Security Settings
*THIS LESSON CONTAINS A MEANINGFUL USE (MU) CORE REQUIREMENT - SEE LOGGING IN AND LOGGING OUT, SEARCH AUDIT LOG
The default System Administrator Login for SOAPware only grants access to Security. This login DOES NOT include access to any patient information.
To gain access to Security, a user must be granted the access rights of a System Administrator. Before beginning to assign security settings, the System Administrator should become familiar with the functions related to Groups, Roles and Users.
After logging in to SOAPware using the System Administrator account, Click on Tools in the main menu bar, then Click the Security menu item to access the Security Administration dialog window.
1. Intro to Security Manager
Start SOAPware, and Log in as an administrator (Initially, User ID: administrator, and Password: administrator. Later it could be any unique password defined earlier).
The security system in SOAPware has been set up to help ensure only authorized users are able to access patients' information. Once a user has logged into the system, the security system will track everything the user views, and it logs all changes the user makes. Since this tracking is available, it is very important that each staff member have a unique log-in ID. For example, if a shared log-in is being used, there is no way to know what person in the office actually changed a patient's demographics or removed a medication from the chart.
2. Working with Enhanced Security Measures
The enhanced Security System of SOAPware 2010 will allow the Administrator much more granular control of user’s accessibility options, so user logins and passwords will need to be re-established for SOAPware 2010.
At this point, the users of v4 should be able to log in to and access the same patient records as in the v4 system. It is wise to compare-and-review some records in SOAPware 2010 with those in v4 to ensure there were no major issues with the conversion.
3. Logging On and Logging Off
*REQUIRED FOR MEANINGFUL USE (MU) CORE REQUIREMENT - DATA PROTECTIONS
Click here to view Meaningful Use Criteria
a. Password Policies
This setting is to ensure passwords are secure and cannot be easily guessed. Unfortunately, it's a common practice to write passwords on post-it notes attached on or near computers. We definitely advise against this.
b. Account Lockout Policies
This can be setup to ensure that if somebody is trying to guess another user's password, it will disable the account for a period of time.
c. Auto Log-Out
This determines when to log out a user after a certain amount of idle time has occurred. This is done to make sure that patient information is not visible.
d. Log Options
Allows the administrator to disable logging of certain events in the system.
4. Search Audit Log
*REQUIRED FOR MEANINGFUL USE (MU) CORE REQUIREMENT-DATA PROTECTIONS
Click here to view Meaningful Use Criteria
Audit Logs are the way SOAPware tracks changes and events in the system such as users logging in and patient information being modified. When you log in as the administrator, you will see the Search Audit Log window. Notice the main display has some fields at the top. To demo, use these fields to perform a search for log-ins to the system. Click on the Transaction Type drop-down menu; Click on the Log-in menu item; and Click the Search button. Now you should see some records displayed showing all the log-ins to the system including when you logged in. To be able to search the Audit Logs, a SOAPware Standard or SOAPware Professional license is required.
For Detailed Instructions, see: Security Auditing in SOAPware