Attention all NC HealthConnex Participant Account Administrators (PAA) 

Recently, NC HealthConnex has made some changes to their quarterly user audit process.  Please review the NEW quarterly audit process below and complete before February 2, 2021 to avoid any disruption to your employees’ access to the NC HealthConnex clinical portal.   

Important Note: The quarterly audit is now completed within the clinical portal vs. on a .pdf as was done previously.   

Please review the new instructions in the Quarterly Audit Quick Reference Guide 

For more information about the PAA’s role and responsibilities, please review the NC HealthConnex PAA User Guide.  

As a PAA, each quarter you are asked to conduct a NC HealthConnex clinical portal user audit.  It involves the following: 

• Attest to user activity (within the NC HealthConnex Portal Account) 

• Review “break the seal” and patient search activity for users in your facility 
• Request invalid accounts be disabled by the Help Desk 
• Report any unusual “break the seal” and patient search activity to the NC HIEA 

When you log in NC HealthConnex clinical portal as a PAA you should receive this reminder to complete the audit: 

You should also receive an email reminder (see below): 

Dear Participant Account Administrator (PAA),  

As the PAA (Participant Account Administrator) you play an important role in helping to manage and monitor usage of the NC HealthConnex clinical portal. As a reminder, user account audits are now completed within your PAA portal account vs. on a PDF as was done previously….The deadline for Q4-2020 is February 2, 2021. Please review the Quarterly Audit Quick Reference Guide and the FAQs included below for detailed information. If you have questions or need assistance, please contact the NC HealthConnex Help Desk Team at hiesupport@sas.com or 919-531-2700.  

Thank you,  

NC HealthConnex Team 

Frequently Asked Questions: 

What should I do if I am not able to access my NC HealthConnex portal account in order to complete the audit?  

A: Contact the NC HealthConnex Help Desk team at 919-531-2700 or hiesupport@sas.com to request a password reset.  

Why do I need to complete the audit if my health care organization is not live and sending data to NC HealthConnex?  

A:  Providing credentialed access to the NC HealthConnex portal is not related to the status of your data connection to NC HealthConnex. Once you or members of your health care organization have access to the clinical portal, you are required to attest to user activity across all users in the health care organization. 

Why do I need to attest to user activity if I have never logged into NC HealthConnex?  

A: To maintain security controls over the system, the NC HIEA User Access Policy dictates that all active users are subject to auditing. All portal accounts are considered active until the NC HealthConnex Help Desk team takes steps to disable the user account. If your facility has one or more active accounts, you must attest to the audit. 

If we have more than one PAA, will each of us need to attest to the audit? 

 A:  No. All users with the %HS_PAAUserAdministrator access to the portal will be notified it is time to complete the audit, however only one user per organization will be required to attest.    

What should I do if there is someone on my user list who no longer works with our organization? 

 A: As the PAA for your organization, you are responsible for requesting users who no longer require access to the portal (either because they have left your employment or have moved into a role that no longer requires portal access) be disabled. Please contact the NC HealthConnex Help Desk team at hiesupport@sas.com to request the user(s) account to be disabled.  

If I just completed a user account audit, do I have to do it again?  

A: Yes. Each quarterly audit only includes user activity for the previous quarter. When a new audit begins, the user activity report is updated with new information including users that may have been added since the previous audit, along with changing levels of user activity.  

How do I know when it is time to complete the Quarterly User Audit?  

A: The audit begins the second Monday following the end of each quarter – April, July, October, January. You will see a reminder notice at the top of your PAA screen within the portal and will also receive an email from the Health Information Exchange Authority letting you know it is time to attest.   

What does it mean if several of my users are “flagged”?  

A:  Each user is compared to the facility average for a specific activity. If that user’s activity exceeds the facility average by 50%, the user is flagged for your attention and possible investigation. The average is for the last full quarter only. Some of your users will have a legitimate reason to search for and open patient records as part of the role they perform within your organization. If you find a user is searching for and opening an unusual amount of records that appears inconsistent with their assigned role, please contact the NC HIEA. You, as the PAA for your organization, can make this determination based on your knowledge of individual users and their job requirements. 

Why are our users required to “break the seal” each time they open a patient record?  

A:  If the user is attempting to open a record of a patient that does not have a “facility-based relationship” with the patient (the patient’s MRN is not associated with your practice) the user will have to break the seal. If your organization is not live and sending data to NC HealthConnex, your patients will not yet have MRNs associated with your facility or practice.