iSite 3.5: Security Administration I

1
iSite 3.5 Security Administration I
2
Table of Contents

• Objectives
• Terminology
• Security Overview
• User Account Management
• Define Access Groups
• Assign User Privileges

3
Learning Objectives
Understand the purpose and configuration of

• Adding Users
• Adding Access Groups
• Assigning Security Codes to Access Groups
• Resetting User Passwords

4
Terminology

• PACS (Picture Archive and Communications System)
• Information Systems designed to manage, store and
  distribute medical images and related information
  throughout the healthcare enterprise
• HIS (Hospital Information System)
• Information Systems designed to manage patient
  records including patient registration, billing,
  order entry
• RIS (Radiology Information System)
• Information Systems designed to manage exams
  (orders) including filling orders and scheduling

5
Terminology

• MRN (Medical Record Number)
• A unique patient identifier (also known as
  Patient ID) used for auditing of billing and
  scheduling for patients
• Accession Number (ACCession Number)
• A unique exam identifier (also known as an order
  number or requisition number) used for auditing
  of billing and scheduling of scheduled procedures
• SUID (Study Instance Unique IDentifier)
• A unique study identifier used for auditing of
  performed imaging service requests

6
Terminology

• DICOM (Digital Imaging COmmunication in Medicine)
• DICOM is the predominant communication standard
  between imaging equipment throughout the
  Healthcare Enterprise
• HL7 (Health Level 7)
• HL7 is the predominant messaging standard for
  exchanging key sets of administrative and
  clinical data in the healthcare enterprise

7
Security Overview
8
Security Overview

• Security Administration is the management of
  Users, Access Groups and Security Codes to ensure
  that users have the permissions and therefore the
  functionality necessary to perform their job
  functions
• User Accounts using iSite User Database
• Users must belong to at least one Access Group
• Access Groups are assigned Security Codes
• Security Codes designate permissions
• Access Group Security Codes are cumulative

9
Security Overview
Security Code
User
Security Code
User
Security Code
Access Group
User
Security Code
User
Security Code
User
Security Code
User
Security Code
User
Security Code
Access Group
User
Security Code
User
Security Code
User
10
Security Overview

• User Accounts using iSite User Database
• Background
• Users must be members of at least one Access
  Group
• An Access Group is made up of Multiple Security
  Codes
• Each Security Code designates a function
• Need to review the Default Access Group Settings
  and modify any Security Codes to fit your needs
• User determined passwords - If users forget
  passwords, the iSite System Administrator can
  only Reset password
• First time users login or if password Reset
• Password User ID or Username
• Users cannot re-use their previous 10 passwords

11
Security Overview

• Password default UserID
• Users are prompted to change password at initial
  log-in
• iSite Administrator may reset passwords
• Password Enforcement
• Users may not re-use previous 10 passwords
• Minimum password length 3 characters
• iSite Enterprise NO maximum log-in attempts
• iSuite 3 maximum log-in attempts

12
Security Overview

• Session Timeouts are assigned to Access Groups
• Session Timeout xx minutes
• Default Session Timeouts 20 minutes (max)
• Auto Logouts may be assigned to individual
  Workstations in the iSite client Machine
  Preferences
• Auto Logout overrides Session Timeout
• Auto Logout xxxxx seconds
• Auto Logout may be utilized for workstations
  requiring lengthy periods of inactivity (O.R.) or
  to accommodate high traffic zones (E.R.)

13
User Account Management
14
User Account Management

• In iSuite, select the Sys Admin module
• Click the Security tab

15
User Account Management

• To add a new user, from the pull-down menu select
  Users and click continue

16
User Account Management

• Click the add new button

17
User Account Management

• An empty User Information page is displayed

18
User Account Management

• Fill in the user information as requested
• Enter the users name (Last, First)
• Give the user a Title in accordance to their
  role this has no use in iSite other than for
  organized user management
• The Employee field also has no specific use
  in iSite
• Assign a User ID

19
User Account Management

• Fill in the user information as requested
• Select the users default organization in the
  drop-down Primary Org box
• Select the number of days to force the user to
  change the password in the Chg PW Days - The
  maximum is 999 days
• Currently, Discount Approval has no
  functionality in iSite
• Check the Active box for a currently active
  user account

20
User Account Management

• Once information is complete, click add to
  create a new user

21
User Account Management

• To assign the user to an Access Group, select the
  - access groups button

22
User Account Management

• Administrators must be familiar with the
  definitions of the access groups before assigning
  users to them
• Assigning users to inappropriate access groups
  could compromise sensitive data

23
User Account Management

• Select the Access Group(s) to which the user will
  belong
• Click the ok button

24
User Account Management

• User Information screen returns and the Access
  Groups for the user are displayed
• iSite Enterprise cannot be used by the new user
  until the user has been assigned to at least one
  access group

25
User Account Management

• If a user forgets their password, it can be reset
  in iSuite from the User Information screen
• Select the reset pw button
• The password is immediately reset to the default
  password, which is the same as the User ID

