Leaving Connect Care (Off-boarding)
Connect Care Security Requirements
Alberta Health Services (AHS) bears information manager responsibility for the Connect Care clinical information system (CIS). Appropriate access is provided to authorized users. In addition, access needs are removed when users leave their role or otherwise no longer require CIS use. Leaving a role is usually managed explicitly; persons no longer serving where Connect Care is the record of care have their access changed to suit their changed role.
Sometimes users remove themselves from the CIS community for so long that they become functionally inactive. Lack of availability for important announcements, updates or maintenance of competence can compromise safe use of the system for others. Accordingly, there are agreed processes for identifying an inactive user, providing warning, then removing access (off-boarding) until the user reengages with the Connect Care community.
Prescribers may change or leave a clinical practice. Typical reasons include a move to a different jurisdiction with a different record of care and retirement. Off-boarding protocols must be followed. Those relating to clinical practice and privileges are handled through Zone Medical Affairs Intake and site medical leadership. Those relating to AHS networks and systems are automatically triggered by the Medical Affairs process.
Departing physicians retain full CIS access for a period of time so that outstanding lab results can be reviewed, dictations signed, letters routed, encounters closed, communications completed and handovers assured. Read-only access (via the Connect Care Provider Portal) is provided for a longer time to comply with professional regulations about review of past clinical work.
There are specific Connect Care off-boarding tasks that leaving prescribers must attend to. The first and most important is to get in touch with the relevant Zone Medical Affairs to identify the type of change required (e.g., retirement, move, facility change), effective date, and implications for AHS privileging. Medical Affairs facilitates Connect Care role and permissions changes at the right time.
Clinic managers and Medical Affairs can assist with many tasks. However, the leaving prescriber should ensure that the Connect Care In Basket is assigned to another responsible provider or group, that Provider Team relationships have been updated (affecting patient lists), a Phone Book correction is submitted, Secure Chat settings are updated, Therapy Plan and Protocol responsibilities have been reassigned, and email notifications are activated. These actions are further explained:
Access to Connect Care may be removed without the express expectation or request of a user, as might occur with sudden illness or death. Unintended deactivation can happen when the user does not log in for a prolonged period (and so may need re-orientation) and is automatically set to "inactive" status. It can also happen when a policy, privacy breach or investigation triggers deactivation. Unintended deactivations differ from intended deactivations in that the affected prescribers may not have had time or opportunity to follow anticipatory off-boarding protocols.
Inactive User Deactivation
Lack of ANY access to Connect Care for 150 consecutive days (~5 months) triggers an inactive user protocol, with key elements as follows:
At 150 days of inactivity, a communication is sent to the user and the user's manager (medical affairs for physicians, responsible program office for residents, student liaison for medical learners, partner organization leader for affiliates, etc.) indicating that access is at risk.
If the user's manager confirms that access continues to be authorized, then the user is reminded to access the CIS within the next 30 days.
If the user's manager indicates that access should be removed for any reason (e.g., left organization), the user is alerted and an appropriate time is set for deactivation.
If, despite user and manager notification, the user remains inactive (no log in) for 180 consecutive days (~6 months), the user's access will be suspended.
The only action needed from a user is to log in at least once during this period. This re-sets the clock.
A suspended account can be reactivated if the user re-affirms privacy awareness and any necessary training to address system changes during the period of inactivity.
Other Reasons for Deactivation
Users may be found in breach of professional or privacy regulations or may otherwise be subject to investigations that could affect system access. In all cases, decisions are made by Medical Affairs and are well communicated to the affected user. These decisions will guide Connect Care access and accountability, including whether part or all of the off-boarding protocols are activated.
Questions should be directed to the appropriate Zone Medical Affairs Intake.