Health. Electronic Health Record (EHR) User Access is granted to individuals
with a legitimate .... warranted. See Research Proposals for more information.
Electronic Health Records User Access PHC Remote Guideline Target Audience
Primary Health Care Remote CAHS; Primary Health Care Remote TEHS
Kerrie Simpson Atlas Development Officer Primary Health Care Remote CAHS
Refer to Policy Guideline Centre NT Quality and Safety Manager Primary Health Care
PHC Safety and Quality Team
The attributes in the above table will be auto-filled from the PGC System. Do not update in this document.
Purpose To provide Primary Health Care Remote staff with a guideline detiling the requirments, including the application process and training, to obtain the authority to utilise Electronic health Records used for clients in remote health services.
DEPARTMENT OF HEALTH Any individual user will be subject to having their use of these EHRs audited on a routine basis and to possible ad hoc scrutiny. Information in this document includes: - Applicant Identification - Application for User Access – Information Required - Submission of Application - Electronic Health Record - Training - Query Group Access – PCIS only - Use and Monitoring of Electronic Health Records - Access to My eHealth Record - Access to Linked Databases - WebClient Access - Extension, Termination or Change to User Access - Non-clinical Staff access to Health Information & Records - Business Rules Related to Access
User: an authorised User of a PHC Remote EHR system. Electronic Health Record (EHR): a systematic collection of electronic health information about individual clients. The EHR is the primary health record into which client personal and health data must be entered. Two EHR systems are used within PHC Remote, namely: - Primary Care Information System (PCIS) - East Arnhem Communicare System (EACS). This is a version of Communicare which is specifically adapted to meet the needs of DoH East Arnhem North clients and health centres. My eHealth Record (MeHR): a secure, electronic record of an individual’s medical history stored and shared in a network of connected systems so that vital health information can be securely exchanged between different health care providers such as medical practitioners, specialists, pharmacists and hospitals. The EHRs interface with MeHR. Rheumatic Heart Disease Register: a Northern Territory (NT) register of those with Acute Rheumatic Fever or with Rheumatic Heart Disease. Childhood Immunisation Database: a NT Centre for Disease Control (CDC) immunisation database that links to the Australian Childhood Immunisation Register (ACIR). It is the primary source of NT childhood immunisation records for PHC Remote clinical staff.
Electronic Health Record User
DEPARTMENT OF HEALTH
Electronic Health Record Helpdesks Accept correctly completed applications for new or modified EHR access Forward application forms to the relevant line manager / authorised delegate for signature Initiate ePASS registration for non-PHC Remote applicants as appropriate Forward RMP EHRS User Access applications to each EHRS relevant to the application Establish access appropriate to the role of the applicant Notify applicant when access has been established
Line Manager / Authorised Delegate Ensure ePASS registration is current or initiate ePASS registration as required Check and endorse signed EHR User Access applications Submit endorsed EHR User Access applications with the ePASS Id to the relevant Helpdesk Facilitate training for new employees Notify relevant EHR Helpdesk when changes to User access are required
Quality and Safety Manager Assess relevant applications received from the EHR Helpdesk and approve or reject each application Return User applications to the EHRS Helpdesk Authorise ePASS registration for relevant applicants as appropriate Retain all applications on file Terminate User Access as directed
Electronic Health Record Educator Arrange training at a mutually convenient time Provide training for appropriate level of access for new and reactivated Users Provide ongoing training for Users who request it Provide training sessions when EHR system upgrades occur
The majority of EHR Users will be required to complete a PCIS or EACS User Access Form and other related access forms as appropriate. RMPs in PHC Remote who require access to a range of Electronic Health Record Systems may complete the RMP EHRS User Access Form, which is a single form facilitating access to multiple EHR Systems. The Information Sheet - RMP - Multiple Electronic Health Record Systems User Access provides guidance for the use of a single form and should be used in conjunction with the information in this document as appropriate.
