Guidelines for CLIQ Access Requests for HCSD/non_XA and _XA roles
v1.4 – 3/2/2009
Table of Contents
Access to CLIQ is provided to a wide variety of clinical and administrative personnel at LSU Hospitals (HCSD) and its external affiliate organizations who serve in functional roles that review or enter data in CLIQ, or support those who review or enter data in CLIQ. CLIQ access is granted or revoked through the procedures outlined in this document, and is performed at the sole discretion of HCSD.
Management of HCSD’s network security is outsourced to LSUHSC-NO Enterprise Computer Services Information Security. In this capacity, Information Security is responsible for activating or deactivating CLIQ access according to the procedures outlined in this document and as requested by HSCD. These procedures are established through the collaborative work of the HCSD Office of the CIO, the facility IT directors and Information Security.
CLIQ’s application level security is “role based.” This means that access privileges are defined by the functional role of the user according to an authorization matrix of pre-defined roles linked to CLIQ’s display and data entry components. A user assigned to a role has access to only those components outlined in the CLIQ Role-based Access matrix. In supporting this access, the hospitals have the responsibility to assure that a request for CLIQ access has come from an appropriate authority within the facility (or HQ). Because many functional CLIQ roles do not map directly to PeopleSoft titles or other documented personnel titles, Information Security cannot for many roles simply perform a "job title check" to determine if the access being requested is appropriate.
Information Security will continue running a job title check when access to physician, nurse, nurse advanced practice, resident, pharmacist, dentist or medical student roles are requested; however, for all other requests the check for role appropriateness will be solely facility based. As such, it is now the IT department's responsibility to assure that the individual requesting access for an employee is the employee's supervisor (Department Director), and that the requesting supervisor has the appropriate organizational authority to make that request. In addition, it will now be the IT department's responsibility to preserve documentation on CLIQ access requests from their facility for auditing purposes. Audit inquiries received by Information Security relative to CLIQ access requests and appropriately documented procedures and approvals will be referred to the facility IT directors.
Each facility IT director is responsible for reviewing these guidelines with their medical director and administrators and putting in place internal policies, procedures and documentation that appropriately and securely supports access to CLIQ for local users.
Each role represented in the CLIQ access matrix relates to a role having the same name in the CLIQ User Setup admin tool, which is managed by Information Security.
A user may be assigned one of two role types from the matrix: an HCSD/non_XA role or a _XA roles (these are described in detail below). The matrix is standardized across all HCSD facilities and can be found at the Information Security intranet link: https://intranet.lsuhsc.edu/security/CLIQAccessRoles.html.
It is important to note that the use of the term “External (non-LSU) Affiliate” on the CLIQ role-based access matrix is not equivalent to the way Information Security uses the term. CLIQ roles that relate to external affiliates are designated with the suffix _XA. These roles will not be chosen by the HCSD hospitals for users EMPLOYED in any way by LSU, whether direct hire (classified or unclassified) or contracted (like physicians, nurses at various facilities – see Internal Affiliate below). _XA roles are for users NOT working at LSU. They are for community and state partner organizations whose employees need access to CLIQ data (these include groups like PATH/Community Clinics, OPH, OMH and DOC).
Access to CLIQ is enabled by addition of a user (user id) to the CLIQ security group in the LSUHSC-NO Active Directory.
Please note that access requests related to CLIQ administration and maintenance tools such as SFT-CLIQtesters, SFT-CLIQ_DataEditors, SFT-CLIQ_ErrorQueue, SFT-CLIQ_Merge, SFT-CLIQ_Norm and SFT-CLIQ User Setup are managed through procedures outside the scope of this document.
Please note that access for LSUHSC and Tulane residents and medical students are managed through procedures that extend beyond the scope of this document.
Please note that for the purposes of CLIQ access outlined in this document Huey P. Long Medical Center should handled the same as the HCSD facilities.
Please note that HCSD is currently working with the following community partner or external affiliate organizations: PATH/Community Clinics, Office of Mental Health (OMH), Office of Public Health (OPH), Department of Corrections (DOC), Teche/ByNet Community Clinics, LSU Healthcare Network (LHN), LSUHSC-Shreveport and E.A. Conway Medical Center (EAC). Access requests for these affiliated organizations require the approval of the authorized HCSD Sponsor (see HCSD Sponsors and CLIQ Admins below).
The majority of requests for CLIQ access, inclusive of HCSD/non_XA and _XA roles, and all requests for CLIQ access related to community partner or external (non-LSU) affiliate organizations, will be received by Information Security from the designated IT Supporter at an HCSD hospital or from Peggy Denham at HCSD HQ (or by way of the alternate procedures noted above to provide access to LSUHSC and Tulane clinical faculty, residents and medical students working at HCSD facilities).
