DSHS TB/HIV/STD Security and Database Account Management


Select from the following options for detailed instructions and associated forms needed to fulfill the requirements for each task:


General Information

  1. Security Training and Confidentiality Requirements
    To access a TB/HIV/STD Section Database, all individuals will need to complete the required documents and TB/HIV/STD Section Security and Confidentiality Training. All database accounts will reflect the expiration of security and confidentiality training and must be renewed annually for access purposes. Access to DSHS applications and databases can be subject for revocation at any time.


  2. Local Responsible Party (LRP) Instructions
    As an LRP, you have accepted the responsibility of implementing and enforcing TB/HIV/STD Section Security and Confidentiality policies and procedures within your agency. As the beholder of this responsibility, it is important that you are aware of and have granted approval for everyone under your authority who is requesting access to secure databases. For this reason, DSHS TB/HIV/STD Section will not provide individuals with access to our databases without confirmation from you.

    LRP Designees
    Large agencies may have one or more individuals they can assign as an LRP designee. For these agencies, the LRP still holds the ultimate responsibility of insuring and enforcing security and confidentiality policies and procedures; however, the LRP may enlist the authority of approving and signing off on database access requests for individuals in their agency. To have an LRP designee, the LRP must send an email to TBHIVSTD.AccountRequests@dshs.texas.gov stating permission and confirming they have reviewed the roles and responsibilities of an LRP designee with this individual. As the LRP, it will be your responsibility to let your staff know about the LRP designee and which employees at your agency are permitted to submit account requests through that person.


  3. Steps to submit an Account Request, Update or Renewal
    When the LRP and/or LRP Designee receives an Account Request and/or Account Update/Renewal Form from staff:
    1. Account Request and/or Account Update/Renewal Form is completed by the prospective user and ensures that all required documents (account request/account update/renewal form, security training, confidentiality agreement, and acceptable user agreement) are attached and sent to their manager/supervisor. Note: Forms should be submitted electronically rather than be scanned.
    2. The manager/supervisor will review the completed forms to ensure the prospective user is requiring the requested roles and access. Signature of the manager/supervisor is required prior to sending to the LRP and/or LRP designee. Note: ALL Forms should be submitted electronically rather than be scanned to the LRP and/or LRP designee.
    3. The LRP and/or designee will need to complete the LRP fields on the Account Request, Account Update, or Renewal Forms and sign the requested form. The LRP will need to send an email to TBHIVSTD.AccountRequests@dshs.texas.gov and copy the individual requesting access. The email should include:
      1. A statement verifying this person is under your authority.
      2. Four attachments that you received from the manager/supervisor (account request/account update/renewal form, security training, confidentiality agreement, and acceptable user agreement).


  4. IMPORTANT
  • Each email requesting access for will contain FOUR attachments/documents. Any emails missing documents will be sent back and will need to be re-submitted with all FOUR documents.
  • An email should request access and contain documentation for ONE individual only. If requesting access for multiple employees at the same time, a separate email will need to be sent for each individual.
  • Verification of previous training or previous forms will not be available. Please check all documents are present before sending the email.
  • Save the accepted email as part of your records.
  • Once ALL required documents are present, Central Office will begin processing your request. When access is granted, the prospective user will receive an email with their username and password.
  • If you are an LRP requesting access for yourself, please not that in the body of the email.

For more information on LRP responsibilities and duties, please see Security Policy and Procedures


Requesting NEW Access to a DSHS Database

The following steps apply for all NEW DSHS TB/HIV/STD Section database account requests. Please read carefully and follow as described.

Requests for NEW access to a database must come from an DSHS-approved Local Responsible Party (LRP) and/or LRP Designee for your agency. If you do not know who this individual is, check with your supervisor. DSHS WILL NOT ACCEPT ANY REQUESTS WITHOUT APPROVAL FROM AN LRP AND/OR LRP DESIGNEE.

