Transcription
AHS Identity & Access ManagementANP User GuideAlberta Health ServicesIdentity & Access Management (IAM)Alberta Netcare Portal (ANP)User Guide
AHS Identity & Access Management (IAM)ANP User GuideTable of ContentsIntroduction. 3AHS IAM Request Process . 3Who can have access to Alberta Netcare Portal (ANP)? . 3Who can approve access to Alberta Netcare Portal?. 4AHS IAM Terms & Definitions . 5AHS IAM Alberta Netcare Portal Facility List . 6Alberta Netcare Portal Learning Resources . 8Alberta Netcare Portal Login page . 8Alberta Netcare Portal Permission Matrix . 8ANP Training Recommendations . 8Submitting an IAM Access Request . 9Submitting a New Access Request . 9Amending Existing Access . 17Submitting a Modify Access Request . 17Removing Alberta Netcare Portal Access . 25Submitting a Remove Access Request . 25Approving Alberta Netcare Portal Access . 30Approving for an IAM ANP Access Request . 30First time Netcare Login Instructions . 33Synchronizing your ANP and PIN/PD Passwords . 33IAM ANP Update Authorized Approver . 34IAM ANP Update Authorized Approver: Reassign & Manager Transfer Tools . 34IAM ANP Reassign AA Tool. 35Quick Steps: . 35User ANP Reassign AA . 35Manager ANP Reassign AA. 35Detailed Steps: . 36Manager submitting an ANP Reassign AA request . 39IAM ANP Manager Transfer Tool . 43Quick Steps: . 43Manager ANP Manager Transfer . 43Detailed Steps: . 44Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 2
AHS Identity & Access Management (IAM)ANP User GuideIntroductionThe Alberta Health Services Identity & Access Management (IAM) system is a provincial tool that managesconfidential identity information and resources to various applications. This tool allows you to request access tosome online services and applications, including Alberta Netcare Portal (ANP). AHS IAM is used by AHS, AHSAffiliated sites, and community organizations who require access to ANP for both clinical and non-clinical staff.For more information about AHS IAM, please visit the AHS IAM homepage on Insite.This user guide is written specifically for AHS and AHS Affiliate staff accessing the AHS IAM system. If you are acommunity custodian, please visit the Alberta Netcare Learning Centre for more detailed information as theprocess is different for those outside of AHS.AHS IAM Request ProcessTo submit an access request for yourself or someone else, an individual can log into the AHS IAM system withtheir network user ID and password. End-users, managers, or authorized approvers can request new access toan application, amend an existing account, or remove access using the AHS Identity & Access Management(IAM) system. IAM automatically routes each request through a designated workflow, providing automated emailupdates at each stage of the process from submission to completion. Once an access request for ANP isapproved by the Authorized Approver, it will be routed to the IT Access Netcare team for provisioning. Theturnaround timeframe is 10 business days, and the request status and number can be easily monitored.This guide will outline the steps required to successfully submit an access request forANP and use of other IAM ANP tools: New (Create) access requestModification to existing accessRemoval of existing accessReassigning an ANP authorized approverTransferring a manager for multiple end-usersWho can have access to Alberta Netcare Portal (ANP)?Alberta Netcare Portal (ANP) is a secure provincial Electronic Health Record (EHR) system that containspersonal health, lab test, pharmaceutical and demographic information. It provides in-context access to two othersystems: the Pharmaceutical Information Network (PIN) and Person Directory (PD). ANP is accessed bythousands of diverse healthcare professionals in both clinical and non-clinical positions throughout Alberta andthe Northwest Territories. Access to ANP, PIN and PD, is based on a secure end-user role and profession matrixdesigned in accordance with the Health Information Act (HIA) and the Netcare Information Exchange Protocol(IEP). End-user permissions provide the necessary, but least, amount of access to information to perform theirjob role professionally and discretely.An authorized end-user, a Custodian or Affiliate (as defined in the HIA), is generally an individual who in thenormal course of their job duties has a business need to view and/or update a patient’s electronic health record,such as: Viewing a patient’s test results or current medicationsUpdating a patient’s demographic informationPrescribing or dispensing a medicationRecording an allergy or intoleranceVersion March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 3