Applicant Identification and ePASS Registration
A personal ePASS User Id is required by all employees to obtain EHR User Access, even though the DoH network may be accessed through the generic health centre G70 log-on utilised in all remote health centres. This requirement applies to DoH employees, agency staff and non-government authorised personnel. It is important to recognise that once an individual has been registered with ePASS, the User Id that has been initially designated should be re-used for any subsequent reactivation of their account. Therefore ePASS registration of a new applicant should be approached in the following way: 1) Current or past ePASS registration should be checked 2) If current registration is in place, user details should be updated on ePASS, and the User Id utilised on the EHR application form Title: Electronic Health Records User Access PHC Remote Guideline HPRM Approval No: EDOC2017/43956 | Version: 2.0 | Doc ID: HEALTHINTRA-1880-12315 | Approved: 30/06/2015 | Last Updated: 30/06/2015 Page 3 of 9
DEPARTMENT OF HEALTH 3) If the applicant has a ‘terminated’ account, the account should be reactivated to ensure continuity of the same User Id 4) If no previous ePASS registration is evident, My eHealth Record registration should be checked. If MeHR registration has previously been granted, the same User Id should be used for the new ePASS Id. Managers may contact the My eHealth Record Helpdesk on 1800 247 430 to check on User Id information. 5) If no previous registration is evident for either My eHealth Record or ePASS, then a new User Id can be created either by manual or system generation. The persons User Id should then be noted in the appropriate field on the User Access Application Form (PCIS / EACS / RMP EHRS). Without exception, every individual who intends to use an EHR must submit a suitably completed User Access Application Form and must have a personal ePASS User Id before accessing any client record. Features of each aspect of the application form are detailed below. 4.1.1
Healthcare Provider Identifier – Individual (HPI-I) Number
A national eHealth initiative is being implemented. This includes a personally controlled electronic health record system which supports secure electronic sharing of health information across Australia’s healthcare system. Three types of Healthcare identifiers have been designed: for the individual (IHI), the health care provider organisation (HPI-O) and the individual health care provider (HPI-I). A HPI-I is allocated to healthcare providers and provides a unique way of identifying the healthcare provider on client records that the provider creates or updates. Health practitioners registered under national law with the Australian Health Practitioner Regulation Authority (AHPRA) can access their 16 digit HPI-I number by contacting: - Medicare on phone: 1300 361 457, or - the Healthcare Identifier Service on phone: 1300 419 495, or - by signing in to ‘your account’ on the AHPRA website and the HPI-I number is recorded in the ‘your details’ section For further information see eHealth NT - What is a HPI-I (intranet), the National E-Health Transition Authority (NEHTA) website, and specifically for HPI-I details the Healthcare Identifiers (HI) webpage.
Application for User Access – Information Required
Level of access is adjusted according to the role of the applicant. In most cases, it is reasonable that an individual will require security settings that are generic to a given role, and the appropriate role should be nominated on the application form. A relatively large number of EHR functions have security settings and these may be configured on an individual basis. However, any departure from generic security settings requires the specific written request of the applicant, with approval from the line manager / authorised delegate, and the record of this request is filed with the individual’s User Access application. The Quality and Safety Manager will arbitrate on any debatable requests. 4.2.2
Selecting a title for the applicant’s position is requested. This effectively applies a title against all the entries a User will make in the EHR. Commonly used titles are listed for quick selection, but a User may suggest a preferred alternative title. Not all requested alternative titles will be used where existing titles already exist that would be appropriate for that User.
Title: Electronic Health Records User Access PHC Remote Guideline HPRM Approval No: EDOC2017/43956 | Version: 2.0 | Doc ID: HEALTHINTRA-1880-12315 | Approved: 30/06/2015 | Last Updated: 30/06/2015 Page 4 of 9
DEPARTMENT OF HEALTH 4.2.3
Duration of Access
The duration of access that is applied for must not exceed contracted dates of employment, or other anticipated time limits on the requirement to access the EHR. Only permanent employees may nominate an open end date. Future amendments to access extension dates or type may be requested using the EHR User Access Cessation / Change Request Form (PCIS / EACS). 4.2.4
Selecting Health Centre/s
Applicants must nominate the anticipated usual health centre/s on the application form. Multiple sites or regional use may be nominated where this is necessary to perform the User’s role. It is not helpful to nominate additional sites on the off chance they may be used. For EHR Users limiting the number of usual work locations does not prevent accessing the client records from other locations using the same EHR. Rather, it promotes simpler use of EHR for the User and easier administration processes. It also reduces the risk of data entry mistakes. It is simple to add another work unit at a later date if the User begins work in a new location. This must be requested via Helpdesk. EACS User access is limited to the four East Arnhem North health centres. If clients of other non-Departmental health services have registered with MeHR, Users are able to access their MeHR records. 4.2.5
Telehealth Converge NT - Interface