Any requests for access involving HCSD/non_XA or _XA roles that are received by Information Security through channels other than the designated hospital IT Supporter or Peggy Denham at HQ (with the exception of LSUHSC-NO and Tulane clinical faculty, residents and medical students that are managed through alternate procedures noted above), shall be forwarded by Information Security for the review and approval by the HCSD CIO/CMIO. These requests for access are often but not exclusively made for LSUHSC employees that are not HCSD employees; frequently non-clinical personnel at LSUHSC-NO performing professional billing, or supporting research, clinical trials, clinical data monitoring or measurement. They may also include personnel related to the LSUHSC-NO Juvenile Justice Program (JJP), the Louisiana Tumor Registry (LTR), Louisiana Healthcare Network (LHN), LSUHSC-S’port and EA Conway Medical Center. In many of these cases, additional information is needed to approve these requests for access and special auditing procedures may be required. In order to approve these requests for access, the supervisor of the employee needing access shall need to submit the following information with the request. This information should already be included when Information Security forwards the request for review and approval of the HCSD CIO/CMIO:
For those users requesting access to CLIQ for the purpose or research, clinical trials, clinical data monitoring or measurement, review and approval by the HCSD Sponsored Projects section, special procedures for limiting access to a limited set of patient records, and special auditing of CLIQ utilization may be necessary. These requests are most often received for personnel at LSUHSC-NO or the Tulane School of Medicine but may generate from a variety of sources.
When access to CLIQ is related to research, clinical trials, clinical data monitoring or measurement, a copy of IRB approval documents and research protocols shall be included with the request for access and sent to the HCSD CIO/CMIO. The HCSD CIO/CMIO will forward these documents and protocols to the HCSD Sponsored Projects section. After review of the documents and protocols, the Sponsored Projects section will inform the HCSD CIO/CMIO via email whether access to CLIQ is appropriate and should be granted, and if so, the correct CLIQ user role and need for multi-facility access.
HCSD/non_XA Roles – Requests for HCSD/non_XA roles are authorized at an HQ or hospital level through policy and procedure defined by HQ or the hospital and approved by the CMO or hospital medical director. When access is requested through the designated IT Supporter, the appropriate authorization will already have been completed in the hospital or at HQ by an individual holding a supervisory role. Access should therefore be granted by Information Security as long as the authorization is shown to have come from an individual holding a supervisory role at the facility or HQ, and the job title check meets the criteria outlined in this document.
_XA Roles – Requests for _XA roles are authorized by a hospital or HQ designated sponsor. The sponsor must be an employee of LSU HCSD or its hospitals (direct hire or contract), and designation as a sponsor should come with the approval of the HCSD facility medical director, the HCSD CMO or the HCSD CIO/CMIO. The sponsor's name and the organization for which they can authorize CLIQ access via _XA roles should be on file with Information Security.
The current list of HCSD HQ affiliates:
HQ Affiliate - OPH (Office of Public Health) Clinical Abstractors
HQ Affiliate - OMH (Office of Mental Health) Psychiatrists
HQ Affiliate – DOC (Department of Corrections) Adult Svcs
HQ Affiliate - Teche Action Clinic
HQ Affiliate - PATH Partners
Account applications for HQ Affiliates will be submitted to Information Security by Peggy Denham. All of the above HQ Affiliate relationships and their corresponding CLIQ access approvals are being managed at an HCSD system-wide level by HCSD HQ. Sponsors previously approving access for these organizations at HCSD hospitals should be removed from the approved sponsors list.
The current list of HCSD sponsors and the organizations for which they can authorize CLIQ access:
* Jane Herwehe (jherwe) can authorize access for any _XA role for OPH Clinical Abstractors and OMH Psychiatrists affiliates, including multi-facility authorization and regardless of location or role-job title mismatch, with the exception of Information Security performing the job title check outlined below. These community partner and affiliate relationships are being managed at an HCSD system-wide level, and for consistency CLIQ access approvals are also managed through HCSD HQ. Sponsors previously approving access for these organizations at HCSD hospitals should be removed from the approved sponsors list.
* Wayne Wilbright (wwilbr) is the sole authorizer of access for any CLIQ role for PATH Partners, DOC Adult Svcs and Teche Action Clinic affiliates, including multi-facility authorization and regardless of location or role-job title mismatch, with the exception of Information Security performing the job title check outlined below.
* Note: Wayne Wilbright is also the sole authorizer of access for any CLIQ role for the LSU Healthcare Network (LHN), Juvenile Justice Program (JJP) and Louisiana Tumor Registry (LTR), LSUHSC-Shreveport and E.A. Conway, including multi-facility authorization and regardless of location or role-job title mismatch, with the exception of Information Security performing the job title check outlined below. Because each of these organizational entities has an already established IT Supporter within the LSUHSC-NO network management structure, it is not necessary to establish an HQ Affiliation nor for Peggy Denham to review/submit these requests as with typical external affiliate organizations. All of the above LSU partner relationships and their corresponding CLIQ access approvals are being managed at an HCSD system-wide level by HCSD HQ. These requests will come directly from Information Security via email to the HCSD CIO/CMIO, and the approval or denial will be returned directly to Information Security via email. Users from LSUHSC-S'port, EA Conway and LHN will be assigned to _XA roles.
