Emergency Access Procedures

1.0 Purpose

Emergency access refers to the process used for determining approval, follow-up, and oversight of emergency access to an account or computer system.

2.0 Scope

In accordance with the “security standards” incorporated into the Health Information Portability and Accountability Act, emergency access methods must be an integral part of the College of Public Health Information Technology procedures and guidelines. Documented procedures for emergency access reduces the risk that key information technology assets are accessed inadvertently or inappropriately by persons without authority, while providing procedures that will allow appropriate individuals to access a resource to fix or respond quickly to an emergency.

3.0 Applicability

Emergency access procedures are applicable to all College of Public Health departmental administrators and supervisors responsible for supervising employees and students. The Office of Information Technology is also applicable as a participant/administrator of emergency access procedures.

4.0 Guidelines

4.1 Required

All College of Public Health departmental administrators must understand the importance of emergency access procedures, including the process of approval, follow-up, and oversight.

4.2 Required

Good communication between departmental administrators and the College of Public Health Office of Information Technology is required, including the process and procedures for emergency access.

4.3 Required

The collegiate Office of Information Technology must have the approval of the individual’s supervisor before handing out temporary computer access control privileges to another individual during an emergency.

4.4 Required

During an emergency involving an employee or student, such as an illness, the departmental administrator or supervisor has the right to temporarily grant computer access controls to another individual until the emergency resides.

4.4 Required

If the emergency impacts, or has the potential to impact, other individuals within the College, such as a blatant misuse of IT resources or a security compromise, the collegiate Office of Information Technology has the right to take the necessary action without permission during an emergency situation.

5.0 Procedures for Emergency Access

  • During an emergency involving an employee or student, such as an illness, the departmental administrator or supervisor has the right to temporarily grant computer access controls to another individual until the emergency resides.
  • Once the decision has been made, the departmental administrator or supervisor will contact the collegiate Office of Information Technology to begin the process of granting temporary computer access controls to another individual.
  • The collegiate Office of Information Technology will verify the decision before proceeding.
  • The collegiate Office of Information Technology will implement the technical steps to grant temporary access to another individual, according to the type of emergency and access privileges.
  • The collegiate Office of Information Technology will then test the changes to verify that the temporary individual has the appropriate emergency access.
  • If a problem still exists, the collegiate Office of Information Technology will re-evaluate the technical steps and fix any problems.
  • Once the privileges for emergency access are successfully in place, the collegiate Office of Information Technology will oversee and monitor the emergency access.
  • The collegiate Office of Information Technology will be in close contact with the departmental administrator or supervisor to determine the duration of the temporary emergency access.
  • Once the emergency resides, the collegiate Office of Information Technology will remove the temporary emergency access and return the access controls to the original state.
  • The collegiate Office of Information Technology will contact the departmental administrator or supervisor in follow-up fashion to verify that all access controls have been returned to the original state.

6.0 Contacts and Technical Experts

College of Public Health Office of Information Technology (384-3838)
cph-support@uiowa.edu