Best IT Documents.com Blog


CERNER – IT Security Applications Group Manager Roles

Posted in Compliances (1300),Health Care HIPAA - HITECH - HITECH (98) by Guest on the July 31st, 2015

CERNER Clinical

CERNER Clinical – LIS

Manage team responsible for the development, implementation and support of the Cerner Millennium PathNet applications used in the laboratory environment, which includes Anatomic Pathology, Blood Bank, General Laboratory, Outreach Services, Specimen Management and the integration with Medical Device Interfaces (MDIs).

CERNER Clinical – Pharmacy and Medication Management

Manage team responsible for the development, implementation and support of the applications supporting pharmacy and medications management, which include Cerner Millennium PharmNet, BCMA (CareMobile), ePrescribing, and Medication integration within Cerner Millennium PowerChart.

CERNER Clinical – Clinical Documentation

Manage team responsible for the development, implementation and support of applications supporting Clinical Documentation and HIM within Cerner Millennium, which includes Nursing and Physician Documentation and Nursing and Physician Order Entry in Millennium applications such as PowerChart, FirstNet, INet, SurgiNet, HIM, etc.

CERNER Clinical – Ancillary

Manage team responsible for the development, implementation and support of applications supporting Ancillary Departments, which includes Cerner Millennium Enterprise Scheduling, SurgiNet, FirstNet, and RadNet.

CERNER Clinical – Application Administration

Manage team responsible for the development and coordination of application technical activities to support application implementation and support objectives in the areas of Cerner System Architecture, Cerner Millennium CORE, Charge Services, Foreign System Interfaces, and CCL Programming.  Ensures that technical strategy decision, implementation activities, and production support are in agreement with vendor specifications and overall system architecture.

 

MEDITECH Clinical Applications

MEDITECH Clinical – LIS

Manage team responsible for the development, implementation and support of the Meditech LIS applications used in the laboratory environment, which include General Laboratory, Microbiology, Anatomical Pathology, BloodBanking and outreach services. Must have strong understanding of laboratory workflow processes.

MEDITECH Clinical – Pharmacy and Medication Management

Manage team responsible for the development, implementation and support of the applications supporting pharmacy and medications management, which include Pharmacy, EDM RXM, BMV (BCMA), e-prescribing and formulary services such as First Databank. Must have strong understanding of pharmacy workflow processes.

MEDITECH Clinical – Clinical Documentation

Manage team responsible for the development, implementation and support of applications supporting Clinical Documentation, which include Nursing and Physician Documentation, Order Entry, PCI, Departmental and Iatrics. Must have strong understanding of nursing, clinical documentation and CPOE.

MEDITECH Clinical – Ancillary

Manage team responsible for the development, implementation and support of applications supporting Ancillary Departments, which includes Community Wide Scheduling, Staffing & Scheduling, Radiology, Imaging Services, Mammography, OR and ED. Must have strong understanding of the processes supporting the Radiology, ED and OR environments.

 

Comments Off on CERNER – IT Security Applications Group Manager Roles

MEDITECH – IT Security Applications Group Manager Roles

Posted in Compliances (1300),Health Care HIPAA - HITECH - HITECH (98) by Guest on the July 30th, 2015

MEDITECH Clinical Applications

MEDITECH Clinical – LIS

Manage team responsible for the development, implementation and support of the Meditech LIS applications used in the laboratory environment, which include General Laboratory, Microbiology, Anatomical Pathology, BloodBanking and outreach services. Must have strong understanding of laboratory workflow processes.

MEDITECH Clinical – Pharmacy and Medication Management

Manage team responsible for the development, implementation and support of the applications supporting pharmacy and medications management, which include Pharmacy, EDM RXM, BMV (BCMA), e-prescribing and formulary services such as First Databank. Must have strong understanding of pharmacy workflow processes.

MEDITECH Clinical – Clinical Documentation

Manage team responsible for the development, implementation and support of applications supporting Clinical Documentation, which include Nursing and Physician Documentation, Order Entry, PCI, Departmental and Iatrics. Must have strong understanding of nursing, clinical documentation and CPOE.