With the exception of the HCSD-wide sponsors listed above (as opposed to hospital designated sponsors), requests involving _XA roles for community partner and affiliate relationships managed at a local HCSD facility level made by a hospital designated sponsor will require the approval of the hospital’s CLIQ Admin before access is granted. Hospital designated sponsors can request CLIQ access for any _XA role when approved by their hospital’s CLIQ Admin, regardless of role-job title mismatch with the exception of Information Security performing the job title check below.
Requests from hospital designated sponsors for multi-facility access for _XA roles require authorization by the medical director (CLIQ Admin) of the sister HCSD facilities to which multi-facility access has been requested.
When a new role is identified for addition to the CLIQ access matrix, an email communication listing the new role name will be forwarded with the approval of the HSCD CIO to CLIQ@lsuhsc.edu and Information Security (security@lsuhsc.edu). The CLIQ team will add the new role to the CLIQ User Setup admin tool within 1 business day of receiving the request. After the role is added, the CLIQ team will notify via email the HCSD CIO, the facility IT Support groups*, and Information Security (security@lsuhsc.edu).
* Note: A facility IT Support group represents HCSD facility-based IT personnel that are endorsed by facility Administration to manage access for facility employees to secure information systems used at the facility.
Retiring Roles from the Matrix
When a role is identified for retirement from the CLIQ access matrix, an email communication listing the soon-to-be-retired role name will be sent by the HCSD CIO to Information Security, the facility IT support groups and CLIQ@lsuhsc.edu. Upon receipt of this communication, the facility IT support groups will no longer submit requests and Information Security will stop the addition of any new users to the soon-to-be-retired role.
All LSUHSC, LSU HCSD and affiliate users having the soon-to-be-retired role will be transferred to another already existing active role prior to the retirement action being taken to prevent disruption of information access. This transfer will proceed according to the following procedure.
1. The CLIQ team at the request of the HCSD CIO will generate a role transfer spreadsheet listing all users currently assigned to the soon-to-be-retired role.
2. The HCSD CIO will after review forward the role transfer spreadsheet to the IT support group at each facility.
3. The IT support group will work with local department directors to reassign each of the users to an active role appropriate to their function at the facility.
4. The updated role transfer spreadsheet will be returned within 3 business days to the HCSD CIO.
5. The HCSD CIO will after review and submit the role transfer spreadsheet(s) received from all facilities to Information Security
6. Information Security will transfer all users listed in the role transfer spreadsheet from the soon-to-be-retired role to the newly identified active role within 3 business days of receipt.
7. After all users have been transferred, Information Security will notify via email the HCSD CIO, the facility IT support groups and CLIQ@lsuhsc.edu of the completed action.
8. The HCSD CIO will then reply via email to the CLIQ team (CLIQ@lsuhsc.edu) with a CC to Information Security and the facility IT support groups with the approval to permanently retire the role from the CLIQ Admin tool.
Providing CLIQ Access to New Users
New users are provided CLIQ access appropriate to their role through a variety of mechanisms geared to maximize efficiency and timeliness as much as possible.
1. HCSD Employee Computer Account application – LSUHSC and LSU HCSD employees will receive CLIQ access only upon the receipt by Information Security of a request from the facility IT support group.
a. Upon creation in PeopleSoft of a new employee record by LSUHSC or LSU HCSD HR, Information Security will automatically provision for the employee a network and email account.
b. Notification of the existence of these new accounts is sent daily to the facility IT support groups via email. The IT Supporter, using CRS, can review the list of newly created accounts and authorize or deny each account for activation. In addition, the IT Supporter can while authorizing request that access to other applications, such as CLIQ, be added to specific user accounts.
i. For LSUHSC and LSU HCSD physicians, residents, nurses, nurse practitioners, dentists, pharmacists and medical students the request for access includes CLIQ by default (as this access has been pre-approved by the HCSD and facility Medical Directors).
