tasks User->Position->App Group(s)

  9. Place Lab Order DOE: Departmental Order Entry Medical Technologist Tasks Departmentorderentry.exe Apps Tasks Pete Smith App Group Tasks Apps Tasks User Position Tasks Apps Tasks App Group Tasks Apps Tasks User->Position->App Group(s)

  10. Bedrock Position Wizard • Design and build simultaneously • STANDARD positions exist in Wizard- can be modified • Descriptions in Wizard • STANDARD application groups exist in Wizard • Descriptions in Wizard • DBC = Database Coordinators • DBA = Database Admin- full access to EVERY Cerner application • Utilize start recommendations and keep maintenance in mind

  11. Multiple Positions Design • Advanced Mode- Select Application Groups • Grid View of multiple positions • Compare and review access for multiple positions • Hover over positions or application groups to get a brief explanation

  12. Break-out Sessions • Break-out Sessions • Work vertically- focus on one position at a time • Grant Primary access requirements • Grant Secondary access requirements • Example: Charge Services and Clinical Reporting • Grant access by clicking on checkbox

  13. Next Steps • Review security audit during individual solution sessions • Finish design needs during weekly calls after Design Review • Audit posted on MethodM - each position’s Application Groups

  14. Change Control • Change Control- very important • Each change needs to be validated and tested • All requested changes must be documented in Security Change Log • Security must be included in unit and system testing • System Validation Session • Review security testing process • Review security change control

  15. Questions? Core Services

More Related