CIO Remarks

New Windows Login Requirement- Starting October

The NIH Clinical Center (CC) will begin the transition to require a PIV card/HHS ID Badge to logon a government workstation. This requirement is specific to Windows and is based on the Federal mandate for HSPD-12 Logical Access.

The DCRI PIV Project team will coordinate this effort to improve NIH's IT security for Logical Access. Logging in with a PIV card/HHS ID Badge helps NIH ensure that people accessing our resources are who they say they are and are authorized for the access they are requesting.

Please note:

• Computers in CC conference rooms, SCDs, WOWs, identified Windows workstation with multiple users, kiosks, CRIS training room workstations and Mac workstations will not be required at this time, to use a PIV card/HHS ID Badge. DCRI User Support Team is actively working to identify computers and equipment that meets this criterion.
• Transition begins October 2012 and continues through January 2013. CC departments will be divided into four groups and two phases; each group will receive instructions with corresponding dates.
  • Phase one: You will be presented a Warning, to identify that a PIV card/HHS ID Badge will be needed (This starts 2 weeks before Phase two)
  • Phase two: You will be Required to login with a PIV card/HHS ID Badge

QUICK TIPS

Posted near an exit, these postive posters can help save time and prevent leaving your PIV card behind. Print your own (1MB)

---

Start and end your work day right! Tips to help you not forget your PIV Card/HHS ID Badge:

• Log on to your computer in the morning with your PIV card, as soon as your desktop icons display and you are completely logged in, you may remove your PIV Card/HHS ID Badge from the reader and replace it on your badge holder right away
• Reinsert the PIV Card/HHS ID Badge into the card reader as needed to send or read encrypted e-mail
• Take your PIV Card/HHS ID Badge with you when leaving your office at the end of the day. You'll need it at the gate(s) to return to work
• Print and post the Sam Smiley Poster at a visible place

For PIV card/HHS ID Badge issues such as forgotten PIV Card/HHS ID Badge or PIN number, card reader issues, or digital certificates that have expired, call CRIS Support at 301-496-8400 or NIH IT Service Desk at 301-496-4357 for assistance. A temporary PIV Card exemption can be granted for seven days until issues have been addressed.

Back To Top

---

New addition to the Take Home Medication Required for Study List: *Informational Order Only

A selection of Informational Order Only has been added to the Required for Study list in the Take Home Medication section. This selection is intended to be used in the Outpatient setting where a dose or frequency is adjusted for a current medication that does not need to be dispensed to the patient.

An example would be adjusting cyclosporine doses for outpatients based on drug levels for patients that have an ample supply of drug at home.

• Informational orders will still be reviewed by Pharmacy, but will not be dispensed.
• You will still need to discontinue the old/non-current order(s).

Use of the Informational Order selection and discontinuing old orders will assist in keeping a current and accurate outpatient medication record.

Please note that if a patient needs refills, then a new order should be entered with the appropriate Required for Study selection.

Back To Top

---

MRI Contrast Questions on MRI Exam Order Forms

To improve patient safety around the contrast administration process with MRI exams, a new section has been developed which will be included on all MRI order forms in CRIS.

1. The first question asks the requestor whether the study should be performed with contrast

Take note that this field is intended to convey information only and that the final decision for all administration of contrast will be made by the Radiologist and Radiology department screening policies.

Contrast Administration Option	Description
Per Radiologist Discretion	This selection is similar to how the Radiology department has operated in the past. The decision on contrast is deferred to the attending radiologist.
No, NOT Clinically Indicated/ Contraindicated	Informs the Radiology department that the there are clinical reasons not to give contrast.
No, Prohibited for research by IRB approved Protocol	Certain NIH protocols include research MRIs with no provision for contrast administration. This informs the Radiology department that this MRI order falls into that category.
Yes, Clinically Indicated	Informs the Radiologist that the clinical team believes that contrast should be administered for diagnostic purposes.
Yes, Required for research by IRB approved Protocol	Informs the Radiology department that this study requires contrast administration to meet the research requirements of the protocol, whether or not there is a clinical indication to administer contrast.

