I understand the importance in levels of security. However, the way
my office runs, I can’t see how I could not allow all employees (3
front office, 4 nurses, 1 office manager) full access. With the
program divided into 3 parts, for various reasons, they all need
access to front/mid/back office in eCW.

I just don’t see me limiting my front office staff to only the
scheduling module, when they answer billing questions and fax med
lists and recent tests to the hospital. My nurses need the inurance
info for referrals, etc.

So, even if eCW puts in elaborate security, I don’t think I’d do
anything different.

By the way, I downloaded the new ICD-9 codes and installed them in a
snap. Boy, was that easy. Clear and simple instructions. I’m our
practice’s “on-site” IT guy, and I’m glad I didn’t have to call in
the professional for such, what I now know is, a simple task.

Thanks to eCW support for a smooth process.

Chris

*************************

Password Security:

The questions raised about password security levels for users by
Praveen and
Kimberly are VERY important, and to my knowledge have not been
adequately
addressed by eCW here. I have assumed (always a risky practice) that
eCW was at
least as good as most other EMRs at defining security levels and
accessability
of parts of the program to users at different levels; it’s pretty
easy to define
with a simple table, and when we had access to a demo I thought I
saw such a
table in the Adminstrative section (do not yet have the program on
hand). The
Administrator ought to be able to specify exactly which users have
access to
specific functions (e.g. types of reports); this capability in PMSs
is far older
than HIPAA.

IF eCW does not have such well-defined security, then this is a
serious omission
that ought to be remedied forthwith, if necessary with an
intermediate release
(e.g. 6.5.1). Perhaps Rahul or Girish can clarify the situation,
before the
anxiety level here builds any further.

Post generated using Mail2Forum (http://m2f.sourceforge.net)

Also, going forward in 6.5 this utility will be inbuilt in the
application and will automatically get the content from the eCW site.
Next year no more manual updates for ICD, CPT or RX (it will be done
over the web similar to the windows XP update reminders).

Also, regarding the security, on the server you can run the TOMCAT as
a Windows service with only admin privilidges to read the
directory :\\eclinicalworks.

Set the security access rights on the database directory to be set
for only admin access. Even if a user gets access to the server
operating system (unless they are the administrator) they will not be
able to see any data.

In addtition in 6.0.9.XXX we have encrypted the passwords and the
patient SSN etc,

Rahul

—- In .(JavaScript must be enabled to view this email address), “John OConnor, M.D.”
<droconnor@m…> wrote:
>
> I understand the importance in levels of security. However, the
way
> my office runs, I can’t see how I could not allow all employees (3
> front office, 4 nurses, 1 office manager) full access. With the
> program divided into 3 parts, for various reasons, they all need
> access to front/mid/back office in eCW.
>
> I just don’t see me limiting my front office staff to only the
> scheduling module, when they answer billing questions and fax med
> lists and recent tests to the hospital. My nurses need the
inurance
> info for referrals, etc.
>
> So, even if eCW puts in elaborate security, I don’t think I’d do
> anything different.
>
> By the way, I downloaded the new ICD-9 codes and installed them in
a
> snap. Boy, was that easy. Clear and simple instructions. I’m our
> practice’s “on-site” IT guy, and I’m glad I didn’t have to call in
> the professional for such, what I now know is, a simple task.
>
> Thanks to eCW support for a smooth process.
>
> Chris
>
>
> *************************
>
>
> Password Security:
>
> The questions raised about password security levels for users by
> Praveen and
> Kimberly are VERY important, and to my knowledge have not been
> adequately
> addressed by eCW here. I have assumed (always a risky practice)
that
> eCW was at
> least as good as most other EMRs at defining security levels and
> accessability
> of parts of the program to users at different levels; it’s pretty
> easy to define
> with a simple table, and when we had access to a demo I thought I
> saw such a
> table in the Adminstrative section (do not yet have the program on
> hand). The
> Administrator ought to be able to specify exactly which users have
> access to
> specific functions (e.g. types of reports); this capability in PMSs
> is far older
> than HIPAA.
>
> IF eCW does not have such well-defined security, then this is a
> serious omission
> that ought to be remedied forthwith, if necessary with an
> intermediate release
> (e.g. 6.5.1). Perhaps Rahul or Girish can clarify the situation,
> before the
> anxiety level here builds any further.

Post generated using Mail2Forum (http://m2f.sourceforge.net)