AHS Identity & Access Management (IAM)ANP User GuideWho can approve access to Alberta Netcare Portal?Each individual requesting access to ANP requires their own AHS IAM access request. Every access requestsubmitted through AHS IAM requires an AHS manager’s approval or that of a designated authorized approver.The individual approving access agrees to the following. Access to AHS information is necessary to fulfill authorized AHS duties and responsibilities.Access permissions provide the minimum information necessary to perform the duties andresponsibilities.They have verified that the end-user requiring access has completed all necessary training, includingAHS Privacy & Security Training and have signed the AHS Confidentiality and Information TechnologyUser Agreement.They will be the point of contact for follow-up regarding annual review of access.They will modify the end-user’s access as needed using AHS IAM to ensure access is correct and up todate.They will notify AHS IT Access Netcare of any changes to the end-user’s access.The authorized approver must meet one of the following conditions: Have an AHS Delegation of Human Resources Authority Level 1-12Have an Covenant Health Delegation of Human Resources Authority Level 1-6Be a pre-approved AHS IAM Authorized Approver for ANP. Only available when a DOHRA structure isunavailable.The delegation of Human Resources Authority (DOHRA) is based on job title. If you believe you should be ableto approve an ANP access request based on your job title and DOHRA level, please contact AHS HumanResources.Staff who are not governed by either AHS or Covenant Health DOHRA must apply to become an AHS IAM ANPAuthorized Approver. Please contact the AHS IT Service Desk to initiate this process. Published on the AHSIAM Support page is the Authorized Approvers List which contains a list of current ANP Authorized Approversand their organizations.Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 4
AHS Identity & Access Management (IAM)ANP User GuideAHS IAM Terms & DefinitionsThese definitions may or may not be the same as your organization’s definitions.AHS EmployeeAHS staff who has been on-boarded and paid through AHS HumanResources e-People.AHS Affiliated EmployeeAn individual who has been on-boarded and paid through AHS HumanResources e-People. Examples: Covenant Health, Alberta PrecisionLaboratories.AHS Non-EmployeeAn individual not on-boarded or paid through AHS Human Resources ePeople.ContractorAn individual who is engaged by AHS to perform services for or on behalf ofAHS under contract or agency relationship. They may or may not be foundin e-People.Community End-UserAn individual who works for a privately owned health care delivery facility.Combination End-UserAn individual with various End-user Types from having multiple employment(a combination of Employee, Non-Employee, or Community status).RequesterAn individual who submits or initiates an AHS IAM request for themselves orfor another staff member.Authorized ApproverAn individual who can approve requests in AHS IAM. Is also known as aManager, Group Authorized Approver, or Medical Staff Office ApproverGroup. They are commonly set up to approve for a specific group orapplication.Access EntitlementRefers to an application or resource available in IAM like Alberta NetcarePortal (ANP). End-users can have access to an entitlement at more than onelocation depending on the business or system rules set up for eachentitlement.Sunset / Expiry DateA Sunset Date is assigned to every access at the time of set-up. The defaultdate is one year in the future but can be shortened to fit the duration ofemployment or accommodate a need for short-term access.Access CertificationAccess Certification is a quality and security practice performed byAuthorized Approvers. It verifies that access is still needed, that the correctand current Authorized Approver is connected to the end-user, and that theaccess permissions are appropriate.Click here to view the ANP Access Certification Fact Sheet for moreinformation.180-day InactivityFor security purposes, after 180-day of inactivity (approximately 6 months) anindividual’s ANP account will be automatically disabled.Click here to view the ANP 180-day Inactive Access Account Disabling FactSheet for more information.Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 5
AHS Identity & Access Management (IAM)ANP User GuideAHS IAM Alberta Netcare Portal Facility ListANP requires a facility selection for the individual’s organization they are working for and/or physical site they areworking at. The following list outlines the facility codes for AHS, Covenant Health, and AHS Affiliated sites:Click here to view the AHS IAM list of Authorized Approvers for AHS Affiliates and AHS Non-Employees (e.g.physicians, students, researchers).Alberta Health Services 28CB28CB provides access to all AHS facilities. A universal code is available for any AHS employee ornon-employee to use when working for AHS.Alberta Health Services (Affiliates) GCJJGCJJ provides access to all AHS Affiliated sites. A universal code is available for any staff to use atthe following organizations:o AgeCare Groupo Alberta Precision Laboratories (APL)o Aspen Ridge Lodge Didsburyo Bethany Groupo Bow Crest Care Centreo Bow View Manoro CapitalCare Groupo Carewesto Chinatown Multi-Level Care Foundationo Covenant Careo Dynalifeo