Health centre facilities have video conferencing hardware and software installed on some computer assets to enable video conferencing capability. Similarly Medical Practitioners or staff requiring individual access may have this installed an NTG computer asset or personal computer depending on individual circumstances. Individual access is obtained by completing the Video Conference – Desktop Client and Peripheral Equipment Application. The Telehealth Converge NT provides information and contact details regarding practitioners or health facilities with video conferencing capability. Access to Telehealth Converge NT is a component of the default profile given to RMPs when they complete the EHRS – RMP User Access Form. For more information on Telehealth Converge NT contact the NT TeleHealth Helpdesk - phone: 1300 762 249 or e-mail: [email protected]
Prescriber and Medicare Provider Numbers
Only medical practitioners and other health professionals who hold Provider Numbers are required to complete and submit Page 2 of the Application for Access Form (PCIS / EACS / RMP EHRS). This page seeks information on Prescriber and Medicare Provider Numbers. Medical Practitioners working for PHC Remote must obtain a separate Medicare Provider Number for each community in which they consult. See Medicare Provider Numbers. 4.2.7
Applicant Declaration Signature
Title: Electronic Health Records User Access PHC Remote Guideline HPRM Approval No: EDOC2017/43956 | Version: 2.0 | Doc ID: HEALTHINTRA-1880-12315 | Approved: 30/06/2015 | Last Updated: 30/06/2015 Page 5 of 9
DEPARTMENT OF HEALTH 4.2.8
Authorisation for User access is twofold for DoH staff from PHC Remote, Police Watch House and Corrections, Renal Services and Alcohol Mandatory Assessment /Treatment and threefold for applicants external to the above listed DoH services and non-government applicants: - applicants authorise their own application, vouching for accuracy of submitted information - the applicant’s line manager is required to endorse the application and thereby acknowledge the appropriateness, legitimacy and accuracy of the application. Details of who is appropriate to endorse an application are described on Page 4 of the EHR Application for User Access Form. Applicants external to the above listed DoH services and non-government applicants, with the exception of some EACS sites, will have their application reviewed by the Quality and Safety Manager. This enables PHC Remote monitoring of external Users being granted access. In some instances, external applicants will be asked to provide supporting documentation. Researchers will only be granted the relevant EHR access in relation to research activities that have been previously authorised by PHC and the requirement for EHR access is warranted. See Research Proposals for more information.
Submission of Applications
Applicants submit their completed application to the relevant EHR Helpdesk by e-mail or fax. See Contact Details. If a form is submitted to the EHR Helpdesk with incomplete information, the Helpdesk staff will return the form for amendment. The Helpdesk will forward applications for authorisation as follows: - for DoH staff from PHC Remote, Police Watch House and Corrections, Renal Services, Alcohol Mandatory Alcohol Assessment/Treatment, to the line manager / authorised delegate - for applicants external to the above listed DoH services and non-government applicants (with the exception of some EACS sites), to the Quality and Safety Manager
Electronic Health Record - Training
Users are required to undertake initial and ongoing EHR training. See Electronic Health Record – Training & Resources for more information.
Query Group Access – PCIS Only
Query Group Access provides functionality that allows customised and comprehensive report queries to be built by the User. This additional level of access must be applied for separately using the PCIS Query Group Access form. This functionality is granted as per the requirements of the User’s role, usually for those in management or regional clinical positions. Primary Health Care Managers are entitled to request this access, but in this case use may be restricted to local searches only. The Query Group Access form further details the responsibilities imposed in using Query Group Access. Note: EACS does not have this functionality.
Use and Monitoring of Electronic Health Record
The use of EHRs is at all times limited to legitimate purposes for each User. This means: - only accessing client information pertaining to the User’s rightful terms of duty - only utilising the User’s personal User Access - ensuring client information is not disclosed for any other purpose without the client’s consent - ensuring accurate data entry. Routine auditing of the use of EHRs is conducted. Specific and ad hoc auditing may also occur for a variety of reasons. Title: Electronic Health Records User Access PHC Remote Guideline HPRM Approval No: EDOC2017/43956 | Version: 2.0 | Doc ID: HEALTHINTRA-1880-12315 | Approved: 30/06/2015 | Last Updated: 30/06/2015 Page 6 of 9
DEPARTMENT OF HEALTH
Access to My eHealth Record
All DoH employed clinical staff automatically receive access to the records of MeHR registered clients when PCIS or EACS User Access is granted. However, it should be noted that this is a distinct application and as such access privileges assume relevant obligations for responsible use. EHR Helpdesk staff will facilitate dual access on receipt of relevant endorsed applications. User Id and temporary passwords will match for both applications.
Access to Linked Databases
The Northern Territory (NT) Rheumatic Heart Disease Register and the NT Childhood Immunisation Program database can be accessed through both EHR systems. Authorised Users may access records of individual clients on these two databases. PHC Remote clinical staff who have a legitimate reason for accessing the records of all clients on the Rheumatic Heart Disease Register or the NT Childhood Immunisation Database must complete the RHD Register application form or the Immunisation Database application form and submit these to their line manager / authorised delegate for endorsement.