26
Define Access Groups
27
Define Access Groups

• When creating an access group, a set of security
  codes is grouped together, thereby enabling
  access to the modules and options in which users
  can work
• Changes made to an access group concerning
  associated security codes affects all users
  assigned to that access group
• If a user is logged into iSite Enterprise when
  you edit their access group information, changes
  to user privileges do not take effect until the
  user logs out of iSite Enterprise and then logs
  back into the system

28
Security by Organization

• Users can view patients who belong to the same
  organization as the Access Group(s) with which
  the users are associated
• Organizations are designated via Access Group
  setup
• If a user belongs to multiple Access Groups which
  have different organizations, the user has the
  cumulative security rights and access to all
  patients in all associated organizations
• For example, if a user is given Mark Read
  security in Access Group A of ORG A and the user
  also belongs to Access Group B of ORG B which
  does not grant Mark Read rights, the user has
  Mark Read rights for both ORG A and ORG B

29
Security by Organization

• With Security by Organization, a user cannot
  access exams that are not in the users
  organization(s)
• If a Patients History Timeline contains exams
  that were performed at different organizations,
  the user will only have access to view those
  exams that were acquired at the organization to
  which the user belongs

30
Define Access Groups

• To create a new access group, select Access
  Groups from the pull-down menu and click continue

31
Define Access Groups

• Click the add new button in the Access Groups
  window

32
Define Access Groups

• Enter all pertinent information to define and
  describe the new Access Group

33
Define Access Groups

• Enter the title of the role in the Name field
• Enter the description of the role in the
  Description field
• Check the Active box for a currently active
  Access Group
• Determine the length of the Session Timeout
  assigned to this Access Group
• Session Timeout xx minutes
• Default Session Timeouts 20 minutes (max)

34
Security by Organization

• iSite 3.5 Security by Organization feature allows
  customers to prevent specific users or user
  groups from accessing exams in organizations
  (ORGs) to which they do not have clinical
  privileges
• This gives customers from institutions in
  competitive situations an additional level of
  access security

35
Security by Organization

• Security by Organization supports
  multi-organization customers sharing an iVault
  who do not want users from one organization to
  view patients from another organization for
  patient confidentially reasons

36
Security by Organization

• Users can view patients who belong to the same
  organization as the Access Group(s) with which
  the users are associated
• Organizations are designated via Access Group
  setup
• If a user belongs to multiple Access Group(s)
  which have different organizations, the user has
  the cumulative security rights and access to all
  patients in all associated organizations
• For example, if a user is given Mark Read
  security in Access Group A of ORG A and the user
  also belongs to Access Group B of ORG B which
  does not grant Mark Read rights, the user has
  Mark Read rights for both ORG A and ORG B

37
Security by Organization

• With Security by Organization, a user cannot
  access exams that are not in the users
  organization(s)
• If a Patients History Timeline contains exams
  that were performed at different organizations,
  the user will only have access to view those
  exams that were acquired at the organization to
  which the user belongs

38
Security by Organization

• Philips recommends that all customers verify
  their Access Group configurations to ensure that
  they are associated with the desired
  organization(s)

39
Security by Organization

• If the iSite System Administrator does not want
  to restrict user access enforced by Security by
  Organization, the iSite System Administrator
  should make sure that all Access Groups are
  configured to associate with the Enterprise
  umbrella organization immediately after the
  upgrade
• This gives users with Access Groups configured
  with the Enterprise organization access to
  patients across all organizations

40
Security by Organization

• Features Not Impacted by Security by Organization
• Security by Organization does not apply to
  system-wide features such as Public Folders
• For example, if User A in ORG A is given security
  code access to Public Folders that contain
  patient exams from ORG A and ORG B, User A will
  have access to view those exams from ORG B.
  Likewise, if User A (in ORG A) is given security
  code access to Merge Patients, User A can merge
  patients from multiple organizations

41
Security by Organization

• The following features are not affected by
  Security by Organization
• Public Folders
• Viewing Access Exceptions
• Merge Candidates List
• System Preferences Window Width/Center
• System Preferences Image Processing
• System Preferences DICOM Sources
• System Preferences Screen Overlays
• System Preferences Paper Printing
• System Preferences Print to Film
• System Preferences System Plug Ins
• System Preferences System Filters
• System Preferences iExport
• System Preferences iQuery

42
Define Access Groups

• After entering all the pertinent information,
  click add

43
Define Access Groups

• Information is saved and the access group created
  appears as an editable entry
• From the window shown here, the entries can be
  changed and security codes may be added

44
Define Access Groups

• Click the - security codes button to add
  security codes to this access group

45
Define Access Groups

• Select the security codes to grant access to the
  group just created
• Click the ok button

46
Define Access Groups

• Access Group entry window reappears and clicking
  the update button finalizes the changes