1. The IT Supporter will complete the authorization in CRS of the network and email account, and any additional clinical or administrative systems including CLIQ. CLIQ access for these positions will be authorized according to the parameters a – g immediately below
a. Physician (staff, faculty) – CLIQ Physician role, Multi-facility access = All
b. Nurse (staff, faculty) – CLIQ Nurse role, Multi-facility access = All
c. Nurse Practitioner/ Physician Assistant – CLIQ Nurse Advanced Practice role, Multi-facility access = All
d. Resident (LSUHSC) – CLIQ Resident role, Multi-facility access = All
e. Pharmacist – CLIQ Pharmacist role, Multi-facility access = All
f. Dentist (staff, faculty) – CLIQ Dentist role, Multi-facility access = All
g. Medical Student 3/4th year (LSUHSC) – CLIQ Medical Student role, Multi-facility access = EKL, MCL, UMC, BMC, LJC
2. Job title checks will be performed by Information Security whenever physician, nurse, nurse advanced practice, resident, pharmacist, dentist, medical student, or nursing student roles are requested, for both HCSD/non_XA and _XA roles, to verity that the PeopleSoft title matches the CLIQ role (i.e.to be sure nurse access is not mistakenly being provided to a laboratory technician). If a role-job title mismatch is identified for these roles a request for approval will be sent to the CLIQ Admin at the facility from which the request originated, or to the HCSD CIO/CMIO (or his designee) if the request originated at HCSD HQ.
ii. For all other personnel, the facility IT Supporter is responsible for communicating via email with the employee’s Department Director to determine if access to CLIQ is required. If CLIQ access is required, the Department Director is responsible for choosing a CLIQ role from the CLIQ access matrix that is directly applicable to the employee’s functional role and information needs to effectively perform their job duties. The Department Director is also responsible for indicating whether the employee requires access to patient data from other HCSD facilities. Multi-facility access is provisioned automatically for some roles (see below). The Department Director replies via email to the IT Supporter with the CLIQ access request. The email serves as approval from the Department Director to the IT Supporter to submit the access request to CLIQ.
1. Directors of the following departments are approved to request CLIQ access by way of the facility IT Supporter for their employees: nursing, pharmacy, laboratory, dietary, radiology, clinical diagnostics (like cardiology, respiratory, sleep center), registration/admitting, medical records, physical therapy, quality management, utilization management, compliance.
2. If requests for CLIQ access emanate from a Department Director not included in the approved department list, the IT Supporter will forward the email from the Department Director to the facility Medical Director (facility CLIQ Admin) with an explanation and request for approval/denial.
iii. Upon receipt of the email from an approved department’s Director, or secondary approval from the facility Medical Director, the facility IT Supporter will complete the authorization in CRS of the network and email account, and the requested additional clinical or administrative systems including CLIQ. The IT Supporter will include the following information:
1. CLIQ role name (chosen from the CLIQ access matrix by the employee’s Department Director)
2. Need for multi-facility access (All or some – BMC, EKL, LAK, LJC, MCL, UMC, WOM).
c. When the authorization action is completed in CRS by the IT Supporter, Information Security will enable access to the additional systems needed by the employee, including CLIQ, within 3 business days. If a more rapid turnaround is required an email flagged as HIGH importance should be sent to Information Security (security@lsuhsc.edu).
d. Upon notification that CRS authorization is complete, Information Secrurity will send communication via email to the facility IT Support group and the employee.
2. Internal Affiliate Computer Account application – Internal Affiliates of HCSD include contractors (contract employees), such as SLMA physicians at LJC, working for and within HCSD facilities. They receive CLIQ access only upon the receipt by Information Security of an appropriately completed Computer Account application indicating the affiliation, the HCSD sponsor approval, the CLIQ role and need for Multi-facility access. Please note the distinction for the purposes of CLIQ Role-based between the use of the term External Affiliate at HCSD versus LSUHSC – refer to #3a below.
a. The Computer Account application is completed and approved by the HCSD sponsor and submitted to the sponsor’s HCSD facility IT Supporter. An HCSD sponsor is an HCSD employee designated to serve in this role by a facility Medical Director or the HCSD CMO.
b. The facility IT Supporter is responsible for checking that the Computer Account application was submitted by an HCSD sponsor, and is appropriately completed. In addition to information related to provisioning a network and/or email account, the application must contain the following information related to CLIQ
i. CLIQ role name (chosen from the CLIQ access matrix by the HCSD sponsor)
ii. Need for multi-facility access (All or some – BMC, EKL, LAK, LJC, MCL, UMC, WOM). Multi-facility access is provisioned automatically for some roles (see below).
c. The facility IT Supporter scans and emails the completed and approved Computer Account application to Information Security.
d. Upon receipt, Information Security will perform a job title check for the following roles (physicians, nurses, nurses advanced practice, residents, pharmacists, dentists and medical students – see 1bi2 above) and provision the affiliate’s CLIQ access within 3 business days, and send notification via email to the facility IT Supporter and Internal Affiliate user. If a more rapid turnaround is required an email flagged as HIGH importance should be sent to Information Security (security@lsuhsc.edu).
e. The facility IT Supporter is responsible for communicating the availability of access to the HCSD sponsor who is responsible for communicating with the Internal Affiliate user.