2. The second question asks the requestor to identify if the patient has an allergy to contrast.

If Yes is selected, additional instructions will appear.

Please note that all allergies should be documented in CRIS on the Patient Info tab under Allergies to notify all care providers for future MRI exams.

If pre-medications have not been ordered at the time of the request, the requestor is still responsible for ordering the appropriate pre-medication.

3. The third question asks the requestor to identify if the patient has known renal insufficiency.

4. If the patient does have a known renal insufficiency and contrast is still being requested, the requestor will be prompted to provide rationale for contrast administration.

Back To Top

---

Communicating via E-mail with Patients

Patients or a legally authorized representative of a patient may request to electronically communicate with their health care provider/other authorized NIH staff through the MEDICAL SECURE EMAIL application. This application is different than the secure email system, SEFT, described below. Presently, this Medical Secure Email service is the only approved method of communicating electronically with your patient. Patients can consent to communicate electronically through medical secure email by signing the Information Practices consent form (32 KB). Once signed, the form should be forwarded to the Medical Record Department's Medicolegal Section (10/1N205) for processing where the patient's email address will be entered in CRIS and available for review.

The url to access medical secure email is:
https://medicalsecureemail.nih.gov/

Additional helpful resources regarding this service are available as indicated below:

POLICY
Medical Administrative Series Policy: M09-3 Communicating Protected Health Information via Electronic Mail (Email) at the NIH Clinical Center (54 KB)

REGISTRATION
To register to use Medical Secure email service, send an email to CC-DCRI BDS Secure Comm Admins.

TRAINING
A training tutorial provides an overview of the secure email process and is available at http://cris.cc.nih.gov/cristraining/documents/Secure_Email/secure_email.htm

ADDITIONAL INFORMATION:
Please contact the Medical Record Department with questions: 301-496-3331.

Further information is available at
http://cris.cc.nih.gov/cristraining/documents/Secure_Email_Provider_handout.pdf (39 KB) and
http://cris.cc.nih.gov/procedures/medical_secure_email.html.

Back To Top

---

Security & Privacy - Encrypted E-mail

This is a reminder to not include patient names, medical record numbers, social security numbers, dates of birth and other personally identifiable information (PII) within e-mail communications, unless encrypted.

Per OMB Memo 06-19, Reporting Incidents Involving PII and Incorporating the Cost for Security in Agency Information Technology Investments, the term PII refers to "information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc."

HHS and NIH are committed to protecting private information. There have been frequent occurrences of unintended electronic disclosure of PII across the agency; therefore, the NIH now scans its e-mail traffic for content format that resembles PII. When PII is detected, an official NIH incident is created. Significant work is required to report the incident to the HHS and remediate the risk posed by these types of security and privacy incidents.

The NIH E-mail System hosted by CIT is not secure. However, the system is capable of adding encryption and digital signatures. Encryption ensures that the data stored on computers and handheld mobile devices is unreadable if lost or stolen. Similarly, by encrypting e-mail communications, the email cannot be opened and read by persons not authorized to receive it.

The NIH Enterprise Information Security Plan, dated August 10, 2010 states under control AC-22, 'E-mail Security', (5) (see page 28): PII distributed or communicated via e-mail, shall always be encrypted using FIPS 140-2 compliant encryption whether the PII is within an attachment or part of the actual message. This applies to e-mail distributed within NIHnet or on the Internet. To preclude inadvertent transmission of inappropriate information on the Internet, NIH e-mail shall not be auto-forwarded to non-NIH e-mail addresses. Unencrypted PII shall not be sent to list serves or sent via other insecure e-mail distribution methods.

At NIH, encryption methods are integrated with our new PIV badges and require a badge reading device on the Government computer(s) issued to staff. The following methods are recommended:

• If the recipient of the e-mail is within the HHS community, employees/contractors can use their PIV card to encrypt the e-mail; and,
• For both NIH and non-NIH recipients, data can be protected by using the NIH Secure E-mail and File Transfer (SEFT) Service at https://secureemail.nih.gov/. The service can be used to send and receive e-mail securely within and outside of NIH.

