Loss of Access to Connect Care Clinical Applications
Connect Care Security Requirements
Alberta Health Services (AHS) bears information manager responsibility for the Connect Care clinical information system (CIS). Appropriate access is provided to authorized users. In addition, access needs is removed when those users leave their role or otherwise no longer require CIS use. Leaving a role is usually managed explicitly. Persons no longer serving where Connect Care is the record of care have their access changed to suit their changed role.
Sometimes users remove themselves from the CIS community for so long that they become functionally inactive. Lack of availability for important announcements, updates, or maintenance of competence can compromise safe use of the system for others. Accordingly, there are agreed processes for identifying an inactive user, providing warning, then removing access until the user reengages with the Connect Care community.
Inactive User Deactivation
Lack of ANY access to Connect Care for 150 consecutive days (~5 months) triggers an inactive user protocol, with key elements as follows:
- At 150 days of inactivity, a communication is sent to the user and the user's manager (medical affairs for physicians, responsible program office for residents, student liaison for medical learners, partner organization leader for affiliates, etc.) indicating that access is at risk.
- If the user's manager confirms that access continues to be authorized, then the user is reminded to access the CIS within the next 30 days.
- If the user's manager indicates that access should be removed for any reason (e.g. left organization), the user is alerted and an appropriate time is set for deactivation.
- If, despite user and manager notification, the user remains inactive (no logon) for 180 consecutive days (~6 months), the user's access will be suspended.
- The only action needed from a user is to log on at least once during this period. This re-sets the clock.
- A suspended account can be reactivated if the user re-affirms privacy awareness and any necessary training to address system changes during the period of inactivity.
Other Reasons for Deactivation
Users may be found in breach of professional or privacy regulations or may otherwise be subject to investigations that could affect system access. In all cases, decisions are made by Medical Affairs and are well communicated to the affected user.
Questions should be directed to the appropriate zone medical affairs.