In general, PCIS and EACS will be accessed via departmental computers. However, it is possible to arrange web based access for individual Users via a Citrix interface. WebClient Access is applied for using the PCIS User Access and WebClient Application Form, EACS Application for WebClient Access Form or as a component of the default profile provided on the RMP EHRS Application Form. Users applying for WebClient Access must have an ePASS account and be Local Area Network (LAN) enabled. Nomination of a cost centre and authorisation by the cost centre manager is required to assign costs, as well as authorise the appropriateness of the access. The role of the User must provide a specific and legitimate reason for needing access to EHRs via a web connection. Examples include a medical practitioner on call in a non-DoH location or a researcher working at research institution. Most employees do not require this access to fulfil employment obligations. Also see Getting Started - WebClient Access - Windows (PCIS / EACS) and Getting Started - WebClient Access - Mac Computers (PCIS / EACS). 4.9.1
WebClient Access – End of Contract
WebClient Users are reminded that their ePASS account (and therefore access to PCIS or EACS) will generally be terminated when their contract ends. If a contract is extended, WebClient Users are responsible for completing the relevant User Access Cessation / Change Request form (PCIS / EACS) and sending the endorsed form to the PCIS Helpdesk.
Extension, Termination or Change to User Access
It is the responsibility of line managers / authorised delegates to notify the EHR Helpdesk in writing of EHR Users who no longer require User Access or whose role has changed. The relevant User Access Cessation / Change Request Form (PCIS / EACS) must be used to facilitate this notification. Notify PCIS / EACS Helpdesk when: - the User terminates employment or no longer requires User Access for the role for which access was granted. - the User’s temporary contract is extended - when the default messaging provider is absent for a period (PCIS only) - when the default provider or usual Medical Practitioner is absent from a health centre for a period of time. Title: Electronic Health Records User Access PHC Remote Guideline HPRM Approval No: EDOC2017/43956 | Version: 2.0 | Doc ID: HEALTHINTRA-1880-12315 | Approved: 30/06/2015 | Last Updated: 30/06/2015 Page 7 of 9
DEPARTMENT OF HEALTH User access may be terminated in the event of inappropriate use of an EHR.
Non-clinical Staff Access to Health Information and Records
Health records should only be accessed where it is necessary for the performance of an employee’s normal duties. The procedure for recording this information is described in Electronic Health Records – Overview. 4.11.1 Electronic Health Record – Administration Staff Access The role of the health centre Administrative Officer is intended to support the clinical workforce and health centre workflow by ensuring the maintenance of client demographic information, maintaining Wait Lists and processing of client correspondence from external service providers such as specialists. As the role already involves dealing with confidential information, the standard level of access granted to administration staff may be extended at the discretion of the relevant line manager / authorised delegate.
Business Rules related to Access
Business Rules governing access to EHRs are located in Getting Started – Access and Training (PCIS / EACS).
08 8999 2855
08 8980 0730
08 8924 7173
08 8923 7603
1800 247 430
1300 762 249
08 8980 0730
[email protected] [email protected]
Document Quality Assurance Method Implementation
Document will be accessible via the Policy Guidelines Centre and Remote Health Atlas
Health Policy Guidelines Program
Document is to be reviewed within 3 years, or as changes in practice occur
Atlas Development Officer, Primary Health Care CAHS
Evaluation will be ongoing and informal, based on feedback.
Atlas Development Officer, Primary Health Care CAHS
Atlas Development Officer, Primary Health Care CAHS
Key Associated Documents Forms
PCIS User Access and WebClient Application Form Application for EACS User Access EACS WebClient Access PCIS User Access Cessation / Change Request
Title: Electronic Health Records User Access PHC Remote Guideline HPRM Approval No: EDOC2017/43956 | Version: 2.0 | Doc ID: HEALTHINTRA-1880-12315 | Approved: 30/06/2015 | Last Updated: 30/06/2015 Page 8 of 9
DEPARTMENT OF HEALTH EACS User Access Cessation / Change Request PCIS Query Group Access Rural Medical Practitioner (RMP) Electronic Health Record Systems User Access Form Rheumatic Heart Disease Register Application form Childhood Immunisation Records – Internet Access Disease Control User and Provider Access form Video Conference – Desktop Client and Peripheral Equipment Application Key Legislation, By-Laws, Standards, Delegations, Aligned & Supporting Documents
Section 7 – Health Records Research Proposals Medicare Provider Numbers Telehealth – Specialist Consultation Information Sheet: RMP - Multiple Electronic Health Record Systems User Access My eHealth Record (MeHR) eHealth NT - What is a HPI-I Information Act DoH Freedom of Information and Privacy ePASS DoH Telehealth intranet site: Telehealth Converge NT Interface PCIS Website Access webpage URG Getting Started – User Access and Training URG WebClient Access - Windows URG WebClient Access - Mac Computers EACS Website Access web page
Evidence Table Reference
Evidence level (I-V)
Summary of recommendation from this reference
Title: Electronic Health Records User Access PHC Remote Guideline HPRM Approval No: EDOC2017/43956 | Version: 2.0 | Doc ID: HEALTHINTRA-1880-12315 | Approved: 30/06/2015 | Last Updated: 30/06/2015 Page 9 of 9