Security Settings
*THIS LESSON CONTAINS A MEANINGFUL USE (MU) CORE REQUIREMENT - SEE LOGGING ON AND LOGGING OFF, SEARCH AUDIT LOG
The default System Administrator Login for SOAPware only grants access to Security. This login DOES NOT include access to any patient information.
To gain access to Security, a user must be granted the access rights of a System Administrator. Before beginning to assign security settings, the System Administrator should become familiar with the functions related to Groups, Roles and Users.
After logging in to SOAPware using the System Administrator account, Click on Tools in the main menu bar, then Click the Security menu item to access the Security Administration dialog window.
1. Intro to Security Manager
Start SOAPware, and Log in as an administrator (Initially, User ID: administrator, and Password: administrator. Later it could be any unique password defined earlier).
The security system in SOAPware has been set up to help ensure only authorized users are able to access patients' information. Once a user has logged into the system, the security system will track everything the user views, and it logs all changes the user makes. Since this tracking is available, it is very important that each staff member have a unique log-in ID. For example, if a shared log-in is being used, there is no way to know what person in the office actually changed a patient's demographics or removed a medication from the chart.
2. Logging On and Logging Off
*REQUIRED FOR MEANINGFUL USE (MU) CORE REQUIREMENT - DATA PROTECTIONS
Click here to view Meaningful Use Criteria
a. Password Policies
This setting is to ensure passwords are secure and cannot be easily guessed. Unfortunately, it's a common practice to write passwords on post-it notes attached on or near computers. We definitely advise against this.
b. Account Lockout Policies
This can be setup to ensure that if somebody is trying to guess another user's password, it will disable the account for a period of time.
c. Auto Log-Out
This determines when to log out a user after a certain amount of idle time has occurred. This is done to make sure that patient information is not visible.
d. Log Options
Allows the administrator to disable logging of certain events in the system.
3. Search Audit Log
*REQUIRED FOR MEANINGFUL USE (MU) CORE REQUIREMENT - DATA PROTECTIONS
Click here for Meaningful Use Criteria
Audit Logs are the way SOAPware tracks changes and events in the system such as users logging in and patient information being modified. When you log in as the administrator, you will see the Search Audit Log window. Notice the main display has some fields at the top. To demo, use these fields to perform a search for log-ins to the system. Click on the Transaction Type drop-down menu; Click on the Log-in menu item; and Click the Search button. Now you should see some records displayed showing all the log-ins to the system including when you logged in. To be able to search the Audit Logs, a SOAPware Standard or SOAPware Professional license is required.
For Detailed Instructions, see: Security Auditing in SOAPware