Leaving Connect Care (Off-boarding)
Connect Care Security Requirements
Alberta Health Services (AHS) bears information manager responsibility for the Connect Care clinical information system (CIS). Appropriate access is provided to authorized users. In addition, access needs is removed when those users leave their role or otherwise no longer require CIS use. Leaving a role is usually managed explicitly. Persons no longer serving where Connect Care is the record of care have their access changed to suit their changed role.
Sometimes users remove themselves from the CIS community for so long that they become functionally inactive. Lack of availability for important announcements, updates, or maintenance of competence can compromise safe use of the system for others. Accordingly, there are agreed processes for identifying an inactive user, providing warning, then removing access (offboarding) until the user reengages with the Connect Care community.
Prescribers may change or leave a clinical practice. Typical reasons include a move to a different jurisdiction with a different record of care, retirement or death. Off-boarding protocols must be followed. Those relating to clinical practice and privilege are handled through Zone Medical Affairs Intake and site medical leadership. Those relating to AHS networks and systems are automatically triggered by the Medical Affairs process.
Departing physicians retain full CIS access for a period of time so that outstanding lab results can be reviewed, dictations signed, letters routed, encounters closed, communications completed and handovers assured. Read-only access (Connect Care Provider Portal) is provided for a longer time to comply with professional regulations about review of past clinical work.
There are specific Connect Care off-boarding tasks that prescribers must attend to. The leaving prescriber must ensure that the Connect Care In-Basket is assigned to another responsible provider or group, that Provider Team relationships have been updated (affecting patient lists), a Phone Book correction is submitted, Secure Chat settings are updated and email notifications are activated.
Access to Connect Care may be removed without the express request of the user. This can happen because the user does not logon for a prolonged period (and so may need re-orientation) and so is automatically set to "inactive" status. This can also happen when a policy, privacy breach or investigation triggers deactivation.
Inactive User Deactivation
Lack of ANY access to Connect Care for 150 consecutive days (~5 months) triggers an inactive user protocol, with key elements as follows:
At 150 days of inactivity, a communication is sent to the user and the user's manager (medical affairs for physicians, responsible program office for residents, student liaison for medical learners, partner organization leader for affiliates, etc.) indicating that access is at risk.
If the user's manager confirms that access continues to be authorized, then the user is reminded to access the CIS within the next 30 days.
If the user's manager indicates that access should be removed for any reason (e.g. left organization), the user is alerted and an appropriate time is set for deactivation.
If, despite user and manager notification, the user remains inactive (no logon) for 180 consecutive days (~6 months), the user's access will be suspended.
The only action needed from a user is to log on at least once during this period. This re-sets the clock.
A suspended account can be reactivated if the user re-affirms privacy awareness and any necessary training to address system changes during the period of inactivity.
Other Reasons for Deactivation
Users may be found in breach of professional or privacy regulations or may otherwise be subject to investigations that could affect system access. In all cases, decisions are made by Medical Affairs and are well communicated to the affected user.
Questions should be directed to the appropriate Zone Medical Affairs Intake.