DSHS TB/HIV/STD Security and Database Account Management

• General Information
• Requesting New Access to a DSHS Database
• Renewing Database Access (Annual)
• Deactivating User Access from DSHS Databases
• Submitting Security Confirmation for Employees that do not Require Database Access
• Requesting VPN Remote Access (eHARS)
   

General Information

1. Security Training and Confidentiality Requirements
   Anyone needing access to a DSHS TB, HIV, or STD application or database must complete the required documents and security and confidentiality training as listed below. Database account access expires twelve months from completion of the security and confidentiality training. Access to DSHS applications and databases is subject to revocation at any time.
    
2. Local Responsible Party (LRP) Instructions
   As an LRP, you have accepted the responsibility of implementing and enforcing DSHS security and confidentiality policies and procedures within your agency. You are responsible for approving database access for any employees or contractors at your agency. DSHS will not provide individuals with access to databases without confirmation from you.
   
   LRP Designees
   Large agencies may have one or more individuals assigned as an LRP designee. The LRP retains the ultimate responsibility of implementing and enforcing security and confidentiality policies and procedures; however, the LRP may delegate the authority to approve database access requests for individuals in their agency. To assign an LRP designee, the LRP must email TBHIVSTD.AccountRequests@dshs.texas.gov stating permission and confirming they have reviewed the roles and responsibilities of an LRP designee with this individual.
   
   For more information on LRP responsibilities and duties, please see Security Policy and Procedures. 
    
3. Steps to request or retain access to DSHS databases
   1. The prospective/renewing user follows the steps to request new access, renew account access, request VPN access, or submit security documentation for staff not requiring database access.
   2. The LRP or designee reviews the documents received from the prospective user for accuracy and completeness.
   3. The LRP or designee completes the LRP fields on the Account Request form (if applicable).
   4. The LRP or designee submits documents to TBHIVSTD.AccountRequests@dshs.texas.gov, copying the individual requesting access. The email should include:
      1. A statement verifying this person is under your authority.
      2. All attachments required to gain access to the appropriate DSHS databases.
          
4. IMPORTANT
   • Include all required documents in one email. Requests with incomplete or missing documents will not be processed.
   • Requests should be sent for one individual only. If requesting access for multiple employees at the same time, a separate email must be sent for each individual.
   • Save all documents and emails for your records.
   • If you are an LRP requesting access for yourself, please note that in the body of the email.
      

Requesting New Access to a DSHS Database

The following steps apply for all new DSHS TB, HIV, or STD application and database account requests. Requests for new access to a database must come from an DSHS-approved Local Responsible Party (LRP) and/or LRP Designee for your agency. If you do not know who this individual is, check with your supervisor. DSHS will not accept requests for new access to a DSHS database without approval from an LRP or LRP designee.

Prospective User Instructions:

1. Complete the Security and Confidentiality Training course.
   • If you took the online security and confidentiality course:
     • Complete the training and pass with an 85%.
     • Save your completed course certificate as Lastname_Firstname_Agency_Strn.pdf.
   • If you took an in-class security and confidentiality course:
     • Check with your agency and/or trainer to receive a course completion certificate if not provided.
     • Save your completed course certificate as Lastname_Firstname_Agency_Strn.pdf
        
2. Complete the Account Request form. Right click on link and select "Save as" to fill out form
   • Fill out the form electronically. Please do not submit scanned copies of the document.
   • Save form as Lastname_Firstname_Agency_AccRq.pdf
      
3. Complete and sign the Confidentiality Agreement. Right click on link and select "Save as" to fill out agreement
   • Fill out the form electronically. Please do not submit scanned copies of the document.
   • Save form as Lastname_Firstname_Agency_CON.pdf
      
4. Complete and sign the Acceptable Use Agreement. Right click on link and select "Save as" to fill out agreement
   • Fill out the form electronically. Please do not submit scanned copies of the document.
   • Save form as Lastname_Firstname_Agency_AUA.pdf
      
5. TB ONLY: Complete the Notice of Change in TB Personnel form. This form is required for DSHS database access for TB personnel. 
    
6. PIOS ONLY: Contact the DSHS Pharmacy to gain access to PIOS.
    
7. Email all required documents to your DSHS-approved LRP or LRP designee. Remind them to sign the Account Request form and forward all required documents to TBHIVSTD.AccountRequests@dshs.texas.gov. It may be helpful to provide them with a link to this webpage.
    
8. Save all documents for your records.
    

Renewing Database Access (Annual)

DSHS requires all persons with access to confidential TB, HIV, STD, and/or viral hepatitis information to complete a security training and sign a Confidentiality Agreement and an Acceptable Use Agreement at time of employment and on an annual basis. This includes DSHS employees (permanent, temporary, and contractors), IT staff, volunteers, and students.