Extendicare Canada Inco Foothills Country Hospice Societyo George Spady Societyo Intercare Corporate Group Inc.o Jasper Place Continuing Careo Lamont Health Care Centreo McKenzie Towne Care Centreo Miller Crossing Care Centreo Mount Royal Care Centreo PROVLABo Rivercrest Lodge Nursing Homeo Riverview Care Centreo Rosedale Hospiceo Safe Harbor Societyo Salvation Army Agape Hospiceo Shepherd’s Care Foundationo Sundre Seniors Supportive Living Facilityo South Terraceo The Brenda Strafford Foundationo Wing Kei Care Centre & Wing Kei Greenviewo Zeidler LedcorCovenant Health SitesCovenant Health maintains individual facility codes, where the selection will be based off of theindividual’s primary site(s):o Bonnyville Healthcare Centre 978Do Covenant Health GAXFo Covenant Pharmacy, Calgary GCH4Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 6
AHS Identity & Access Management (IAM)ANP User GuideoooooooooooooooEdmonton General Continuing Care Centre B776Grey Nuns Community Hospital B782Killam Health Care Centre 970EMary Immaculate Care Centre 978EMineral Springs Hospital 9681Misericordia Community Hospital B783Our Lady of the Rosary Hospital 96EFSt Joseph's Auxiliary Hospital 2CE4St Mary's Health Care Centre 2DA6St Michael's Health Centre 2D10St. Joseph's General Hospital 978FSt. Joseph's Home GBLGSt. Mary's Hospital 9701Villa Caritas GARSYouville Auxiliary Hospital (Grey Nuns) of St. Albert G7QDAHS Lloydminster Hospital GC9KReserved for Lloydminster Hospital staff onlyAlberta HealthReserved for Alberta Health staff only:o AH ATB Place North 0033o AH Provincial Service Desk 0002o Canadian Blood Services GBH8o CGI Edmonton Canadian Western Bank 250Co eHealth Support Services Team 0020o IBM Canada Limited GHQKo Office of the Chief Medical Examiner (OCME) GHDEVersion March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 7
AHS Identity & Access Management (IAM)ANP User GuideAlberta Netcare Portal Learning ResourcesThe Alberta Netcare website contains a lot of great information for all Alberta Netcare Portal end-users:Alberta Netcare Portal Login pageLogin to Alberta Netcare Portal (ANP)Quick links are provided on the ANP homepage for:The Newsfeed for downtime and release informationThe Learning CentreThe Training EnvironmentPrivacy, Security, and Confidentiality of Patient InformationTerms of Use and DisclaimerAlberta Netcare Portal Permission MatrixThis access matrix identifies the Netcare Roles available and each of their restricted and optional components.For additional information on Netcare Roles please visit the Learn by Role webpage:The Alberta Netcare Portal Permission MatrixANP Training RecommendationsThe Alberta Netcare Learning Centre provides many types of training to suit learners’ needs and preferences,such as self-guided instructions, FAQs, eDemos, and learning paths. Key topics include: ANP, Person Directory(PD), Pharmaceutical Information Network (PIN), eReferral, and a Learn by Role section that specificallyreferences resources associated with an access level. We recommend you bookmark this page for continualreference.Listed below are some recommended training materials that can be found on the ANP Learning Centre. Alberta Health Services Access Setup Guide(Configuring homepage, steps for synchronizing ANP and PIN/PD passwords)Getting Started in Alberta Netcare Portal User GuideNew Alberta Netcare User Self-Study ActivityLearn by RoleRefresher training for existing users (webinar)Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 8
AHS Identity & Access Management (IAM)ANP User GuideSubmitting an IAM Access RequestSubmitting a New Access Request1. Go to the AHS IAM login page. Login by entering your username and password.2. From the AHS IAM Homepage, click on Request or Modify Access.Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 9
AHS Identity & Access Management (IAM)ANP User Guide3. The User Search will display four options available to search and select an end-user: Myself, Existing User(default), Multiple Users, and New User. The Multiple Users option is not currently available for the ANPentitlement.MyselfSelect Myself, if you have logged into IAM as yourself and want to submit an access request for yourself.Select Existing User, to search using the find a user field. It is best to use the end-user’s exact username toensure the correct individual has been selected. The Advanced Search option can narrow down the results, ifnecessary.Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 10