MEDITECH Clinical – Ancillary

Manage team responsible for the development, implementation and support of applications supporting Ancillary Departments, which includes Community Wide Scheduling, Staffing & Scheduling, Radiology, Imaging Services, Mammography, OR and ED. Must have strong understanding of the processes supporting the Radiology, ED and OR environments.

 

Comments Off on MEDITECH – IT Security Applications Group Manager Roles

Ambulatory Physician Services – IT Security Applications Group Manager Roles

Posted in Compliances (1300),Health Care HIPAA - HITECH - HITECH (98) by Guest on the July 29th, 2015

Ambulatory Physician Services – Ambulatory EMR

Manages team responsible for development, implementation and support of ambulatory electronic medical record across Corporate facilities to include Allscripts and eClinical Works as the Corporate standards as well as legacy ambulatory systems currently in place. Experience in support of an ambulatory clinical environment  and process flows required.

Ambulatory Physician Services – Physician Remote Access

Manages team responsible for assisting in support of affiliated physician sites and data sharing needs as they relate to Corporate’s ambulatory electronic medical record. Proven experience with direct physician communication and relationship building desired. Understanding of ambulatory clinical environment and process flows required.

 

Comments Off on Ambulatory Physician Services – IT Security Applications Group Manager Roles

Ancillary Services – IT Security Applications Group Manager Roles

Posted in Compliances (1300),Health Care HIPAA - HITECH - HITECH (98) by Guest on the July 28th, 2015

Ancillary Services – Diagnostic Imaging (PACS/CVPACS) 

Manage team responsible for development, implementation and support of diagnostic imaging applications.  This will include General PACS as well as Cardiac PACS applications.  Assist director in design and implementation of Corp standard application migration path.  Manage migration teams.  Must have strong understanding of the workflow processes supporting medical imaging (radiology) and cardiac catheterization laboratory environments.   

Ancillary Services – Home Health/Hospice/Telemedicine 

Manage team responsible for the development, implementation and support of applications supporting home health care, hospice and emerging telemedicine and virtual care environments.  Assist director in design and implementation of Corp standard application migration path.  Manage migration teams.  Must have strong understanding of the workflow processes supporting one or more of these environments.

 

 Ancillary Services – Advanced Clinicals 

Manage team responsible for the development, implementation and support of current applications supporting advanced clinicals.  This includes electronic ICU applications, patient monitoring applications (with Biomedical Engineering), specialty clinical applications such as Oncology, OB and Surgical Management.  Assist director in the design and implementation of Corp standard application migration path.  Manages migration teams.  Must have strong working knowledge of processes supporting advanced clinicals. 

Ancillary Services – Ancillary Legacy 

Manage team responsible for the development, implementation and support of current clinical applications that supporting Ancillary departments.  This includes legacy products such as but not limited to behavioral health, sleep lab functions, respiratory and physical medicine applications, long term care applications, and dietary solutions.  Assist director in design and implementation of Corp standard application migration path.  Manage migration teams.  Must have an understanding/working knowledge of the workflow processes involving one or more of these environments.

Comments Off on Ancillary Services – IT Security Applications Group Manager Roles

Sample Excel – Qualys Scanner Assignment Tracking

Posted in Sample - IT Spreadsheets - PowerPoints (251),Security (1500) by Guest on the July 27th, 2015

Free Excel Document download

Qualys Scanner Assignment Tracking

 

Comments Off on Sample Excel – Qualys Scanner Assignment Tracking

Sample Excel – High-Level Small Business Security tracking

Free Excel document download

High-Level Small Bus Sec Audit

 

Comments Off on Sample Excel – High-Level Small Business Security tracking

Sample Excel – Qualys External Scanner Tracking

Free Excel document download

Qualys External Scanner Tracking

Comments Off on Sample Excel – Qualys External Scanner Tracking

Sample Excel – Qualys Remediation Tracking

Posted in Sample - IT Spreadsheets - PowerPoints (251),Security (1500) by Guest on the July 24th, 2015

Free Excel document download

Qualys Remediation Tracking

 

Comments Off on Sample Excel – Qualys Remediation Tracking

Sample Excel – ISM Dispatch Queue Tracking

Posted in Sample - IT Spreadsheets - PowerPoints (251) by Guest on the July 23rd, 2015

Free Excel document download.

