DSHS TB/HIV/STD Security and Database Account Management

Select from the following options for detailed instructions and associated forms needed to fulfill requirements for each task:


Requesting New Access to a DSHS Database

The following steps apply for ALL DSHS database account requests. Please read carefully and follow as described. Note that step 4 only needs to be completed by individuals requesting access to THISIS.

Requests for new access to a database must come from the Local Responsible Party (LRP) or DSHS-approved LRP designee for your agency. If you do not know who this person is, check with your supervisor. DSHS WILL NOT ACCEPT ANY REQUESTS WITHOUT APPROVAL FROM AN LRP OR LRP DESIGNEE.

Prospective User Instructions:

  1. Complete Annual Security Training [TRAIN Texas]. Instructions for completing this course (PDF : 332 kB).
    1. If you took online security course:
      1. Complete the Security Training and pass with an 85%
      2. Save a copy of your completed certificate
        1. Save as Lastname_Firstname_Agency_Strn.pdf
    2. If you took In-Class Security Training:
      1. Send an email to TBHIVSTD.AccountRequests@dshs.texas.gov stating your name, where you took the training, and the approximate date of training in your email
      2. An email will be sent back verifying your attendance. Save this email as a PDF. It is your training certificate to be sent to your LRP.
        1. Certificate should be saved as Lastname_Firstname_Agency_Strn.pdf                                                                                                                                                          
  2. Complete Account Request form (PDF : 979 kB)
    1. Please fill out form electronically. Please do not submit scanned copies of this document.
    2. Save form as Lastname_Firstname_Agency_AccRq.pdf

  3. Complete and Sign Confidentiality Agreement (PDF : 118 kB)
    1. The Confidentiality Agreement must be completed in Adobe Reader. Completing the agreement in Chrome or another web browser window will prevent you from signing the form.
    2. Save form as Lastname_Firstname_Agency_CON.pdf

  4. Complete and Sign Acceptable Use Agreement form (PDF : 179 kB) (THISIS requests only)
    1. Save form as Lastname_Firstname_Agency_AUA.pdf
    2. Saving and sending only page 7 of this document will be accepted        

  5. Attach and email all completed required documents to your LRP or DSHS-approved LRP designee. Let them know they need to sign in the spot for LRP signature on the Account Request form and forward all four documents to TBHIVSTD.AccountRequests@dshs.texas.gov. It may be helpful to provide him/her with a link to this webpage and direct to the LRP instructions section under Requesting New Access for a DSHS Database. You will receive an email with your account username and password when your request has been approved.

  6. Save all documents for future use

Local Responsible Party (LRP) instructions:

As an LRP, you have accepted the responsibility of implementing and enforcing TB/HIV/STD Section security and confidentiality policies and procedures within your agency. As the beholder of this responsibility, it is important that you are aware of and have granted approval for everyone under your authority who is requesting access to secure databases. For this reason, DSHS TB/HIV/STD Section will not provide individuals with access to our databases without confirmation from you.

LRP Designees
Large agencies may have one or more individuals they can assign as an LRP designee. For these agencies, the LRP still holds the ultimate responsibility of insuring and enforcing security and confidentiality policies and procedures; however, s/he may enlist the authority of approving and signing off on database access requests for individuals in their agency. To have an LRP designee, the LRP must send an email to TBHIVSTD.AccountRequests@dshs.texas.gov stating permission and confirming they have reviewed the roles and responsibilities of an LRP designee with this individual. As the LRP, it will be your responsibility to let your staff know about the LRP designee and which employees at your agency are permitted to submit account requests through that person. 

When the LRP or LRP Designee receives an Account Request form from staff:

  1. Complete the LRP fields on the Account Request form

  2. Send an email to TBHIVSTD.AccountRequests@dshs.texas.gov and copy the individual requesting access. The email should include:
    1. A statement verifying this person is under your authority              
    2. Four attachments that you received from the individual requesting account access (security training certificate, Account Request form, confidentiality agreement, and acceptable use agreement form). Be sure to send the Account Request form signed by you.

  3. IMPORTANT
    1. Each email requesting access for THISIS will contain 4 attachments/documents. Any emails missing documents will be sent back and you will need to re-send with all 4 forms.
    2. An email should request access and contain documentation for one individual only. If you are requesting access for multiple employees at the same time you will need to send a separate email for each person. Emails requesting access for more than one person will not be accepted.
    3. We will not be able to verify previous training or previous signed forms any longer. Please check that all forms are present before sending the email.
    4. Save the accepted email as part of your records                                                               

  4. Once all documents are present, Central Office will begin processing your request. When access is granted, the individual requesting an account will receive an email with their username and password.                                           

  5. If you are the LRP requesting access for yourself, please note that in the body of the email. 


Deactivating User from a DSHS Database

A supervisor or LRP is responsible for notifying the DSHS TB/HIV/STD Section anytime an employee ends employment with the agency or changes to a new department or role that will no longer require the individual to access the database(s).

  1. Complete the Account Deactivation Request Form (PDF : 2,671 kB) to deactivate an account for THISIS, eHARS, STD*MIS, or TxPHIN.

  2. Email the completed form to TBHIVSTD.AccountRequests@dshs.texas.gov

 

Renewing Annual Security Training and Confidentiality Agreement

DSHS TB/HIV/STD (THS) Section requires all persons who may have access to confidential TB, HIV, STD, and/or Viral Hepatitis information to complete a security training and sign a confidentiality agreement at time of employment and on an annual basis. This includes the DSHS THS Section employees (permanent and temporary), IT staff, volunteers, students, and DSHS THS Section contractors.

