Top 10 Responsibilities of the VITLAccess LSO

By eHealth Specialist Christine Sweeny

The VITLAccess local security officer (LSO) plays an important role in ensuring the privacy of protected health care informationm, during the health care organization's staff usage of the VITLAccess portal to view patient information. An LSO’s primary responsibilities are outlined below.

The Local Security Officer's Responsibilities:

  1. Authorizes new users and is responsible for the appropriate assignment of staff access levels. For example, if a registration staff member does not need to view patient information in VITLAccess, the role assigned will be limited to viewing only demographics.

  2. Manages the termination of VITLAccess accounts - submits an Account Request Form to VITL via a MyVITL ticket as soon as the HCO is aware that an employee is terminated so the VITLAccess user account can be terminated.

  3. Submits an Account Request Form to VITL via a MyVITL ticket when there is a change in staff role that requires a new role designation.

  4. Holds and secures temporary passwords for staff who are unable to attend initial training until such time staff members are able to log into the service to be trained.

  5. Assures that all patient consent forms signed at their organization are retained indefinitely and in a manner that can be audited.

  6. Responds to VITL audit requests regarding emergency break-glass events to verify that:
    • The record was accessed based on the treating provider’s judgment that the patient was not able to provide consent during an emergency situation.
    • The correct steps were followed with respect to patient notification following the emergency situation.
    • The necessary documentation is in place for each emergency incident.
  7. Responds to random audit requests initiated by VITL. These audits review the activity of a subset of users at the organization and assess compliance with consent form retention.

  8. May request audits of specific users who work at the organization to determine what patient records were accessed by that individual.

  9. Coordinates requests from patients who:
    • Would like to view their data in the VHIE; and/or
    • Are requesting an audit report of who has accessed their data in the VHIE.
  10. Receives service alerts regarding any changes to the VITLAccess service and communicates those changes, as necessary, to the organization’s staff.