ISM Dispatch Queue Tracking

 

Comments Off on Sample Excel – ISM Dispatch Queue Tracking

Sample Visio – Printed Circuit Assembly Flows

Posted in Visio Samples - Stencils (457) by Guest on the July 22nd, 2015

Free Visio document download

Printed Circuit Assembly Flows

 

Comments Off on Sample Visio – Printed Circuit Assembly Flows

How much crap does an IT specialist have to put up with today

Below are the IT and Business skill and technical certifications necessary for a long a successful IT career.

Items to Consider

Target Behaviors: Analysis and Problem Solving

1)  Follows technical interrelated sets of complex issues without difficulty

2)  Asks clarifying and shaping questions geared towards thoroughly assessing critical issues

3)  Demonstrates creative and occasionally innovative approaches to information gathering within a structured framework

4)  Able to enlist the aid of client staff to provide more information/time than originally requested/agreed

5) Structures complex problems, demonstrating understanding of pros and cons of alternative approaches to structuring

6) Draws sound conclusions, applying previous experience and best practices

7) Comfortably handles shifting problems and issues, quickly integrating new findings

8) Makes distinctive recommendations which clearly demonstrate a comprehensive understanding of the issues, best practices and risk factors, and can be implemented by the client

Client / Business Development

1) Develops strength of relationship that could/does result in follow-on work

2) Understands the implications of the client’s culture and uses this knowledge to increase effectiveness

3) Maintains close contact with client during course of engagement to ensure client goals and concerns are understood and are being addressed by the program of work

4) Identifies areas of client need; works with Organization Leadership to scope them, then provides support in development discussions, preparation and negotiation of arrangement

5) Provides insights and input to new opportunities that result in compelling proposals

IP and Capability Development

1) Actively uses assignments to test new concepts or techniques, enhancing personal and organizational capability

2) Develops and utilizes network of internal and external contacts to enhance thinking

3) Is a “go to” person for advice on complex issues in area of expertise

4) Contributes to the development and delivery of internal training

5) Looks for opportunities to at least co-author/co-present to external audiences in area of specialization

6) Documents insights and re-usable deliverables and encourages their uptake

7) Identifies needs and opportunities for Practice development and proposes plans and solutions to capitalize on those opportunities

Self, Work and Client Management

1)  Prepares project plans that are realistic and achievable

2)  Communicates expectations to project team members regarding deliverable content and quality and establishes and communicates standards for deliverables

3)  Manages scope, changes to assignments and priorities as the project situation changes

4)  Effectively monitors the quality and timeliness of delivery of Organization engagements, taking action where appropriate to mitigate emerging risks

5)  Manages timely resolution of project (technical, schedule, scope and risk) issues

6)  Quickly identifies situations in which client is falling short on commitments and raises issue in a manner that contributes to its resolution

7)  Effectively communicates project status to Organization and client management

Leadership

1)   Initiative to learn and take initiative

2)   Working knowledge of the IT Infrastructure and IT Security Industry

3)   Good communalization and Presentation Skills

4)   Is a role model for Organizational Values, making decisions that support our Mission and Vision

5)   Demonstrates intellectual rigor

6)   Leads team to reconsider critical issues by presenting ideas in new ways or with new supporting data

7)   Demonstrates significant initiative in area of expertise, enabling movement of the company along a particular strategic or operational dimension

8)   Asks questions that help shape others’ thinking

9)   Holds self and others accountable for actions and outcomes

10) Demonstrates multi-dimensional decision making that accounts for business, people and client outcomes

Technical IT skills needed

Security Industry Certifications, Knowledge, Practical and Professional Experience:

1)    CISSP or equivalence practical and academic experience (over-rated), proven experience it 10 times more worth while

a.    Security+

2)    CCNA

3)  Firewalls;

b.    Netscreen

c.     Checkpoint

d.    Cisco PIX

e.    Sidewinder

4)  Proxies:

f.     Bluecoat

g.    Websense

h.    MS ISA

5)  MCSE/MCSA

i.     MS Windows 2008 or 2012

j.     MCDST

k.    MCTS

6)  Certifications:

l.     Linux

m.   Unix

n.    ITIL

o.    PMI

Experience in enterprise technology deployments

1)  Ability to translate the customer business needs into a customized proof of concept to demonstrate business value.

