Account Eligibility and Access Control

Account Eligibility and Access Control

1.0 Purpose

Account eligibility and access control refers to the criteria used for determining computer account eligibility, access control, account duration and expiration.

2.0 Scope

In accordance with the “security standards” incorporated into the Health Information Portability and Accountability Act, account eligibility and access control must be an integral part of the College of Public Health Information Technology procedures and guidelines. Documented procedures for account eligibility and access control reduces the risk that key information technology assets are accessed inadvertently or inappropriately by persons without authority.

3.0 Applicability

Account eligibility and access control procedures are applicable to all College of Public Health administrators.

4.0 Guidelines

4.1 Required

All College of Public Health departmental administrators must understand the importance of account eligibility and access control.

4.2 Required

Good communication between departmental administrators and the College of Public Health Office of Information Technology is required, including account authorization, access control, duration, and termination.

4.3 Required

Collegiate departmental administrators must periodically update the collegiate Office of Information Technology on account access control privileges, such as removal from security groups.

4.4 Required

Account eligibility is restricted to College of Public Health employees and students.

4.5 Recommended

Collegiate departmental administrators must continually re-evaluate access control privileges and authority for employed staff and students.

5.0 Procedures for Account Eligibility and Access Control

  • Upon the hire of a new employee or admission of a new student, the appropriate departmental administrator must contact the collegiate Office of Information Technology to begin the account creation and authorization process.
  • Prior to account creation, a search will be done by the collegiate Office of Information Technology to determine whether an existing account is already in the University Active Directory Services environment. Duplicate accounts are in violation of University policy and may generate problems for the end-user.
  • With the permission of the departmental administrator, the Office of Information Technology will establish, transfer or reserve a HawkID for the individual by creating an account in the University Active Directory Services environment. In this case, the account will be created in the Public-Health Active Directory Domain, which is a participant in the University Active Directory Services environment.
  • Once the account is established, the collegiate Office of Information Technology will determine whether an e-mail account will be established in relation to the newly created HawkID. This information will come directly from the departmental administrator.
  • If the individual requires an e-mail account, the Office of Information Technology will be in direct contract with the departmental administrator or supervisor of the end-user to determine which e-mail distribution lists should be added to the account.
  • Once the account is established, the collegiate Office of Information Technology will be in direct contact with the departmental administrator or supervisor of the end-user to determine the appropriate access controls, such as access to specific research data.
  • Once the appropriate access controls, e-mail, and distribution lists are established, the end-user is then asked to properly test the controls and resources, such as e-mail and access to research data.
  • If there are any problems, the Office of Information Technology re-evaluates the account creation process, e-mail, distribution lists, and access controls to correct the problem.
  • If the end-user is satisfied, the procedure is finished and completed.

6.0 Procedures for Changes in Access Control

  • Changes in Access Control, such as access to research data, can be initiated by the departmental administrator or supervisor of the end-user. Initiation will begin by contacting the collegiate Office of Information Technology.
  • In coordination with the departmental administrator or supervisor, the collegiate Office of Information Technology will add, adjust, or remove access controls for the end-user.
  • Once the changes are established, the Office of Information Technology will test the changes to verify success.
  • If the changes fail expectations, the Office of Information Technology will re-evaluate the changes and fix the problem.
  • When all parties are satisfied, the changes will be considered completed.

7.0 Procedures for Account Termination

Please see separate guidelines for account termination.

8.0 Contacts and Technical Experts

College of Public Health Office of Information Technology (384-3838)
cph-support@uiowa.edu