Summary Encryption is necessary when sending sensitive information such as patient data (PHI) via email. Below you will find a FAQ that answers the most common questions related to email encryption. Also, there is a link at the bottom of this article that will explain how to encrypt an email. FAQ Q: Do I need to encrypt email when sending PHI internally?  A: No, but it is highly encouraged. The decryption process is transparent. You won't notice anything different other than an icon that shows the email is encrypted. Q: Do I need to encrypt email when sending PHI externally? A: Yes. You must encrypt any sensitive data such as PHI. Q: Can a recipient of an encrypted email forward that email to anyone else and those recipients access the encrypted email? A: No. Only the original recipients are able to access encrypted email as the code used to access the emails are sent to the original recipient. Q: What if I send an encrypted email to the wrong person on accident? A: Encrypted email is the same as normal email in this case - whoever receives an encrypted email will have the ability to view the email, even if you send it to the wrong person. Always double check who you're sending an email to if it has sensitive information. Q: What is an encrypted email protecting exactly? A: When you send any email - including an encrypted email - it is possible for a bad actor to intercept the data contained in that email while it is in transit from you to the intended recipient. If your email is not encrypted, it is possible for the bad actor to view the contents of that email, including attachments. However, if the email is encrypted, the bad actor would not be able to access the contents or attachments in that email because they would be required to have the code to access the contents. Instructions How to send an encrypted email

Q: Why can't I print a Face Sheet from WellSky? A: All pictures for a patient's dashboard picture must be a .jpg.

Definition SLA stands for Service Level Agreement. It is a contractual agreement between a service provider and a customer that outlines the specific level of service the provider will deliver. SLAs are commonly used in various industries, including technology, telecommunications, and customer support, to define the quality and performance standards expected from the service provider. An SLA typically includes several key components, such as: 1. Service Description: This section specifies the details of the service being provided, including its scope, features, and any limitations or exclusions. 2. Service Level Objectives (SLOs): SLOs define measurable targets or performance indicators that the service provider commits to achieving. These can include metrics like uptime, response time, resolution time, or any other relevant parameters. 3. Performance Metrics: This section outlines the specific metrics used to measure the service provider's performance. It may include metrics like availability, reliability, mean time between failures (MTBF), mean time to repair (MTTR), and others. 4. Responsibilities and Roles: The SLA clarifies the roles and responsibilities of both the service provider and the customer. It outlines what each party is expected to contribute and what actions they should take in case of issues or breaches. 5. Escalation Procedures: This part describes the steps and processes to be followed when issues arise, including how and when to escalate problems to higher levels of management or support. 6. Remedies and Penalties: SLAs may include provisions for remedies or penalties in the event of service level breaches. These can include financial compensation, service credits, or other forms of restitution. SLAs help establish a clear understanding between the service provider and the customer, ensuring that both parties have mutually agreed-upon expectations. They serve as a foundation for maintaining service quality, resolving disputes, and providing a basis for continuous improvement in service delivery. How does this apply to you? Anytime an incident or request is raised, the timer starts ticking as long it's within business hours. This does not mean the business hours of your hospital, but the business hours of the corporate office where your IT department operates. This is due to the limited size of the department and being the busiest shift. There is limited support after business hours such as lockouts, password resets, and major service disruptions such as a server going down. SLAs help you and the IT department keep track of the ticket you create. We are obligated to fulfill or troubleshoot the ticket within a certain amount of time. There are circumstances that could impede SLAs due to users, not responding to tickets or actions beyond control like transit times of items or delayed services. Vendors can also cause disruption as the IT department is waiting on responses from them.  It's important that communication is established so both parties can resolve the ticket. If communication is no longer kept, the Agent handling the ticket has the right to close the incident or request due to a lack of communication.  How are SLAs defined? It depends on the incident or request.  Incidents - are broken down into, Priority, Category, Urgency, and Impact. It could be as quick as a few minutes to several hours or days. Hospitals and Information Technology classify priorities differently. What hospitals consider stat may not be considered urgent in IT. An example is someone who forgets their password for an account. Although it may prevent the user from logging in immediately, there have been instances where priorities have been misused or abused. The IT department typically reserves the priority of "urgent" for situations where a server's malfunction has a widespread impact. Most SLAs are low-priority, but it doesn't always mean a slow response time. Just like how Doctors and Nurses are able to triage, so does the IT department. In most cases, an incident can be resolved fairly quickly. Incidents submitted outside of regular business hours, including evenings, weekends, and holidays, are handled differently. The IT department assesses the urgency of the matter and if it can be addressed on the next business day, the incident will be delayed accordingly. Requests - also have the same status mentioned above. Most requests will have some type of approval which can further delay the fulfillment of the request. Requests also follow business hour rules meaning that they only get processed during corporate hours Monday through Friday, 8 AM to 5 PM, with the exception of emergent requests such as Agency which are predefined. Agency requests are still processed on the weekends but no later than the prescribed times mentioned in the request.  Requests aren't processed after corporate hours except for emergent Agency onboarding requests prescribed by the request itself. Requests will typically have an SLA of two business days. This applies mostly to administrative requests such as new accounts, file shares, permissions, or new access to an application. Requests that require approvers could result in delays. Requests to hardware usually take more time as this could require multiple approvals plus shipping time. Please note that what is considered a high priority by the requesters may not be the same for the IT department. We will do our utmost to assist, however, please bear in mind that the IT department supports several hospitals, not just yours. Coming in the near future - SLA tables

