/policies/,/policies/administrative/,/policies/administrative/uwmf/,/policies/administrative/uwmf/uwmf-wide/,/policies/administrative/uwmf/uwmf-wide/health-link/,

/policies/administrative/uwmf/uwmf-wide/health-link/hl-017-pol.policy

201605123

page

100

UWHC,UWMF,

Health Link,

Policies,Administrative,UWMF,UWMF-wide,Health Link

Restricted Master File Access (HL-017-POL)

Restricted Master File Access (HL-017-POL) - Policies, Administrative, UWMF, UWMF-wide, Health Link

HL-017-POL


Administrative Departmental Policy
This department-specific policy applies to the operations and staff of the Information Services
Department of the University of Wisconsin Hospitals and Clinics Authority as integrated effective July 1,
2015.

Policy Title: Restricted Master File Access Policy
Policy Number: HL-01-POL
Effective Date: 4/29/16
Chapter: NA
Version: Revision

I. PURPOSE
This policy describes how to maintain adequate access management controls for high risk
restricted Health Link Master Files that:
1. Define the process by which access is requested, authorized, and granted
2. Assure appropriate access is provided and maintained in a consistent fashion
3. Protect UW Health protected health information (PHI) and other confidential, sensitive,
or proprietary information from unauthorized access.
4. Protect the organization from unauthorized system changes in the Health Link
Application.


II. DEFINITIONS
DEP - Department Master File: Department records define departments or hospital units within
your organization. The records in this master file contain specialty and cost center information for
each department, as well as numerous application-specific items.

EAP - Procedure Master File: Procedure records define the procedures used by your facility,
including charges, along with transaction codes for payments, and adjustments to patient
accounts/encounters.

ECL - Security Classifications Master File: Security Classification records determine which
options are available for groups of users. They can be set up to restrict access for users with
limited data access needs and increase access for users with more extensive data access needs.

EFY - Formulary Master File: In the Formulary master file, you can list medications to create
formularies-lists of medications associated with particular combinations of payors and/or plans.
These lists display when users completion-match to order medications (as opposed to using
preference lists). They are a convenience to users, who will be able to tell before they place an
order whether or not certain drugs are covered by a patient's payor and or benefit plan.

EMP - User Master File: User records are shared among all Epic software applications. They
define a user's password, which is the same in all Epic products, and security classifications to
which a user is assigned for each installed Epic software system.


EPM - Payor Master File: For each payor, this master file stores basic demographic
information, how claims should be filed or printed, and how much payment should be expected
for specific procedures.

EPP - Benefit Plan Master File: Benefit plans and riders are stored together in the Benefit Plan
master file (EPP). A benefit plan is a record that is associated with a coverage record to define the
terms of that coverage.

ERX - Medications Master File: The Medications master file contains a listing of all
medications available for use in your facility. Records in this master file are used when providers
document new prescriptions for patients and they record a patient's medication history. Because
this list is generally large, it is often imported from some outside source. The Medications master
file contains standard identification codes for each drug, as well as important information such as
the drug's ingredients, strength, dosage, route, formulary status, and cost.

FSC - Fee Schedule Master File: The Fee Schedule master file stores a record of each fee
schedule used to price procedures, medications, or diagnosis related group codes.

HIP-Registries Master File: Registry records define sets of recipients for In Basket messages.
Classes and Pools are included in the Registries master file.

HIS-Message Type Definitions Master File: Message Type Definition records define message
types available in In Basket, including the input forms, available toolbar buttons, and
reply/forwarding permissions.

NDC - NDC Master File: National Drug Code (NDC) records are defined for medication
products. They are used in building formularies and setting up billing for medication orders, and
contain packaging, manufacturer, and other medication information.

NDG - NDC Grouper Master File: The NDC Grouper (NDG) master file records the items used
to group together NDCs. Key items include medication ID, package size, unit of measure,
package description, and custom modifiers.
Protected Health Information (PHI): Individually identifiable health information that is
transmitted or maintained in any form, including oral, written, or electronic. PHI includes, but is
not limited to, demographic, health, and financial information.
SER - Provider Master File: Provider records exist for each provider in your organization. This
master file contains all of the provider-specific information, including demographic information,
insurance filing and billing information for each provider, and clinical information such as
specialty. Using the same screens in the same master file, you can also keep track of other
resources in your facility, including rooms, labs, and machines.

UCP - Charge Router Master File: Charge Router profile settings determine the sources and
destinations for charges, as well as the use of work queues, error pools, and other general settings.



III. POLICY ELEMENTS
Health Link Master Files identified as High Risk and approved to be restricted through Health
Link Technical Leaders require additional approval for access by the Technical or Operational
Owner of the Master File.

All staff request access to Restricted Health Link Master Files through the standard UW Health
Provisioning and Access Policies and Procedures, with the Information Services Systems Security
team acquiring the additional approval from the Technical or Operational Owner of the Master
File.

Restricted Master File access is audited by the Technical Owner or the Operational Owner
annually, as initiated by the Information Services Systems Security team.

Restricted Master Files and their owners include the following:

Master
File
Technical Owner Operational Owner
EMP IS Systems Security Supervisor IS Systems Security Director
ECL IS Systems Security Supervisor IS Systems Security Director
DEP
IS Business Systems Supervisor (with
DEP oversight)
Director of Outpatient Health Link
Ops
SER
IS Business Systems Supervisor (with
SER oversight)
Director of Patient Business
Services
ERX
IS Pharmacy Supervisor (Meds
Management)
IS Pharmacy Manager (Meds
Management)
EFY
IS Pharmacy Supervisor (Meds
Management)
IS Pharmacy Manager (Meds
Management)
NDC
IS Pharmacy Supervisor (Meds
Management)
IS Pharmacy Manager (Meds
Management)
NDG
IS Pharmacy Supervisor (Meds
Management)
IS Pharmacy Manager (Meds
Management)
FSC Manager, Charge Capture
Director of Coding & Charge
Capture
EAP Manager, Charge Capture
Director of Coding & Charge
Capture
UCP Manager, Charge Capture
Director of Coding & Charge
Capture
EPP PBS Technical Services Supervisor Director, Patient Business Services
EPM PBS Technical Services Supervisor Director, Patient Business Services
HIP Supervisor, Clinical Knowledge Systems
Manager, Clinical Knowledge
Systems
HIS IS Manager Ambulatory Clinical System
Director of Outpatient Health Link
Ops


IV. PROCEDURE
The following procedure supports this policy:


Health Link Restricted Master File Access Procedure (HL-017-PRO)


V. FORMS (optional)
NA

VI. REFERENCES
Access to Electronic Information Systems Policy (UWHC Administrative Policy 1.02)


VII. COORDINATION

Sr. Management Sponsor: UW Health IS CTO
Author: UW Health IS Supervisor – System Security
Reviewer(s): UW Health IS CIO

Approval Committee: Health Link Technical Leaders

SIGNED BY:
UW Health CIO

REVISION DETAIL

Effective Date Next Review Summary of Changes Change Authors
4/29/2016 4/29/2017 Annual review/revision. E. Gerke, P. Verhage, E. Bakkum
10/6/2014 10/6/2015 Initial release. E. Gerke, P. Verhage, J. Leonard