beautypg.com

A word on hipaa – Welch Allyn Cardioperfect Workstation, Software Version 1.6.5 - Installation Guide User Manual

Page 28

background image

CardioPerfect Workstation

DIR 80013928, Ver. F

28 / 56

The Admin and SA accounts contain special privileges

Admin account
The Admin account is a CPWS user account that gives access to workstation functionality that can
only be used by the system administrator, such as the Administrator tool.
The Admin account can perform every possible action. To prevent abuse, change the password of this
account after installation. If domain users have been added as administrators, the built-in Admin
account can be disabled or deleted.

SA account
The SA account is an MSDE server administrator login that gives access to functionality related to the
database.
If the SQL engine is installed by the CardioPerfect installation program, the SA account password is

Cardio.Perfect

.

To prevent abuse, change the password for this account after installation.

A word on HIPAA

As of April 2003, the Privacy provisions of the US Health Insurance Portability and Accountability Act of
1996 are mandatory for all entities except small health plans. Among other things, HIPAA requires all
repositories of Healthcare Information to provide access only to authorized individuals and to maintain an
audit trail of activity performed with that data.
Welch Allyn CardioPerfect keeps track of this audit trail in a separate database called ccdbaudit which is
installed during set-up. When upgrading from an older version, the audit database may not yet exist. Upon
detecting this situation, CPWS prompts you to run the dbbuilder tool to correct this situation.
The HIPAA mode can be switched on and off from the Administrator tool. For more information, see
“HIPAA audit functions” on page 36.
Additional functionality of HIPAA-mode

Audit trail of log-ins and attempted logins

Audit trail of data access, change, deletion, print-out, import and export of patient and test data

Anonymous access is disabled

Inactivity time-out; after not using CPWS for a period of time, it requires reentry of your password to
reactivate the program

Considerations for system administrators
In the HIPAA Settings of the Administrator tool, CPWS adds security features and audit functionality to
enable a fully HIPAA-compliant environment. In addition to this basic functionality, the overall system
configuration must also provide for measures such as security policies on passwords (for example,
password complexity and aging). We strongly recommend using NT authentication along with the security
policy enforcement that the NT Server provides.

See also other documents in the category Welch Allyn Equipment: