RCPA - Rehabilitation and Community Providers Association


HCSIS Security Change
February 10, 2002

A signed Security Form is now required for every HCSIS user. This is a new policy that was not included in HCSIS Administration Training or elsewhere. The following notice is taken from a memo sent to PCPA and County Administrators by Gary R. Rossman, Office of Mental Retardation, HCSIS Project Director.

"Many county and provider agency staff have taken part in training activities for either HCSIS System Administration or the Provider Sign- Up process. Those activities have carefully described the steps needed to complete those processes.

The Department is reviewing the current system security measures and looking at the evolving security requirements resulting from HIPAA, etc. The significant increase in web-based applications within the Department brings additional security complexities and will continue to evolve over time.

The first impact of this evolution we are now experiencing is the requirement to have a signed security form for every HCSIS user, prior to the distribution of User ID's for accessing the system. In response to this additional requirement we felt it necessary to further clarify the impacts on County Programs and Provider Agencies.

Provider Agencies:

  • Each Provider HCSIS Administrator will be required to return a signed security form prior to the release of their User ID and password guidelines. The security form will be e-mailed to individuals as they initiate the Provider Sign-Up process.
  • Provider HCSIS System Administrators will also be able to access the form once it is made available from the OMR web page.
  • Provider agencies must collect the signed security form for each HCSIS end user and fax the form to the HCSIS Help Desk. All security forms must be kept current for potential security and audits.

County Programs:

  • Currently the HCSIS Help Desk is e-mailing the security form to individuals identified as County HCSIS Administrators. They are asked to fax or mail the signed form back and then HCSIS User ID's and password guidelines are distributed.
  • OMR will be making the security form available on its web site to help facilitate this process.
  • As county HCSIS Administrators assign roles, they are required to collect the signed security form from each end user of the system. This form should be faxed to the HCSIS Help Desk and county programs are required to keep all original signed forms for security audit purposes.

These requirements are in addition to the material that was presented in HCSIS System Administration training. Future training courses and job aids will be modified to reflect this change in procedure.

Security is a significant issue for all of us. Rest assured that OMR is an active participant in the DPW Security Team. OMR staff and its consultants will be helping to shape the ongoing development of security requirements and implementation. As the HCSIS Project Manager, I want to personally thank you and your staff for the flexibility and understanding that you have shown as we work through this evolving process together."

< Back