Do Physicians get email? That depends on the hospital. When Physicians, Physician Assistants, or Nurse practitioners are onboarded, there is an option for the requester to choose to request an email license.  Why should I request email for Physicians? The most obvious reason is communication. Other than email, physicians may want to use Microsoft Teams for communication which is HIPAA compliant. Can Physicians put email and/or Teams on their personal phones? Yes! As long as they are enrolled in Duo. Is there a cost for the license? Yes. Your hospital pays for the license. We use a subscription-based license. The cost depends on the type of license. Most Physicians will have a Web (F3) license. It costs about four dollars a month. What do you get with the license? The F3 license is a web license of Office. This includes your normal applications such as Word, Excel, Powerpoint, Outlook, Teams, and more. These apps can be access from the app launcher from the Landing. The app launcher is located in the upper left corner of the browser and looks like a waffle menu (a bunch of dots.) Can Physicians use email and Teams for communication? Yes. It is considered HIPAA compliant.

Definition ITIL stands for Information Technology Infrastructure Library. It's a framework that aims to standardize the selection, planning, delivery, maintenance, and lifecycle of IT services within a business. The goal is to improve efficiency and achieve predictable service delivery.

Summary The information below only applies to accounts such as Agency Nurses or Agency Therapists. This is to help inform anyone who is assisting a new Agency person logging into a computer for the first time and what to expect. This article is not intended for onboarding Agency people. Your manager, Nursing Supervisor, Nursing Scheduler, or HR will begin that process or click here. This article only explains what the process is. Please do not use the article for problems. Instead, create an incident. Managers, Nursing Supervisors, and Nursing Schedulers should click here for instructions. Q: Who can onboard Agency Staff? A: CEOs, CNOs, Nursing Schedulers, Nursing Supervisors, managers, and HR are the only people who can onboard an Agency person. The requester will receive the Agency person's login or they can designate a person in the manager field to receive the credentials. It doesn't have to be the manager, but a person that is helping. Q: Do Agency Staff Accounts Expire? A: Yes! All Agency people have account expirations because they are considered temps. A 90-day expiration is set for computer accounts and 30 days of inactivity for WellSky. If you have an Agency person who has worked there before, but whose account is expired, please have your Nursing Supervisor, Nursing Scheduler, CNO, manager, or HR request an extension to the account. You can also click here. If their account does not show in the drop-down because the account was disabled too long, a ticket will need to be created so IT can extend the account. If their WellSky account is locked, a Nursing Supervisor can enable the account if it's after corporate hours or IT can enable the account. Q: Are Agency Staff required to log into a computer? A: It depends. If they are accessing Pyxis for the first time, they must sign into a computer first before accessing the medstation. When an Agency person changes their password, it’ll become their password for the Landing, and Pyxis. Pharmacy still needs to do its part for Pyxis. If an Agency Staff only needs to work in WellSky, they can skip the computer login and use the WOW instead. Q: Do Agency Staff have email? A: No. Since Agency Staff are considered temps, they are not given a license for email, however, they will have an email address to log into SharePoint. E.g., JSmith@yourhospitalsemail.com. This will at least allow them to get to the Landing Page. If Agency Staff are struggling to get to the Landing Page, use the "Managed Favorites" folder in the upper left corner of the browser to access WellSky. They can also use the WOW if needed. Q: How do Agency Staff log into a computer that worked from a sister (market) hospital? A: The credentials are exactly the same since both hospitals are on the same network, however, WellSky accounts are separated by location. This means their computer login will work in any hospital that Nobis Rehabilitation manages as long as their account has not expired.  Q: How does Agency Staff access WellSky for my hospital if they come from another market hospital? A: Most of supervision has access to "Employee Transfer" or "WellSKy" forms in the Service Catalog. They will need to select the hospital they need access to as a request. This should be done before the designated deadline for each location per the form.   Q: How do I know if an Agency Staff account has expired? A: There is a message that the account has "expired" when the user tries logging into the computer. It means that 90 days have elapsed and nobody extended the account. You can also view Reports from the IT section of the Landing. You'll find "Expired" accounts and "Soon to be expired" accounts. Ask your manager, Nursing Supervisor, or Nursing Scheduler to extend the account. Q: I'm assisting a new Agency Staff that is logging into the computer for the first time. Where do they find their credentials? A: The requester that onboard the person will normally receive the credentials. They can designate who will receive computer credentials by selecting the manager during onboarding. It doesn't have to be the manager, but any employee that is assisting that Agency person. WellSky credentials are embedded into the Agency Onboarding request as well. If an Agency Staff provided an email and the requester included the email during onboarding, then WellSky credentials get sent to that person's email. Q: What if the Agency Staff forgot their login or password? A: A ticket with IT will need to be created. It's advisable to ask the Agency person to store the login and password safely for the future just in case they come back. Note: Please be advised that support is extremely limited after corporate hours which are Monday through Friday, 8 AM - 5 PM. You can use your Nursing Supervisor for most Agency Staff issues.  If you are a hospital employee who visited this article by accident, please read the article below. New employee

You will need to enroll in Duo before access to email on the web is allowed. If you haven't already enrolled, when you attempt to login to email on the web for the first time, you will be walked through the enrollment process. Very simply, just type in outlook.office.com into your browser and login and you will have access to your email.