RCPA - Rehabilitation and Community Providers Association


HCSIS Security Violations and OMR Response
February 7, 2003

This HCSIS Bit was sent by the Office of Mental Retardation (OMR).

It has come to the attention of HCSIS program management and security administrators that serious security violations exist at some sites accessing HCSIS. Specifically, people are sharing user account IDs and/or passwords. This activity is in violation of the User Security Agreement signed by each person that is granted a HCSIS account.

Effective immediately, HCSIS Help Desk staff are authorized to block user accounts that are suspected of security violations. If you are sharing a user ID and/or password, you should request access for yourself and/or other individuals through proper channels. If you need assistance determining who can create/administer a HCSIS account for you or someone in your agency, please call the HCSIS Help Desk. The User Security Agreement is available on the HCSIS Home Page.

PCPA Provider Response to HCSIS Security Policy

There was immediate response to the HCSIS Bit from PCPA members. PCPA members support the Security Policy. They request, however, that OMR reconsider their current solution to the problem by consulting with providers and counties about how to quickly address it in a way that will not disrupt business at the local level.

There is a consensus that OMR has an obligation to alert the HCSIS Administrator if HCSIS Help Desk staff "suspect" that there are security violations. All HCSIS Administrators need to know if there is a security problem so that they can immediately take action at their organizations. The HCSIS Administrators also need to know if someone is going to be blocked from HCSIS access. They can then help determine if there really is a security breach. If access is blocked without cause and/or notice, there is potential for problems in incident reporting and other business practices to occur.

< Back