Medical Practice Income Plan

Security Guidelines

The IDX application is the practice management software used by all four campuses of the Texas Tech University Health Sciences Center. This document will list the tasks, timeframes and personnel responsible for the routine maintenance of the IDX Users. The IDX software has various levels of security access and restrictions that are based on the job duties of the employees. Each campus has staff assigned to setup, modify, and remove user access to IDX. Typically, user access is the responsibility of the training staff as coordination with courses and understanding of application functions and activities are provided by the training or patient services staff.

It is the responsibility of the hiring supervisor to request access to the IDX for any new or replacement positions. The approval of this access is based on the positions job duties (role based access).

Overview of Process

The practice management system has training and a production instance. Training access is granted for the purpose of teaching new staff and updating existing staff on the functionality of the software.

The Web Request form is found at:
http://www.ttuhsc.edu/elpaso/som/mpip/idx user.aspx

An email is generated to the patient services (training area) for the access to the system. The user is created in training area and in the production area. The patient services support analyst reviews the request and determines the corresponding role of the staff based on job duties. Any additional documentation is requested from the supervisor or manager of the staff member. Examples of such documentation are the charge entry payment posting forms that indicate the need for this specific access.

Training is scheduled with the staff and their training user ID is provided in the class. Upon completion of training, the production user ID is provided and the employee signs off on the training checklist.

Modification (Updates) to Existing User Access

It is the responsibility of the hiring supervisor to request changes in access to the IDX due to any new job duties or changes of duties. The approval of this access is based on the position's job duties (role based access).

The web request form is found at:
http://www.ttuhsc.edu/elpaso/som/mpip/idx user.aspx

Email requests from supervisors for changes to existing users are also sent to the patient services staff. Appropriate forms for additional access to payment posting and charge entry are completed prior to any changes to access are granted. All completed forms and email correspondence are stored in the IDX user access file found in patient services.

Deactivation (Termination) of Existing User Access

It is the responsibility of the direct supervisor to request removal of access to the IDX due to any transfer, termination, or changes of job duties. An email from the supervisor to patient services indicating the need to remove access is sufficient. This email is printed and stored in the IDX user access file found in patient services.

Employee Exit

Currently, patient services receives a separation check out form from human resources (HR) with a terminated employee from TTUHSC El Paso. This list is then cross referenced to the current IDX user listings and any identified employees are deactivated.

45 Day Audits

User passwords expire every 45 calendar days in the IDX application. A report is run every month that indicates every user that has not accessed IDX in the last 45 calendar days. This report is processed by the central IDX support team and all users found on this list are deactivated.