/policies/,/policies/administrative/,/policies/administrative/uwhc/,/policies/administrative/uwhc/department-specific/,/policies/administrative/uwhc/department-specific/health-link/,/policies/administrative/uwhc/department-specific/health-link/health-link-procedures/,

/policies/administrative/uwhc/department-specific/health-link/health-link-procedures/hl-017-pro.policy

201605123

page

100

UWHC,UWMF,

Health Link,

Policies,Administrative,UWHC,Department Specific,Health Link,Health Link Procedures

Restricted Master File Access Procedure (HL-017-PRO)

Restricted Master File Access Procedure (HL-017-PRO) - Policies, Administrative, UWHC, Department Specific, Health Link, Health Link Procedures

HL-017-PRO


Administrative Departmental Procedure
This department-specific procedure applies to the operations and staff of the Information Services
Department of the University of Wisconsin Hospitals and Clinics Authority as integrated effective July 1,
2015.

Procedure Title: Restricted Master File Access Procedure
Procedure Number: HL-017-PRO
Effective Date: 4/29/16
Chapter: NA
Version: Revision

I. PURPOSE
This procedure describes the process for obtaining approval for access to the Restricted Master
Files and conducting annual auditing of users that have access to the Restricted Master Files.


II. DEFINITIONS (optional)
Refer to the UW Health – Health Link Restricted Master File Access Policy for definitions of
terms.


III. POLICY ELEMENTS
This procedure supports the following policy:

Health Link Restricted Master File Access Policy (HL-017-POL)


IV. PROCEDURE

Obtaining and Granting Access

1. All staff request access to Restricted Health Link Master Files through the standard UW
Health Provisioning and Access Policies and Procedures.
2. Upon receipt of the access request an Information Services (IS) Systems Security team
analyst emails the Technical or Operational Owner of the Master File for approval of access.
3. The Technical or Operational Owner of the Master File responds by email to the Information
Services Systems Security team analyst with their approval or denial.
4. If the access is approved:
a. The Technical or Operational Owner of the Master File communicates the approval
to the requestor and the IS Systems Security team analyst.
b. After the IS Systems Security team analyst receives the approval the users security is
updated in Health Link, communication of completion is sent to the requestor, and
the request is closed.
5. If the access is denied:

a. The Technical or Operational Owner of the Master File communicates the denial to
the requestor and the IS Systems Security team analyst.
b. After the IS Systems Security team analyst receives the denial the access request is
documented as denied and then closed.

Annual Auditing of Access

1. Annually, the IS Systems Security team initiates an audit of the Restricted Master Files.
2. The IS Systems Security team runs Health Link Reporting Workbench and Chronicles
searches to identify all users that have access to make a change to an item in a Restricted
Master File or move a change in a Restricted Master File to production through Data Courier.
3. The IS Systems Security team takes the reports and pulls in PeopleSoft HR data to indicate
who the person with access is employed or managed by, and their job title.
4. The IS Systems Security team sends an email to the Technical owner of the Master File with
the report for review and approval.
5. The Technical or Operational Owner of the Master File responds by email to the Information
Services Systems Security team analyst with their approval or any changes they have
identified as needed.
6. If changes are identified, the IS Systems Security team makes the necessary changes to the
user’s Health Link Security.
7. The IS Systems Security team saves a copy of the email to the IS Systems Security team’s
auditing folder and sends a copy of the approval to Internal Auditing.

Weekly Auditing of Access

1. On a weekly basis, IS System Security audits the Restricted Master Files for changes in who
has access.
2. The IS Systems Security team runs Health Link Reporting Workbench and/or Chronicles
searches to identify all users that have access to make a change to an item in a Restricted
Master File.
3. The IS Systems Security team takes the report and compares it to the approved list of users
with access.
4. The IS Systems Security Supervisor receives notification of any changes identified.
5. The IS Systems Security Supervisor reviews and follows up on all changes.

Restricted Master Files and their owners include the following:

Master
File
Technical Owner Operational Owner
EMP IS Systems Security Supervisor IS Systems Security Director
ECL IS Systems Security Supervisor IS Systems Security Director
DEP
IS Business Systems Supervisor (with DEP
oversight)
Director of Outpatient Health Link
Ops
SER
IS Business Systems Supervisor (with SER
oversight)
Director of Patient Business
Services
ERX
IS Pharmacy Supervisor (Meds
Management)
IS Pharmacy Manager (Meds
Management)

Master
File
Technical Owner Operational Owner
EFY
IS Pharmacy Supervisor (Meds
Management)
IS Pharmacy Manager (Meds
Management)
NDC
IS Pharmacy Supervisor (Meds
Management)
IS Pharmacy Manager (Meds
Management)
NDG
IS Pharmacy Supervisor (Meds
Management)
IS Pharmacy Manager (Meds
Management)
FSC Manager, Charge Capture
Director of Coding & Charge
Capture
EAP Manager, Charge Capture
Director of Coding & Charge
Capture
UCP Manager, Charge Capture
Director of Coding & Charge
Capture
EPP PBS Technical Services Supervisor Director, Patient Business Services
EPM PBS Technical Services Supervisor Director, Patient Business Services
HIP Supervisor, Clinical Knowledge Systems
Manager, Clinical Knowledge
Systems
HIS IS Manager Ambulatory Clinical System
Director of Outpatient Health Link
Ops


V. FORMS (optional)
NA

VI. REFERENCES (optional)
NA

VII. COORDINATION

Sr. Management Sponsor: VP – Revenue Cycle
Author: Patient Business Services – Charge Capture
Reviewer(s): Health Link Technical Leaders

Approval Committee: Health Link Technical Leaders

SIGNED BY:
UW Health CIO

REVISION DETAIL

Effective Date Next Review Summary of Changes Change Authors
4/29/2016 4/29/2017 Annual review/revision. E. Gerke, P. Verhage, E. Bakkum
10/6/2014 10/6/2015 Initial release. E. Gerke, P. Verhage, J. Leonard