Complete the following steps to renew account access:

1. Complete the Security and Confidentiality Training course.
   • If you took the online security and confidentiality course:
     • Complete the training and pass with an 85%.
     • Save your completed course certificate as Lastname_Firstname_Agency_Strn.pdf.
   • If you took an in-class security and confidentiality course:
     • Check with your agency and/or trainer to receive a course completion certificate if not provided.
     • Save your completed course certificate as Lastname_Firstname_Agency_Strn.pdf
        
2. Complete and sign the Confidentiality Agreement. Right click on link and select "Save as" to fill out agreement
   • Fill out the form electronically. Please do not submit scanned copies of the document.
   • If you have access to a DSHS-owned or managed database/application, complete the Account Renewal Section to retain access.
   • Save form as Lastname_Firstname_Agency_CON.pdf
      
3. Complete and sign the Acceptable Use Agreement. Right click on link and select "Save as" to fill out agreement
   • Fill out the form electronically. Please do not submit scanned copies of the document.
   • Save form as Lastname_Firstname_Agency_AUA.pdf
      
4. Email all completed forms to TBHIVSTD.AccountRequests@dshs.texas.gov.
   • Use the email subject line:
     • If you use a database/application listed in the account renewal section: Annual Renewal + database_Last Name FirstName
     • If you do not use any databases listed on form: Annual Renewal non-database_Last Name FirstName
5. Save all documents for your records.
    

Deactivating User Access from DSHS Databases

A supervisor or LRP is responsible for notifying the DSHS HIV/STD Section Privacy Coordinator when an employee ends employment with the agency or changes to a new department or role that will no longer require the individual to access database(s).

1. Complete the Account Deactivation Request form to deactivate an account for THISIS, GlobalScape, eHARS, NTIP, TB GIMS, EDN, or TB Labware. Right click on link and select "Save as" to fill out form.
    
2. TB ONLY: Complete the Notice of Change in TB Personnel form.
    
3. PIOS ONLY: Contact the DSHS Pharmacy to gain access to PIOS.
    
4. Email all completed forms to TBHIVSTD.AccountRequests@dshs.texas.gov. Use the email subject line: Account Deactivation_Last Name FirstName.
    
5. Save all documents for your records.
    

Submitting Security Confirmation for Employees that do not Require Database Access

Complete the following steps to submit security and confidentiality requirements:

1. Complete the Security and Confidentiality Training course.
   • If you took the online security and confidentiality course:
     • Complete the training and pass with an 85%.
     • Save your completed course certificate as Lastname_Firstname_Agency_Strn.pdf.
   • If you took an in-class security and confidentiality course:
     • Check with your agency and/or trainer to receive a course completion certificate if not provided.
     • Save your completed course certificate as Lastname_Firstname_Agency_Strn.pdf
        
2. Complete and sign the Confidentiality Agreement. Right click on link and select "Save as" to fill out agreement
   • The Confidentiality Agreement must be completed in Adobe Reader. Completing the agreement in Chrome or another web browser window will prevent you from signing the form.
   • Save form as Lastname_Firstname_Agency_CON.pdf
      
3. Email all completed forms to your local responsible party (LRP).
    
4. Save all documents for your records
    

Requesting VPN Remote Access (eHARS)

Anyone requiring access to eHARS must submit a VPN Remote Access Form including DSHS employees. Read and follow these steps carefully—not all steps are listed on the form itself and incomplete forms will not be processed.

1. Send an email to TBHIVSTD.AccountRequests@dshs.texas.gov to request the most recent version of form be emailed to you. Please do not save or share this form unless directed otherwise by DSHS Central Office staff.
    
2. Fill out all highlighted sections.
    
3. In the Applicant section, the Company Contact field should be the name of your supervisor. Please include your supervisor’s email in the same field, below his/her name. Your supervisor’s phone number should go in the Telephone Number field to the right of the Company Contact field.
    
4. The Requesting Sponsor is a manager from DSHS Central Office. The name and contact information for the Requesting Sponsor is filled out, but you will still need to email the completed form signed by you to TBHIVSTD.AccountRequests@dshs.texas.gov. Forms without this signature will not be accepted.
    
5. When writing a Business Justification, be sure to include eHARS in your statement.
    
6. In the Protocols field of the VPN Access section, select the method you will use to access the server. The IP addresses needed for eHARS access have been entered in the DSHS Remote Access Destinations field. Add any other destinations you may need, if applicable.
    
7. In the User Agreement section, check all boxes to indicate you have read and agree to the terms and conditions.
    
8. Sign and date the form.
    
9. Review form to ensure all steps listed above have been completed and information entered is correct.
    
10. Save the document as LastName_FirstName_Agency_VPN (e.g. Smith_John_Houston_VPN).
     
11. Email as High Priority to TBHIVSTD.AccountRequests@dshs.texas.gov:
    1. Use the subject line VPN Requesting Sponsor Signature Needed
    2. Attach completed and signed form. 
        
12. Requesting Sponsor will sign and date the form, then email completed form to the helpdesk. You will be copied on the email, so you will have confirmation that your form has been submitted 
     
13. IT will contact you with information and next steps.