47
Assign User Privileges
48
Assign User Privileges

• PACS Admin Team shall have all features and
  functions available (SYSADMINALL Access Group)
• Caution To enable Exceptions Handler Tab for
  iSite Enterprise the ISTSUPPORT Security Code
  must be active for the related Access Group
  however, ISTSUPPORT allows Access Groups with
  ISTUSRPREF active to access System Preferences
  and Machine Preferences as well

49
Assign User Privileges

• The following list demonstrates all necessary
  Access Groups that may be created to assign the
  appropriate permissions to all iSite users based
  upon previous experiences
• PACS Administration Team
• Quality Assurance Clinical Staff
• Information Technology (Support and Security)
• Radiologists
• Radiology Residents
• Clinical Supervisors, Leads, and 3rd Shift Techs
  (Radiologic Technologists)
• Staff Radiologic Technologists
• Clerical Staff
• Medical Staff Specialists (Cardiologists,
  Endoscopy and Surgeons)
• Medical and Clinical Staff (Physicians, Nurses)
• EMR Integration Access Group

50
Access Privileges
View Images for all exams IMGVUEIMG
Log in to iSite PACS ISTACCESS
View Images for any patient ISTANYPAT
View Images for patient for which the user is not the Ordering Physician ISTANYPHYS
View Images searching by MRN ISTBYMRN
View Images in Exceptions status ISTEXCEPT
View Images that do not have reports ISTNOREP
Show Location Patient Lookup ISTSHOWLOC
Unrestricted Patient Lookup Query Type 3 (must be active) ISTUNRES3
51
Workflow Related
User Preferences (General Preferences, Filters, WW/WL, etc.) ISTUSRPREF
System Preferences (System Level Functionality changes) ISTUSRPREF and ISTSUPPORT
System Filters (Create) ISTUSRPREF and ISTSUPPORT
System Filters (Access) ISTSYSFLTR
User Filters (Create) ISTUSRPREF
User Filters (Access) ISTUSRFLTR
Public Folders (Create) ISTPUBFLDR
Public Folders (Access) ISTPUBFLDO
Personal Folders (Create and Access) ISTUSRFLDR
52
Workflow Related
CD Manager (CD Burning) ISTMEDEXP
iExport (DICOM Image export) ISTIEXP
IQuery (DICOM Image import) ISTQUERY
Local Exam Cache ISTLCACHE
Paper Print ISTPRNT
Film Print ISTFLMPRNT (must have ISTRAD )
Saving Presentation States ISTPSTATE
Plug-Ins (Recommend link to Intranet without associated Security Code) ISTPLUG
53
Image Management
View Exceptions Handler EXHACCESS
Access to Clinical Exam Notes EXHCLNOTE
Remove Exceptions (permanently delete images) EXHWINACT
Resolve Exceptions EXHWRESEX
Digital Image Management (creating patient exceptions due to misidentification) IMGDIGMGMT, IMGULKSUID
Delete Images from Exam Rack (not permanent) ISTIMGDEL
Remove/Resolve Dup UID Warning Message ISTRDUPID
Assign new Study Instance Unique Identifier ISTRGUID
54
Technologist Worklist
Technologist Worklist MWLACCESS, MWLBEGIN, MWLCOMPLET, MWLEDIT, MWLEXHACC, MWLRCLNOTE, MWLWPRFRES, MWLWRESEX
Study Linking (Matching two Accession Numbers to one Study UID) IMGLINKFUL, IMGLINKLIM, IMGULKSUID, IMGUNLKFUL, IMGUNLKLIM
55
Patient Management
Patient/Exam Edit (may be necessary for Exceptions Resolution) SCHCANCEX, SCHEDITEX, SCHEDITEX1, SCHEDITEX2, SCHEDITEX3, SCHEDITEX4, SCHEDITEX5, SCHPTAPPT
Delete Patient/Exam SCHCANCEX, SCHDELEX
Patient Merge REGFULL, REGLIM, REGMERG, REGMRGLIM, REGMLSTLIM, REGMLSTFUL
56
System Management
Exam Audit Trail ISTSUPPORT, PTRPTAUDIT, VUEEXAUDIT
Access Groups/Security Codes (Add/Edit Access Groups) SADSEC
Reset Passwords (Add/Edit Access Groups) SADSECUSER
System Preferences (System Level Functionality changes) ISTUSRPREF and ISTSUPPORT
System Filters (Create) ISTUSRPREF and ISTSUPPORT
Machine Preferences ISTUSRPREF and ISTMPREF
System Hanging Protocols ISTHPSTD, ISTSYSHP, ISTRAD
57
iSite Radiology Specific Features
iSite Radiology access ISTRAD
Film Print ISTFLMPRNT
Mark Read function ISTDICTATE
Series Matching Rules (create) ISTHPSTD
System level Hanging Protocols (create) ISTSYSHP
User level Hanging Protocols (create) ISTUSRHP
Machine Preferences ISTUSRPREF and ISTMPREF
58
For assistance, please call customer support at
1-877-328-2808 or 1-877-328-2809
59
(No Transcript)