3. External Affiliate Computer Account application – External Affiliates of HCSD, including but not limited to employees of the Office of Public Health, Office of Mental Health and community clinicians, will receive CLIQ access only upon the receipt by Information Security of an appropriately completed Computer Account application indicating the affiliation, the HCSD sponsor approval, the CLIQ role and need for Multi-facility access. As noted in the Overview section: The term “External (non-LSU) Affiliate” on the CLIQ role-based access matrix is not equivalent to the way Information Security uses the term. CLIQ roles that relate to external affiliates are designated with the suffix _XA. These roles will not be chosen by the HCSD hospitals for users EMPLOYED in any way by LSU, whether direct hire (classified or unclassified) or contracted (like physicians, nurses at various facilities – see Internal Affiliate below). _XA roles are for users NOT working at LSU. They are for community and state partner organizations whose employees need access to CLIQ data (these include groups like PATH/Community Clinics, OPH, OMH and DOC).
a. The Computer Account application is completed and approved by the HCSD sponsor and submitted to the sponsor’s HCSD facility IT Supporter. An HCSD sponsor is an HCSD employee designated to serve in this role by a facility Medical Director or the HCSD CMO.
b. The facility IT Supporter is responsible for checking that the Computer Account application was submitted by an HCSD sponsor, and is appropriately completed. In addition to information related to provisioning a network and/or email account, the application must contain the following information related to CLIQ
i. CLIQ role name (chosen from the CLIQ access matrix by the HCSD sponsor)
ii. Need for multi-facility access (All or some – BMC, EKL, LAK, LJC, MCL, UMC, WOM). Multi-facility access is provisioned automatically for some roles (see below).
c. The facility IT Supporter scans and emails the completed and approved Computer Account application to Information Security.
d. Upon receipt, Information Security will perform a job title check for the following roles (physicians, nurses, nurses advanced practice, residents, pharmacists, dentists and medical students – see 1bi2 above) and provision the affiliate’s CLIQ access within 3 business days, and send notification via email to the facility IT Supporter and Internal Affiliate user. If a more rapid turnaround is required an email flagged as HIGH importance should be sent to Information Security (security@lsuhsc.edu).
e. The facility IT Supporter is responsible for communicating the availability of access to the HCSD sponsor who is responsible for communicating with the external affiliate organization, and coordinating any necessary affiliate training.
Note: No request for CLIQ access should be submitted to Information Security by the designated IT Supporter unless the request identifies the CLIQ role being requested.
Multi-facility Access HCSD/non_XA Roles
If patients are referred from one HCSD facility to another, clinical and administrative personnel at the receiving facility may need to access to the patient’s CLIQ record from the referring facility. This access is provided automatically to any HCSD/non_XA role having a default multi-facility access designation or to individuals having eligible roles for whom this designation has been requested by the employee’s Department Director (or HCSD sponsor for a _XA role). The default multi-facility access privileges listed below supercede any individual requests for multi-facility access related to the roles listed.
1. Default multi-facility access = ALL is assigned by default for the following roles:
a. Physician
b. Nurse Advanced Practice
c. Nurse
d. Resident
e. Pharmacist
f. Dentist
2. Default multi-facility access for medical students
a. EKL, LJC, MCL, UMC and BMC are assigned by default for 3/4th year LSUHSC medical students with the following role: Medical Student
b. MCL and HPL is assigned by default for 3/4th year Tulane medical students with the following role: Medical Student
c. Only LJC is assigned for 3/4th year LJC medical students with the following role: Medical Student
3. All other HCSD/non_XA roles are multi-facility “eligible”
a. Multi-facility access is granted on an individual user basis for those roles that do not have a default designation. Multi-facility access may be requested by an HCSD HQ or facility supervisor through their designated facility IT Supporter.
b. The designated facility IT Supporter will check that the request was completed correctly and submitted by an appropriate supervisor, and then forward the request with the following components to Information Security.
i. User's name (in subject field)
ii. User logon id, last 4 SSN, or PeopleSoft Employee Id#
iii. CLIQ role name (chosen from the CLIQ access matrix by the employee’s Department Director)
iv. Need for multi-facility access (ALL or some – BMC, EKL, LAK, LJC, MCL, UMC, WOM).
c. If an HCSD facility requests multi-facility access for an HCSD/non_XA role (this would be for an employee – direct hire or contract) that does not receive multi-facility access by default (#1 and 2 above), such access can be granted without requesting approval from the medical director (CLIQ Admin) of the sister HCSD facilities to which the multi-facility access would be granted as long as the role requested is included in the following list:
i. Cardiology Tech Adv Clinical
ii. Laboratory Tech Adv Clinical
iii. Radiology Tech Adv Clinical
iv. Medical Assist Clinical
v. Medical Records Clinical
d. For all other roles, multi-facility access will be granted only after approval is received from the medical director (CLIQ Admin) of the sister HCSD facilities to which the multi-facility access is requested.
e. If a CLIQ access request is made for a role that does not have a default multi-facility access designation, Information security will assign access only to the facility from which the request is made.
f. Upon receipt, Information Security will update the user’s CLIQ multi-facility access within 1 business day of receipt, and send notification of the change via email to the facility IT Supporter and the user.