Prospective User Instructions:

  1. Complete Security and Confidentiality Training [TRAIN Texas]. Instructions for completing this course (PDF : 215 kB).
    1. If you took online security and confidentiality course:
      1. Complete the training and pass with an 85%
      2. Save a copy of your completed course certificate
        1. Save as Lastname_Firstname_Agency_Strn.pdf
    2. If you took an in-class security and confidentiality course:
      1. Check with your agency and/or trainer on retrieving a course completion certificate
      2. Save a copy of your completed course certificate
        1. Save as Lastname_Firstname_Agency_Strn.pdf
                                                                                                                                                            
  2. Complete Account Request form (PDF : 436 kB)
    1. Fill out the form electronically. Please do not submit scanned copies of the document.
    2. Save form as Lastname_Firstname_Agency_AccRq.pdf

  3. Complete and sign the Confidentiality Agreement (PDF : 106 kB)
    1. The Confidentiality Agreement must be completed in Adobe Reader. Completing the agreement in Chrome or another web browser window will prevent you from signing the form.
    2. Save form as Lastname_Firstname_Agency_CON.pdf

  4. Complete and sign the Acceptable Use Agreement (PDF : 180 kB)
    1. Saving and sending only page 7 (PDF : 97 kB) of this document will be accepted
    2. Save form as Lastname_Firstname_Agency_AUA.pdf
       
  5. Attach and email ALL completed required documents to your DSHS-approved LRP and/or LRP designee. Let them know they need to sign in the spot for LRP signature on the Account Request form and forward all FOUR documents to TBHIVSTD.AccountRequests@dshs.texas.gov. It may be helpful to provide him/her with a link to this webpage and direct to the LRP instructions section under Requesting New Access for a DSHS Database. You will receive an email with your account username and password when your request has been approved.

  6. Save all documents for future use


Annual Renewals: Security Training, Confidentiality Agreement, Database Access

DSHS TB/HIV/STD (THS) Section requires ALL persons who may have access to confidential TB, HIV, STD, and/or viral hepatitis information to complete a security training and sign a confidentiality agreement and an acceptable use agreement at time of employment and on an annual basis. This includes the DSHS THS Section employees (permanent and temporary), IT staff, volunteers, students, and DSHS THS Section contractors.

***NEW REQUIREMENT*** Anyone who has access to a DSHS-owned or managed database/application MUST complete the Account Renewal section of the confidentiality form. This section on the confidentiality form serves as the annual renewal for database/application access.

Complete the following steps for annual renewal requirements:

  1. Complete Security and Confidentiality Training [TRAIN Texas]. Instructions for completing this course (PDF : 215 kB).
    1. If you took online security and confidentiality course:
      1. Complete the training and pass with an 85%
      2. Save a copy of your completed course certificate
        1. Save as Lastname_Firstname_Agency_Strn.pdf
    2. If you took an in-class security and confidentiality course:
      1. Check with your agency and/or trainer on retrieving a course completion certificate
      2. Save a copy of your completed course certificate
        1. Save as Lastname_Firstname_Agency_Strn.pdf
                                                                                                                                                            
  2. Complete and sign the Confidentiality Agreement (PDF : 106 kB)
    1. The Confidentiality Agreement must be completed in Adobe Reader. Completing the agreement in Chrome or another web browser window will prevent you from signing the form.
    2. If you use a DSHS-owned or managed database/application, fill out the Account Renewal Section to maintain approved access.
      ***Persons who do not accurately complete this section may be at risk of losing access to accounts.*** DSHS has the right to contact users’ supervisors and/or managers with any questions or concerns. DSHS has the right to revoke authorized access at any time if confidentiality or security agreements are violated.
    3. Save form as Lastname_Firstname_Agency_CON.pdf

  3. Complete and sign the Acceptable Use Agreement (PDF : 180 kB)
    1. Saving and sending only page 7 (PDF : 197 kB) of this document will be accepted
    2. Save form as Lastname_Firstname_Agency_AUA.pdf

  4. Send an email to TBHIVSTD.AccountRequests@dshs.texas.gov with the security training certificate and signed confidentiality agreement attached.
    1. USE THE EMAIL SUBJECT LINE:
      1. If you use a database/application listed in the account renewal section: Annual Renewal + database_Last Name FirstName
      2. If you do not use any databases listed on form: Annual Renewal non-database_Last Name FirstName

  5. Save all documents for your records                                    


Deactivate a User from a DSHS Database

A supervisor or LRP is responsible for notifying the DSHS TB/HIV/STD Section Security Officer anytime an employee ends employment with the agency or changes to a new department or role that will no longer require the individual to access the database(s).