AHS Identity & Access Management (IAM)ANP User GuideExisting UserClick Select beside the matching end-userNew UserSelect New User, to create a new IAM Identity account. To begin, enter the end-user’s legal name and date ofbirth. Click Create New User. A Network Access Request (NAR) will automatically be added to the request.You may be presented with a list of Possible Duplicate Users. Verify the end-user does not already have anexisting IAM Identity account. Confirm the end-user’s Name, User ID, and Date of Birth. If no match is found, click Create New User againIf a match is found, click Select Existing user If a matching Disabled User is selected, the reactivation of an AHS Network Account Request (NAR)will be automatically added. For further instructions on submitting a NAR, please refer to NetworkAccess Request (NAR) User Guide found on the AHS IAM support page. If a suspected duplicate account is flagged, your NAR may go for manual review with the IAM Adminteam upon submission. This is to avoid the creation of a duplicate account for the user as a duplicatecan impact a user's access to the network and other resources.Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 11
AHS Identity & Access Management (IAM)ANP User Guide4. Under Available Entitlements, beside the Alberta Netcare Portal entitlement, select Request Access (it willappear as Change Access if the end-user has an existing account). The selected entitlement will move thebottom of the page. If Remote Access does not appear in the entitlements list it is automatically being addedto the request because end-users who do not have direct access to the AHS Network will be required toconnect remotely.Click Next to continueVersion March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 12
AHS Identity & Access Management (IAM)ANP User Guide5. The Complete Access Request page will appear, defaulted with the Request Type as New. From the facilitiesquick pick list, select the checkbox beside the desired site (AHS, Covenant, or Affiliate Facilities). Ifunsure of which facility code to use, please reference the AHS IAM Alberta Netcare Portal Facility List locatedin this user guide. The facility will appear below. If the end-user works at more than one Covenant Healthfacility multiple sites can be selected.6. Choose a Profession and Job Role from the drop down lists. If the exact profession does not match selectsomething similar or Unknown/Other. The comments field can be used to include the exact profession anddescription of it.The following professions require an active College License ID: Chiropractor, Dental Hygienist, Dentist,Medical Doctor, Optometrist, Nurse Practitioner, Pharmacist, and Registered Dietitian. If a CollegeLicense ID validation error is received, please refer to the College License Information ModificationProcess for troubleshooting.Students such as Fellows, Residents, Medical Interns, Nurse Practitioner Interns, Dietary Interns andPharmacy Interns, can select Unknown as the Profession to bypass the College License ID validationstage and choose the appropriate Job Role.7. Choose an appropriate Netcare Role and any additional PD or PIN Access components. If you are unsurewhich permission level to select, or would like to review the standard versus optional components, pleaserefer to the Netcare Role Section Guide or the Learn By Role webpages. It is advisable to confirm withthe Authorized Approver that the best permissions and roles have been chosen.Reminder: Clinical 1 is a restricted Netcare Role. It reserved for professions that can prescribe. Typicalprofessions assigned this Netcare role are privileged physicians and nurse practitioners.Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 13
AHS Identity & Access Management (IAM)ANP User Guide8. A Sunset Date is assigned to ANP access. The Sunset Date is set to a maximum of one year from the datethe access was granted. Requesters can modify the date to less than one year to accommodate short termuse of ANP, such as a student rotation for 13 weeks.9. For the additional access options only select those that are required: Edmonton Zone Access –individuals in the Edmonton Zone can select this option to have access toPatient Lists functionality (displayed for WDFA28CB or GCJJ). Pharmacy Batch Access - this access enables an individual to utilize an additional Pharmacy Softwaresystem to send dispense information to PIN through the file transfer utility / batch messaging portion ofPIN. Remote Access Required - this option provides the end-user with a FOB so they can access ANP froma remote site. If the Remote Access checkbox is selected the Remote User Network Access (RUNA)form will automatically appear below. For instructions on how to complete this section please refer to theRUNA User Guide found on the AHS IAM support page.10. Search and select the Authorized Approver by using the find a user field. It is best to use the manager’sexact username to ensure the correct individual has been selected. Use the advanced search option tonarrow down the results, if necessary. Click Select beside the approver’s name.An Unqualified Authorized Approver appears greyed out in the search results. That individual cannot be select asthey will not have the correct DOHRA level or permissions to authorize for the facility being requested. Anappropriate approver must be assigned in order to submit the request. Please refer to the introduction of this userguide for more details on who can approve Alberta Netcare Portal access.Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 14