Multi-facility Access _XA Roles
1. Multi-facility access can be provided to _XA roles with the exception of the following for which it is prohibited:
a. Medical Student_XA and Nursing Student_XA
2. For all other roles, multi-facility access can be provided according to the sponsor's privilege to request such access. This privilege is listed in the sentence following the sponsor's name (above).
3. If an HCSD-wide sponsor requests multi-facility access for a _XA role, such access will be granted without the additional authorization of the medical director (CLIQ Admin) of the sister HCSD facilities to which multi-facility access has been requested. However, if a hospital designated sponsor requests multi-facility access for a _XA role, such assess will be granted only with the additional authorization of the medical director (CLIQ Admin) of the sister HCSD facilities to which multi-facility access has been requested.
Providing CLIQ Medication Management (CMM) Access
Access to the CMM module is made available only to a subgroup of clinical users holding specific functional roles and only after they have completed the required CMM training. Access to CMM is provided only to individuals working directly within HCSD facilities, and is therefore not available to CLIQ external affiliate users who hold or would hold _XA roles, as defined elsewhere in this guidance.
1. The functional roles of HCSD employees or contractors that may be granted access the CMM module include staff physicians, resident physicians and doctors of podiatric medicine, advanced practice nurses, physician assistants, RNs, LPNs, dentists, and pharmacists.
2. Individual users holding these functional roles at HCSD facilties that already have access to CLIQ may have their CLIQ role upgraded to a CMM role after the completion of the required CMM training.
3. Training is conducted independently at each HCSD facility by CMM “trained” trainers that have been designated by the hospital administration at each HCSD facility.
4. Hospital administration at each HCSD facility has also designated one or more CMM physician champions and/or nurse champions. The champions’ role is to manage the adoption and ongoing use of CMM at their facility, and serve as the trusted authority for approving CMM access to individuals holding appropriate functional roles after they complete the required CMM training. The current physician and nurse champions are:
a. BMC – Anthony Pham, MD and Cindy Ingram, RN
b. EKL – Briana Truehill, MD, Michael Stuart, MD and Dawn Beasley, RN
c. ILH – Carl Walker,
MD, John Couk, MD, Princess Dennar, MD, Gail Cochran, RN,
Andrew Mahoney, RN, Gretchen Delo, RN, Dorothy Naquin-Plaisance, RN, Toni Rougeou, RN
d. LAK – Kathy Willis, MD and EJ Grandstaff, RN
e. LJC – Michael Garcia, MD and Pam Wright, RN
f. UMC – Linda Oge, MD and Dana Faul, RN
g. WOM – Ben Darby, MD and Brenda Daigle Murry, RN
5. As part of their role as the trusted authority for CMM access, any of the listed champions may submit a request / approval to provide CMM access to individuals at their facility who hold an appropriate functional role and who have completed the required CMM training. It is the responsibility the champion to be sure the required training has been completed by the user(s) prior to submitting a CMM role upgrade request. It is not the responsibility of Information Security to verify that training has been completed. The credentials of the champion do not play a role in determining authority for approval – nurse champions can approve physician CMM access and vise versa.
6. An email request/approval to upgrade a current user’s CLIQ role to a CMM role shall be sent directly from a designated physician or nurse champion to Information Security. Alternatively for purposes of convenience or communication, the champion’s email request/approval may be sent through the facility’s designated IT supporter. The IT support will forward the request directly to Information Security.
An email request/approval to upgrade a current user’s CLIQ role to a CMM role shall take the following form:
“Information Security,
Please update the CLIQ role for the following individual(s) from “Nurse" to "Nurse CMM" with default facility = EKL and multifacility access = ALL.
User1FirstName LastName – User1ID
User2FirstName Last Name – User2ID
Please update the CLIQ role for the following individual(s) from “Physician" to "Physician CMM" with default facility = EKL and multifacility access = ALL.
User3FirstName LastName – User3ID
User4FirstName Last Name – User4ID
Thanks.”
Multiple requests, as shown above, can be submitted in a single email but should be separated by role type.
7. The CLIQ CMM role names are listed in the right hand column of the table below.
|
Functional Role |
CLIQ Role |
CMM Role |
|
Dentist |
Dentist |
Dentist CMM |
|
Doctor of Podiatric Med |
DPM |
DPM CMM |
|
Nurse Practitioner |
Nurse Advanced Practice |
Nurse Advanced Practice CMM |
|
Pharmacist |
Pharmacist |
Pharmacist CMM |
|
Physician Assistant |
Physician Assistant |
Physician Assistant CMM |
|
Resident physician |
Resident |
Resident CMM |
|
RN, LPN |
Nurse |
Nurse CMM |
|
Staff physician |
Physician |
Physician CMM |
Detailed access privileges for each of the CLIQ and CMM roles can be found at any time on the CLIQ Role Access Matrix found at: http://miweb.lsuhsc.edu/CLIQAnon/CLIQ_Role_Matrix_20090206_1.html
8. Basic CLIQ access and CMM access can be provided simultaneously to new users as long as they hold the appropriate functional role, they have completed the required CMM training, and the request for access to CMM is submitted with the approval of the designated facility champion.