2)  Project experience with IT security technologies.

3)  Knowledge of security policy definition, user provisioning.

4)  Working knowledge of multiple operating systems, including Windows, Unix and Linux

  1. Ability to articulate the architecture of Unix OS and user of NIS / LDAP.
  2. Ability to articulate the architecture of SANS or similar technologies
  3. Ability to articulate the concept of Unix system kernel
  4. Authentication;

i. Ability to articulate a password sync solution for Unix, NT, Linux and Mainframe identity management solutions.

ii. Ability to articulate the concept of super-user containment and delegation.

iii. Experience integrating biometric and other Single Sign-On hardware components.

iv. Smart Cards, Token technologies, fingerprint / inis / etc. Technologies.

v. Ability to articulate the concept of User ID Synchronization and how it effects access controls.

vi. Ability to articulate the concepts related to integration of mainframe and client server access and identity management solutions.

5)  Ability to articulate the architecture of Windows operating systems and Active Directory Architecture.

a.    Describe methods for design / suggestions for directory schema enhancements for performance.

b.    A Should include concepts related to partitioning, replicas, fault tolerance and load balancing methods.

c.     Discuss the business advantages of a directory backbone.

d.    Ability to articulate the concepts of user provisioning workflow (e.g. business approver, technical approver, regular, “HR” manager, etc…)

6)  Ability to articulate the concepts of platform hardening

7)  Ability to locate and modify the configuration files on the Windows platform

8)  Ability to articulate the concept of strong protection around critical applications and data.

9)  Ability to describe and demonstrate chalk / white board identity and access control integration components.

10) Describe the concepts and design methods to improve the identity and reliability of directory services.

11)  Ability to tailor an identity and Access Management demonstration to a client’s
specific business issues.

12)  Ability to articulate the value of a combined access and Identity Management solution.

13)  Ability to demonstrate via chalk-talk / whiteboard identity management architecture.

e.  Ability to demonstrate access management product integration into enterprise and security management solutions.

f.   Ability to translate a proposed identity / access management solution into a valid technical architecture.

14)  Experience with directory technologies including MSAD, LDAP, x.500, Novell, Sun etc…

 15)  Ability to articulate LDAP, CIM, x.500 from IETF, DTMF and ITU.

 16)  Ability to articulate the concepts of Web services.

17)  Ability to articulate the integration between access control and high availability software.

18)  Convey the differences between standalone, enterprise, backbone and empire directories.

19)  Articulate the security of SSL / TLS.

g.  Describe the technical drivers for x.509 / SSL.

h.  Convey the performance advantages of SQL, Oracle, DBMS and RDBMS.

www.bestitdocuments.com

 

Comments Off on How much crap does an IT specialist have to put up with today

McKesson Information Solutions

McKesson produces many Healthcare applications including Series 2000, STAR, Care Manager and Image Manager. There are many more applications in their portfolio, but these are the prime applications that we find at healthcare facilities when we present eTrust Single Sign-on and Admin.

Each of these applications incorporates their own user and group management paradigm and authorization and authentication tables.

This document addresses the Series 2000 application with regards to building a custom option for provisioning users from eTrust Admin. Ken Lee and Mark Wettlaufer traveled to Lake Mary, FL to meet with the Series 2000 Development Group on 10 May 2004 and came away with a positive feeling about the chance of success in developing a custom option.

Key findings for Series 2000

  • Runs on the iSeries AS/400 hardware from IBM
  • Utilizes the iSeries DB2 UDB database
  • User tables address authorization (ACLs) while authentication is handled by OS/400 security
  • Application is heavily customizable and dynamic based on client needs
  • Security Code is another name for the password sting for the Series 2000 account and is currently stored in clear text with future plans for some sort of encryption
  • Password refers to the OS/400 account password
  • A user within Series 2000 is uniquely identified by:
    • library name for database instance
    • hospital code
    • 4 character “printed code”
  • All user information is primarily stored in three (3) tables and has a very simple structure
  • Client customizations (the dynamic nature of the application) are stored in fixed, known table names and/or “flat” files
  • Database tables accessible from Win32 applications with an ODBC connector (there is also a JDBC connector)
  • A user is defined to belong to a group code AND can have additional individual function codes authorizing additional functions

