Local CMBHS Security Administrators
The business entity/provider must designate at least one person to function as Local CMBHS Security Administrators for their organization and one person as back-up. The Local CMBHS Security Administrators control and manage access to CMBHS for their business entity. They are responsible for protecting the confidentiality of client health care information and ensuring that staff have access to the client records they need to deliver and document services.
The position of Local CMBHS Security Administrator must be filled by a highly trusted person as they will have unlimited access to business, staff and client information and above average computer skills are needed. The persons assigned this role must be available whenever needed to address users problems.
You may contact the Texas Department of State Health Services (DSHS) CMBHS Helpdesk at 1-866-806-7806 to discuss the role requirement and how many persons should be designated in this role for your business entity.
NOTE for previous users of BHIPS:
- The Local CMBHS Administrator role is comparable to the role of Security Administrator in CMBHS.
CMBHS User Administrator
The business entity/provider may designate one or more persons to function as CMBHS User Administrators. The User Administrator is an add-on role that can be given to several employees to handle routine support issues encountered by staff. This role is similar to the Local CMBHS Administrator in that they share some functions (generating new passwords and updating staff information) but the roles are different in scope. The User Administrator role does not provide the user any additional access to client information.
NOTE for previous users of BHIPS:
- The CMBHS User Administrator role did not exist in BHIPS.
SECURITY
CMBHS is designed to ensure that Local CMBHS Security Administrators and all users have access to all parts of CMBHS needed to do their jobs, while maintaining compliance with State and Federal laws regarding the protection of client identifying information.
It is important that every business entity using CMBHS ensure that it’s Local CMBHS Security Administrators and every user of CMBHS is highly knowledgeable of all applicable laws and rules related to the maintaining the security of the CMBHS system and protection of client identifying information.
PROTECTION OF CLIENT IDENTIFYING INFORMATION
Each CMBHS user business entity is responsible for ensuring that all users it gives access to are knowledgeable of all rules and regulations regarding protection of client health information and the businesses policies and procedures. The user business entity is responsible for informing each user that in addition to access they must have a legitimate “need” to view a client record before they may do so. Also inform users that CMBHS maintains a permanent record of all CMBHS users, the client records they have accessed and of every act performed within that record.
The only way to successfully accomplish the effective protection of client health information is through the enforcement of policies and procedures, the provision of regular staff training and implementing an effective means of oversight. Users business entities must provide training on confidentiality prior to allowing new staff access to CMBHS and have employees sign statements that they are knowledgeable of all applicable laws, rules etc. and will follow them. A measure of staff competency is also needed as simply participating in training and signing a pledge does not ensure competency.
If a breech of the procedures to protected client health information occurs, the business entity must report the breech in a manner consistent with DSHS policy and procedure. The breech must also be addressed by the business entity on the system, staff and client level to determine the cause of the breech and prevent a reoccurrence and to deal with the consequences of the breech for the client, if they may be any. Ultimately, the organization is responsible for any unauthorized access to the CMBHS system due to failure to educate, inform and/or maintain/update user information or failure to properly implement security procedures.
RESOURCES
For information about the confidentiality of alcohol and drug abuse patient records, click the following link:
http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&rgn=div5&view=text&node=42:1.0.1.1.2&idno=42
Working with DSHS
As the Local CMBHS Security Administrator for your business entity, you will be working closely with the DSHS Mental Health and Substance Abuse Services, Training and Technical Assistance Unit and other groups as needed to ensure that CMBHS operates as intended. In addition to training, this unit provides ongoing support to users through the CMBHS Help Desk.
It is important that you establish a productive working relationship with this group, so you can get the assistance that you need as quickly as possible. This is discussed in CMBHS Training but can easily be accomplished by any Local Administrator. Understanding the abilities and limitations of the Help Desk staff can be part of this process.
Detailed information about each call to the CMBHS Help Desk is entered into a database to facilitate the tracking, exchange of information, and system improvements. When you call the CMBHS Help Desk you will be asked some routine questions such as your business entity/provider name, your name etc for documentation purposes.
Local CMBHS Security Administrator Workspace
The Local CMBHS Administrator is provided a Workspace in CMBHS, Security Admin Workspace DAS001.
The Local CMBHS Administrator Workspace has two (2) sections.
In the list of staff, you can CLICK ON the column headers that are in blue and underlined to sort the staff names by that feature.
CLICK HEREto go to Initial Set-up for Local CMBHS Administrators.