9. Information Security will update the user’s CMM role within 1 business day of receipt, and send notification of the change via email to the submitting champion(s).
Changing Roles (adjusting access privileges) for Current Users
As new CLIQ roles are added and as users change from one functional role to another, the need for users to access CLIQ functions will also change.
1. Transfer of an LSUHSC or LSU HCSD employee, including an Internal Affiliate employee, from one active role to another active role.
a. The employee’s HCSD Department Director submits an email to their facility IT Supporter with the employee’s current CLIQ role, request for change to different CLIQ role, and any necessary justification for making the change.
b. The Department Director is responsible for choosing a CLIQ role that is directly applicable to the employee’s functional role and information needs for effectively performing their job duties. The Department Director is also responsible for indicating whether the employee requires access to patient data from other HCSD facilities. Multi-facility access is provisioned automatically for some roles (see above). The Department Director replies via email to the IT Supporter with the CLIQ access request. The email serves as approval from the Department Director to the IT Supporter to authorize access to CLIQ.
i. Directors of the following departments are approved to request changes to CLIQ access for their employees: nursing, pharmacy, laboratory, dietary, radiology, clinical diagnostics (like cardiology, respiratory, sleep center), registration/admitting, medical records, physical therapy, quality management, utilization management, compliance.
ii. If requests for changes in CLIQ access emanate from a Department Director not included in the approved department list, the IT Supporter will forward the email from the Department Director to the facility Medical Director with an explanation and request for approval/denial.
c. Upon receipt of the email from an approved department’s Director, or secondary approval from the facility Medical Director, the facility IT Supporter will double check that the request was submitted by the employee’s Department Director and contains the needed information. If all is in order, the IT Supporter will forward the request via email with the following elements to Information Security to authorize the change:
i. User name (user id)
ii. Current user CLIQ role - <CLIQ role name>
iii. New user CLIQ role – <CLIQ role name> / or Discontinue access
iv. Multi-facility access if not assigned automatically to requested role
d. Information Security will perform a job title check for the following roles (physicians, nurses, nurses advanced practice, residents, pharmacists, dentists, medical students and nursing students – see 1bi2 above) update the user’s CLIQ role within 1 business day of receipt, and send notification of the change via email to the facility IT Supporter and the user. If a more rapid turnaround is required the email should be flagged as HIGH importance.
2. Transfer of an External Affiliate from one active CLIQ role to another active CLIQ role. This is accomplished only by the completion and resubmission of an External Affiliate Computer Account application (as listed above).
Monitoring LSUHSC-NO, LSU HCSD and Internal Affiliate Role Assignments
On a quarterly basis a report is generated by the CLIQ Team and Information Security for the facility to monitor CLIQ access privileges for their employees. The report includes all employees having CLIQ access at the time of report generation. The report lists the employee’s last name, first name, user ID, CLIQ role, PeopleSoft title, other non-PeopleSoft title (if applicable), department (or department director), default facility, multi-facility access designation and date of last change. The report will be in the form of an Excel spreadsheet and delivered via email to each facility Medical Director and IT Supporter during the first week following the end of the quarter. The Medical Director (or their designee) will review the report to verify that the designated role is appropriate for each employee. Any role designations identified as being potentially incorrect will be investigated within the facility by the Medical Director contacting the employee’s Department Director. If after investigation a role change is required, it will be submitted via the procedure outlined in “Changing Roles for Current Users” above.
Monitoring External Affiliate Role Assignments
On a monthly basis an audit of every External Affiliate’s CLIQ utilization is generated by the CLIQ team and communicated securely to the External Affiliate organization’s HCSD sponsor. The report is delivered to the HCSD sponsor on or before the 3rd day of the month. The audit contains a listing of every HCSD patient record accessed by the External Affiliate’s during the previous month. The HCSD sponsor is responsible for communicating the report securely to the compliance or privacy officer of the External Affiliate organization on or before the 5th day of the month. The External Affiliate compliance or privacy officer is responsible for verifying that each patient record accessed by an External Affiliate user was appropriate in the course of the duties of that External Affiliate. For example, if the External Affiliate organization is a community health center, the compliance or privacy officer must verify that each patient record accessed by an External Affiliate was a patient registered at that community health center location. The compliance officer is also responsible for determining whether each External Affiliate user requires ongoing access to CLIQ. The External Affiliate compliance or privacy officer is responsible for returning the completed audit to the HCSD sponsor by the 15th day of the month.