Concerns for developing a Custom Option for eTrust Admin

  • Dynamic / customizable nature of Series 2000 – every Series 2000 environment will be different, so our option needs to be able to read the tables / flat files where these customizations are stored and be dynamic / flexible
  • Sanity edits – our option will need to emulate the input edits performed by the user management interface of Series 2000. For example, individual users can be assigned certain rights based on the nursing station or clinic codes being used.       Series 2000 performs a “sanity” check to ensure that a nursing station or clinic code is already defined in the system before being assigned to a user. Since we will be accessing the tables via ODBC, we could store anything in any field, but that “garbage data” could have adverse effects on the system
  • Security Code storage – currently in clear text so this is not a concern but we will require commitment from McKesson to either disclose the encryption algorithm / key or provide a trusted connection or API mechanism once they implement encryption of the Security Code.

Where do we go next? Recommendations

Series 2000 looks like a very good candidate for developing a custom option for eTrust Admin. CA has many common customers with McKesson that have Series 2000 and therefore, have the pain of user management within this application. A custom option would allow our common customers to achieve all the values that eTrust Admin can provide.

The interface appears to be simple. We can get to the tables via ODBC and from McKesson’s own admission, the user tables are an extremely simple format.

To proceed, we should

  • Secure the source for the one custom option being developed for Cingular Wireless (if legally possible). The CARE option at Cingular seems like it could be a very good model for the Series 2000 option because CARE is also table driven (the dynamic, customizable nature of Series 2000)
  • Arrange another meeting with the Development Group at McKesson to arrange transfer of user table schemas and source code fragments of the “sanity” edits
  • Arrange a contact point at McKesson for questions as we proceed
  • Arrange for testing at McKesson
  • Develop a prototype of the management screens within the Admin Win32 GUI to demonstrate to McKesson and two or three prime customers for comment
  • Target two or three prime customers for beta testing this option
  • Secure agreement from McKesson to be ready to provide an API or disclose the encryption algorithm / key once they institute Security Code encryption
Comments Off on McKesson Information Solutions

Sample Excel – Test Server OS Upgrade Implementation Plan spreadsheet

Posted in O S (375),Sample - IT Spreadsheets - PowerPoints (251) by Guest on the July 19th, 2015
Comments Off on Sample Excel – Test Server OS Upgrade Implementation Plan spreadsheet

Sample Word – How does x.509 differ from PGP?

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the July 18th, 2015

Free Word document download

How does x.509 differ from PGP?

Comments Off on Sample Word – How does x.509 differ from PGP?

Sample Excel -HIPAA Application Impacts

Posted in Sample - IT Spreadsheets - PowerPoints (251) by Guest on the July 17th, 2015

Free Excel document download

HIPAA Application Impacts

 

Comments Off on Sample Excel -HIPAA Application Impacts

Sample Word – Identity Management-Vendor Discovery RFP

Posted in Compliances (1300),Information Rights Management (100) by Guest on the July 16th, 2015

Sample Word document download

Identity Management-Vendor Discovery RFP

 

Comments Off on Sample Word – Identity Management-Vendor Discovery RFP

Sample Word – Sample HIPAA Application Software Systems

Posted in Health Care HIPAA - HITECH - HITECH (98),Policies - Standards (600) by Guest on the July 15th, 2015

Free Word document

Sample Application Software Systems

 

Comments Off on Sample Word – Sample HIPAA Application Software Systems

Sample Word – Sample Day of Plan – DOP Upgrade

Posted in Data Center - SOC - NOC,O S (375) by Guest on the July 14th, 2015

Free Word document download

Sample DOP Upgrade

Comments Off on Sample Word – Sample Day of Plan – DOP Upgrade

High Level – DataCenter Build Server and Service details

Posted in Business (600),Data Center - SOC - NOC by Guest on the July 13th, 2015

Web

  • Solaris (all versions)
  • Install IBM HTTP 6.0 and 6.1
  • Build based on Build Form
  • Verification/Review Build Form
  • Build of Process
  • Configure IBM HTTP 6.0 and 6.1
  • Certification