Complete the following steps to renew annual security and confidentiality requirements:

  1. Complete Annual Security Training [TRAIN Texas].  Instructions for completing this course (PDF : 332 kB).
    1. If you took online security course:
      1. Complete the Security Training and pass with an 85%
      2. Save a copy of your completed certificate
        1. Save as Lastname_Firstname_Agency_Strn.pdf
    2. If you took In-Class Security Training:
      1. Send an email to TBHIVSTD.AccountRequests@dshs.texas.gov stating your name, where you took the training, and the approximate date of training in your email
      2. An email will be sent back verifying your attendance. Save this email as a PDF. It is your training certificate to be sent to your LRP.
        1. Certificate should be saved as Lastname_Firstname_Agency_Strn.pdf

  2. Complete and Sign Confidentiality Agreement (PDF : 118 kB)
    1. The Confidentiality Agreement must be completed in Adobe Reader. Completing the agreement in Chrome or another web browser window will prevent you from signing the form.
    2. Save form as Lastname_Firstname_Agency_CON.pdf

  3. Send an email to TBHIVSTD.AccountRequests@dshs.texas.gov with the updated security training certificate and signed confidentiality agreement attached.
    1. USE THE EMAIL SUBJECT LINE: Annual Security Renewal

  4. Save all documents for your records

 

Security Training and Confidentiality Agreement for New Employee That Does Not Need Database Access

DSHS TB/HIV/STD (THS) Section requires all persons who may have access to confidential TB, HIV, STD, and/or Viral Hepatitis information to complete a security training and sign a confidentiality agreement at time of employment and on an annual basis. This includes the DSHS THS Section employees (permanent and temporary), IT staff, volunteers, students, and DSHS THS Section contractors, even if they do not work with data or access databases.

Complete the following steps to submit security and confidentiality requirements:

  1. Complete Annual Security Training [TRAIN Texas].  Instructions for completing this course (PDF : 332 kB).
    1. If you took online security course:
      1. Complete the Security Training and pass with an 85%
      2. Save a copy of your completed certificate
        1. Save as Lastname_Firstname_Agency_Strn.pdf
    2. If you took In-Class Security Training:
      1. Send an email to TBHIVSTD.AccountRequests@dshs.texas.gov stating your name, where you took the training, and the approximate date of training in your email
      2. An email will be sent back verifying your attendance. Save this email as a PDF. It is your training certificate to be sent to your LRP.
        1. Certificate should be saved as Lastname_Firstname_Agency_Strn.pdf

  2. Complete and Sign Confidentiality Agreement (PDF : 118 kB)
    1. The Confidentiality Agreement must be completed in Adobe Reader. Completing the agreement in Chrome or another web browser window will prevent you from signing the form.
    2. Save form as Lastname_Firstname_Agency_CON.pdf

  3. Send an email to TBHIVSTD.AccountRequests@dshs.texas.gov with the security training certificate and signed confidentiality agreement attached.
    1. USE THE EMAIL SUBJECT LINE: Security training for new non-database using staff

  4. Save all documents for your records


Requesting VPN Remote Access

Anyone who will be accessing eHARS will need to submit a VPN Remote Access Form—this includes all DSHS employees. To obtain VPN Remote access, please follow the instructions below. Read these instructions carefully—not all steps are listed on the form itself and incomplete forms will not be processed.

  1. Send an email to TBHIVSTD.AccountRequests@dshs.texas.gov to request the most recent version of form be emailed to you. Please do not save or share this form unless directed otherwise by DSHS Central Office staff.

  2. Fill out all highlighted sections.

  3. In the Applicant section, the Company Contact field should be the name of your supervisor. Please also include your supervisor’s email in the same field, below his or her name. Your supervisor’s phone number should go in the Telephone Number field to the right of the Company Contact field.

  4. The Requesting Sponsor is a manager from DSHS Central Office. The name and contact information for the Requesting Sponsor is filled out, but you will still need to email the completed form signed by you to this manager for a Requesting Sponsor signature. ***Forms without this signature will not be accepted.***

  5. When writing a Business Justification, be sure to include eHARS in your statement.

  6. In the Protocols field of the VPN Access section, select the method you will use to access the server. The IP addresses needed for eHARS access have been entered in the DSHS Remote Access Destinations field. Add any other destinations you may need, if applicable.

  7. In the User Agreement section, check all boxes to indicate you have read and agree to the terms and conditions.

  8. Sign and date the form.

  9. Review form to ensure all steps listed above have been completed and information entered is correct.

  10. Save the document as LastName_FirstName_Agency_VPN (e.g. Smith_John_Houston_VPN).

  11. Send an email with High Priority to the Requesting Sponsor:
    1. Aubrey Braglia – Aubrey.Braglia@dshs.texas.gov
    2. Subject Line of email – VPN Requesting Sponsor Signature Needed
    3. Attach your filled & signed form. Send email.

  12. Requesting Sponsor will sign and date the form, then email completed form to help@hhsc.state.tx.us. You will be copied on the email so you will have confirmation that your form has been submitted.

  13. IT will contact you with information and next steps. 




Last updated February 21, 2019