For the majority of research and clinical trials-related access to CLIQ, special procedures will be put in place to limit access and facilitate auditing. It may be necessary for the researcher to submit a list of patients enrolled in the research or clinical trial that will be used as the basis for auditing patient records on CLIQ. Auditing will be managed through the HCSD Sponsored Projects section and be conducted on a monthly basis. Access to patient records outside of the list of patients enrolled in the research or clinical trials will be grounds for immediate discontinuation of access, and other appropriate disciplinary action, up to and including termination of employment/ enrollment if found to be in violation of the provisions of the LSU HCSD Information Security Policy, or other LSUHSC-NO or LSU HCSD policies.
On a monthly basis an audit of CLIQ utilization will be generated for every user followed by the HCSD Sponsored Projects section, and communicated securely to the Shannon McNabb on or before the 3rd day of the month. The audit will contain a listing of every HCSD patient record accessed by the user during the previous month. Shannon McNabb (or her designee) will verify that each patient record accessed by the user was appropriate according to comparison with the provided list of patients enrolled in the research or clinical trial, and report the results of the audit to the HCSD CMO and/or HCSD CIO/CMIO before the 10th day of the month, or immediately in the event any inappropriate access of patient information is identified.
Basic Training for New CLIQ Users
All users granted access to CLIQ will undergo training that covers the basic functions of the application as it relates to their role, attestation that CLIQ contains PHI and the nature of its use in compliance with HIPAA regulations and LSU HCSD policy, and notification of CLIQ’s audit capabilities. While it is advantageous to accomplish training prior to or simultaneous with the user receiving access, this may not always be possible, especially for clinicians needing to access information in the course of patient care activities, and therefore the completion of training prior to access is not a requirement for all users.
Training of HCSD employees/ personnel is the responsibility of each HCSD facility. Train the trainer sessions for trainers from HCSD facilities will be regularly held by the HCSD CIO/CMIO at HCSD HQ. Special training sessions may also be scheduled at the facilities by special request. [Additional details to be added here]
The completion of CLIQ training prior to access is required for users at community partner organizations, users with _XA roles, non-clinical users at LSUHSC-NO (i.e. physician billing and compliance), users at LHN, and users requesting access in support of research, clinical trials, clinical data monitoring or measurement. Training for these users is made available on a regular bi-weekly schedule in New Orleans. Initial roles assignments for these users may involve CLIQ’s “Pending Approval” role. This role limits CLIQ access to the Attestation Statement, Search page, User Setup page and Support page. Immediately upon successful completion of training, a role change request from Pending Approval to the user’s approved functional role will be submitted to Information Security.
Training will be scheduled for the next available Tuesday, 8:30 am, bi-weekly (2nd and 4th Tuesday of the month) training session after CLIQ access is enabled by Information Security and verification is received by the CLIQ Admin. It is the responsibility of CLIQ Admins to schedule training with the users via email, and with a Cc to Alan Thriffiley, who will add the user to the training schedule and reply to the user and the CLIQ Admin. A maximum of 20 users can be scheduled per training session and if no one is booked by 12 noon the Friday before the training, the upcoming training session will be cancelled.
CLIQ-Admins-BMC:
Lee Roy Joyner, 0094426, ljoyne
Mark L Kellar, 0091507, mkella DIRECTOR NURSING
Regina Runfalo, 0091565, rrunfa ADMINISTRATION
CLIQ-Admins-EKL:
W Chapman Lee, 0077501, clee4
Kathy A Viator, 0007434, kviato
Laura Berthelot Broadhurst, 0018603, lbroad QUALITY ASSURANCE, MANAGER
CLIQ-Admins-HPL:
Cynthia R. Vanlangendonck, 0003074, cvanla DIRECTOR NURSING SERVICE
David E. Barnard, 0117977, dbarna1 Medical Director
CLIQ-Admins-LAK:
Connie V Liuzza, 0070003, cliuzz DIRECTOR NURSING
Kathleen H Willis, 0017973, kwilli2
CLIQ-Admins-LJC:
Michael Jose Garcia, mgarci
Pamela C Wright, 0009302, pwrigh ADMINISTRATION
Rhonda Gayle Green, 0012168, rgreen3 ADMINISTRATION
CLIQ-Admins-MCL:
Cathi Ellen Fontenot, 0014367, CFONTE
CLIQ-Admins-UMC:
James B Falterman Jr., 0009945, JFALTE
CLIQ-Admins-WOM:
Patrick Clarence Robinson, 0003717, probin2
CLIQ-Admins-OPH-OMH:
Jane C Herwehe, 0096560, jherwe [HCSD-wide Sponsor]
CLIQ-Admins-PATH/Community Clinics:
Wayne Wilbright, wwilbr [HCSD-wide Sponsor]
Alan Thriffiley, athrif
CLIQ-Admins-DOC, LHN, Tesch/ByNet, LSUHSC-S’port, EA Conway, JJP, LTR,:
Wayne Wilbright, wwilbr [HCSD-wide Sponsor]