AIX (all versions)

  • Install IBM HTTP 6.0 and 6.1
  • Build based on Build Form
  • Verification/Review Build Form
  • Build of Process
  • Configure IBM HTTP 6.0 and 6.1
  • Certification

Solaris 8 and 11

  • Install IPLANET (SunOne) 6.0 and 6.1
  • Build based on Build Form
  • Verification/Review Build Form
  • Build of Process
  • Configure IPLANET (SunOne) 6.0 and 6.1
  • Certification

WebSphere

  • Linux WebSphere Installation
  • Build based on Build Form
  • Verification/Review Build Form
  • Build of Process
  • Linux WebSphere Configuration
  • Certification

Linux (all versions)

  • Install IBM HTTP 6.0 and 6.1
  • Build based on Build Form
  • Verification/Review Build Form
  • Build of Process
  • Configure IBM HTTP 6.0 and 6.1
  • Certification

ZLinux (all versions)

  • Install IBM HTTP 6.0 and 6.1
  • Build based on Build Form
  • Verification/Review Build Form
  • Build of Process
  • Configure IBM HTTP 6.0 and 6.1
  • Certification

zLinux WebSphere Installation

  • Build VM based on Build Form
  • Verification/Review Build Form
  • Build of Process
  • zLinux WebSphere Configuration
  • Certification

zLinux Oracle 11 G Installation

  • Build Form
  • Interview / Verification/Review Build Form
  • Build of Process
  • zLinux Oracle 11G Configuration

zLinux MQ Installation

  • Build Form
  • Interview / Verification/Review Build Form
  • Build of Process
  • zLinux MQ Configuration

 

Comments Off on High Level – DataCenter Build Server and Service details

HR Operating Policies and Procedures to Ensure Proper Access Removal

Reference:

Security Guideline Physical and Environmental Security of Information Technology Resources.

  • HR will ensure proper pre-employment screening of employee prior to employment. Reference HR Policy #.
  • Upon completion of the HR pre-employment screening, Department Directors or designee will complete access request via User Access Request Site for appropriate access to applications. Link is available on Intranet under Information Technology. Reference procedure Validate Entity Prior to Granting Access.

Procedure:

  1. TS Managers will ensure all combination locks are changed upon an employees’ termination.
  2. TS Managers will coordinate with Security to ensure employees are removed from all access lists upon employees’ termination.
  3. Upon receipt of a termination via email, notifiers from both applications and systems teams will deactivate Application and Network access.
  4. TS Managers will ensure all keys, tokens, cards, etc. that permit access are returned to them upon employees’ termination. Reference HR Policy.

Deactivation of Application accounts inactive for 90-days:

  1. Run application report USER>users.with.exp.password, Report shows users who have not been active in the last 4 months by default.
  2. Inactivate users listed. DO NOT inactivate non-users as indicated by an X in the user type column!
  3. Use discretion when inactivating Users. This link is used by PCI in lookups.
  4. Any time an account needs to be reactivated, even on the accounts deactivated per 90 day policy, please refer to procedure “Access Establishment and Modification”.
Comments Off on HR Operating Policies and Procedures to Ensure Proper Access Removal

Sample Word – Employee Commendation Form

Posted in Business (600),Policies - Standards (600) by Guest on the July 4th, 2015

Free Word document download

Employee Commendation Form

Comments Off on Sample Word – Employee Commendation Form

Sample Word – Guidelines For Creating an Employment Development Plan

Posted in Business (600),Policies - Standards (600) by Guest on the July 3rd, 2015

Free Word document download

Guidelines For Creating A Development Plan

 

Comments Off on Sample Word – Guidelines For Creating an Employment Development Plan

Sample Visio – Enterprise Web Tier drawing

Free Visio document download

Enterprise Web Tier drawing

Comments Off on Sample Visio – Enterprise Web Tier drawing

Sample Visio – Shared Linux PROD Environment

Free Visio document download

Shared Linux PROD Environment

Comments Off on Sample Visio – Shared Linux PROD Environment