Guides for encryption methods:

• PKI Quick Reference Guide at http://hr.od.nih.gov/hrguidance/issuances/infosecurity/documents/QRGforPKI.pdf
• SEFT User Guide at http://hr.od.nih.gov/hrguidance/issuances/infosecurity/documents/SEFTuserguide.pdf

If you have questions or need assistance on how to use encryption services or further actions with regards to this incident, please contact the CC Privacy Officer at smartin@cc.nih.gov or the NIH IT Service Desk at (301) 496-HELP, (301) 496-8294 (TTY), or via the web at http://support.cit.nih.gov

In addition, we remind staff the following steps to protect sensitive information:

Do not send PII, PHI or Sensitive Information via e-mail, unless encrypted; Double-check the recipient's address before sending; Do not forward work e-mails with PII, PHI or SI to personal accounts (e.g., Yahoo, Gmail); To prevent the inadvertent transmission of PII, PHI or SI to un-trusted data stores, the "Auto Forward" capability must not be used to send e-mail to a non-NIH e-mail address or an Internet e-mail address; and, Do not upload PII to unauthorized Websites (e.g., Wikis).

Back To Top

---

Keeping Workstations Up-to-Date

Users may notice more messages to restart their machine in order to install the updates to their applications (QuickTime, Internet Explorer, Office Products, Adobe Products, Windows Operating System, etc.) on their workstation or laptop.  The updates have been tested on DCRI workstations prior to release and approved for release house-wide. 

These updates or patches are made to reduce your computer's susceptibility to vulnerabilities- bugs or weaknesses in your software that cyber attackers can exploit.  Unfortunately, new vulnerabilities are being discovered constantly.  Software vendors, such as Microsoft and Adobe, issue updates (or patches) regularly to correct these vulnerabilities. Good security practice includes patching computer applications to its current version. This is key and has been shown to minimize the organization’s exposure to cyber attackers and exploits.

In order to minimize the organization’s exposure, DCRI is utilizing automated tools to push patches to your workstations that will automatically install security patches.

If you have any concerns related to updates on your workstation, please contact the CC ISSO at CC-ISSO@cc.nih.gov.

Back To Top

---

CRIS Helpful Tips

New Feature: Getting information at your fingertips directly within CRIS!

As mentioned in the August 2012 Newsletter, there is a new icon on the CRIS main toolbar, titled Clinical Search. It is a NIH Library site which contains links to various clinical resources. Resources include Biomedical Information, Clinical Trials, Evidence-Based Medicine, Nursing, and Pharmacy, to name a few.

All these resources are clustered together under one roof, without having to log off CRIS.

For example, have you ever needed assistance on how to order a certain lab test?
Access the Department of Laboratory Medicine (DLM) website from Clinical Search. The DLM website provides resource information specific to laboratory medicine, including Lab Tests or Test Guide. The Test Guide contains information about laboratory tests and specimen collection instructions.

Note:
You can also access the Test Guide upon Order Entry. Click the Item Info button and select the DLM/DTM Test Guide.

Back To Top

---

Printing Vital Signs

Have you ever wondered how to print out Vital Signs from a certain time period?

1. On your desired patient, select the Print Reports icon on the toolbar.

2. Select the Vital Signs Review - Select Patient report from the Report Category- Patient List.

3. Select the Options button.

4. On the Parameters tab, select the desired date range in the From Date and To Date fields.
Note: you may use the calendars available from the drop down menu.

5. Select the Distribution tab. Select the desired Physical Printer from the drop down menu and select the checkbox next to Process report locally.

6. Select Preview button. The report displays.

7. Select the printer icon.

8. The Print dialog window displays. Click OK.

Back To Top

NOTE: PDF documents require the free Adobe Reader.

 

Privacy | Disclaimer | Accessibility | Contact Us

NIH Clinical Center | National Institutes of Health | Health and Human Services | USA.gov

NIH...Turning Discovery Into Health ®