AHS Identity & Access Management (IAM)ANP User Guide11. Lastly, review and submit the IAM request for processing. A Request Notes field is available for both theRequester and Authorized Approver. Helpful comments to include could be a student or contractor’s rotationdates, a description of a unique profession, or any other information that may help the AHS IT AccessNetcare team verify the end-user. Click Submit Request when ready. Save As Draft – will save a draft to the homepage where it can be resumed later.Previous – will return to the initial Entitlements List page.Cancel – will close the request returning you to the homepage.Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 15
AHS Identity & Access Management (IAM)ANP User Guide12. The Request Status screen will appear with a request number for your records. The Requester will receivean email notification from Identity Management Services indicating that the access request was successfullysubmitted. The Authorized Approver will receive an email notifying them a request requires their approval. Ifthe Requestor is the Authorized Approver submitting the request, the manager’s approval stage is bypassed.Once the approval stage is complete the remaining steps in the workflow will proceed for an IT AccessNetcare Analyst to provision the access.13. Once the request has been processed, the Requester will received an email notification it was successfullycompleted. ANP access credentials will be emailed to the Authorized Approver listed if they have aninternal email address. If the Authorized Approver is external an IAM Work-item will be created for themanager to pick up from their Work Requests queue in IAM. It is the Authorized Approver’s responsibility toprovide access credentials to the end-user and support them in successfully accessing the ANP application.Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 16
AHS Identity & Access Management (IAM)ANP User GuideAmending Existing AccessSubmitting a Modify Access Request1. Go to the AHS IAM login page. Login by entering your username and password.2. From the homepage, click on Request or Modify Access.3. The User Search will display four options available to search and select an end-user: Myself, Existing User(default), Multiple Users, and New User. The Multiple Users option is not currently available for the ANPentitlement.Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 17
AHS Identity & Access Management (IAM)ANP User GuideMyselfSelect Myself, if you have logged into IAM as yourself and want to submit an ANP request for yourselfExisting UserSelect Existing User, to search using the find a user field. It is best to use the end-user’s exact username toensure the correct individual has been selected. The Advanced Search option can narrow down the results, ifnecessary.Click Select beside the matching end-userVersion March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 18
AHS Identity & Access Management (IAM)ANP User Guide4. Under Available Entitlements, beside the Alberta Netcare Portal entitlement, select Change Access (itwill appear as Request Access if the end-user does not have an existing account). The selectedentitlement will move the bottom of the page. Click Next to continue. You may select other entitlementsat the same time for a combination access request.The Complete Access Request page will appear, defaulted with the Request Type as Modify. An end-usercan access ANP at multiple locations with different managers, facilities IDs, and roles. The view of a modifyrequest may look different depending on who is initiating the request:Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 19
AHS Identity & Access Management (IAM)ANP User GuideIf assigned Authorized ApproverModification of an existing ANP access is best completed by the assigned Authorized Approver as only they havethe permissions to view that specific location’s information (i.e., the Requester is the current AuthorizedApprover).Changes can be made to the Profession, College License ID, Job Role, Netcare Role, optional access (PD,PIN, Edmonton Zone, Pharmacy Batch, Remote Access), or the Sunset Date, as required. In this scenario,upon submission of the request, the manager’s approval stage will be skipped as the entitlement manager isinitiating the request.Version March 2022Screen shot data are fictitious. If you notice differences between AHS IAM and the screen shots shown, trust AHS IAM.Page 20
AHS Identity & Access Management (IAM)ANP User GuideIf not assigned Authorized ApproverModifications to add additional access locations can still be completed by anyone. They will b
the Northwest Territories. Access to ANP, PIN and PD, is based on a secure end-user role and profession matrix designed in accordance with the Health Information Act (HIA) and the Netcare Information Exchange Protocol (IEP). End-user permissions provide the necessary, but least, amount of access to information to perform their