  1. Complete the Account Deactivation Request Form (PDF : 1,070 kB) to deactivate an account for THISIS, eHARS, STD*MIS, TxPHIN, GlobalScape, TB GIMS, NTIP, or ITEAMS.
    • USE THE EMAIL SUBJECT LINE: Account Deactivation_Last NameFirstName 

  2. Email the completed form to TBHIVSTD.AccountRequests@dshs.texas.gov.

  3. Save for your records.


New Employee That Does Not Need Database Access

Complete the following steps to submit security and confidentiality requirements:

  1. Complete Security and Confidentiality Training [TRAIN Texas].  Instructions for completing this course (PDF : 215 kB).
    1. If you took online security course:
      1. Complete the training and pass with an 85%
      2. Save a copy of your completed certificate
        1. Save as Lastname_Firstname_Agency_Strn.pdf
    2. If you took in-class training:
      1. Check with your agency and/or trainer on retrieving a course completion certificate
      2. Save a copy of your completed course certificate
        1. Save as Lastname_Firstname_Agency_Strn.pdf

  2. Complete and sign Confidentiality Agreement (PDF : 106 kB)
    1. The Confidentiality Agreement must be completed in Adobe Reader. Completing the agreement in Chrome or another web browser window will prevent you from signing the form.
    2. Save form as Lastname_Firstname_Agency_CON.pdf

  3. Send an email to TBHIVSTD.AccountRequests@dshs.texas.gov with the security training certificate and signed confidentiality agreement attached.
    1. USE THE EMAIL SUBJECT LINE: Security training for new non-database using staff_Last NameFirstName

  4. Save all documents for your records


Requesting VPN Remote Access (eHARS)

Anyone who will be accessing eHARS will need to submit a VPN Remote Access Form—this includes all DSHS employees. To obtain VPN Remote access, please follow the instructions below. Read these instructions carefully—not all steps are listed on the form itself and incomplete forms will not be processed.

  1. Send an email to TBHIVSTD.AccountRequests@dshs.texas.gov to request the most recent version of form be emailed to you. Please do not save or share this form unless directed otherwise by DSHS Central Office staff.

  2. Fill out ALL highlighted sections.

  3. In the Applicant section, the Company Contact field should be the name of your supervisor. Please include your supervisor’s email in the same field, below his/her name. Your supervisor’s phone number should go in the Telephone Number field to the right of the Company Contact field.

  4. The Requesting Sponsor is a manager from DSHS Central Office. The name and contact information for the Requesting Sponsor is filled out, but you will still need to email the completed form signed by you to TBHIVSTD.AccountRequests@dshs.texas.gov. ***Forms without this signature will not be accepted.***

  5. When writing a Business Justification, be sure to include eHARS in your statement.

  6. In the Protocols field of the VPN Access section, select the method you will use to access the server. The IP addresses needed for eHARS access have been entered in the DSHS Remote Access Destinations field. Add any other destinations you may need, if applicable.

  7. In the User Agreement section, check all boxes to indicate you have read and agree to the terms and conditions.

  8. Sign and date the form.

  9. Review form to ensure all steps listed above have been completed and information entered is correct.

  10. Save the document as LastName_FirstName_Agency_VPN (e.g. Smith_John_Houston_VPN).

  11. Send an email with High Priority to TBHIVSTD.AccountRequests@dshs.texas.gov:
    1. Subject Line of email – VPN Requesting Sponsor Signature Needed
    2. Attach your filled and signed form.
    3. Send email.

  12. Requesting Sponsor will sign and date the form, then email completed form to the helpdesk. You will be copied on the email, so you will have confirmation that your form has been submitted 

  13. IT will contact you with information and next steps. 


Last updated January 21, 2020