remote access via the citrix access gateway · pdf filepage 2 overview this guide documents...
TRANSCRIPT
Page 1
Remote Access via the Citrix Access Gateway
Overview ……………………………………………………….…. Page 2
Logging into Remote Access ……………………………… Page 3
Changing Passwords ………..……....……………………. Page 4
Installing the Citrix Client ……………………………..…… Page 5
Installing Citrix Receiver on Ipad/IPhone …………… Page 7
Frequently Asked Questions ……………………………… Page 10
System Requirements ………………………………………. Page 11
Electronic Use Policy ……………………………………….… Page 12
July 2017
Page 2
Overview
This guide documents the use of the Citrix Access Gateway, the remote access solution used at Mercy.
This system fulfills regulatory requirements to more tightly control access to Mercy's systems for
remote users. Specifically, only those expressly granted access by their managers will have remote access.
Remote access has to be requested in accordance with Mercy's security policies and HIPAA regulations.
Citrix Access Gateway is less dependent on specific operating systems or browsers, so it should work
well for a wide variety of devices and situations. A single login will give access to all available Citrix applications
making the system much easier to use. Finally, the system can be accessed from clinics, homes, devices like
Ipads, and even from inside Mercy. The system will look the same regardless of where users are logging in.
Note that with this remote access system there will not be access to clinical system, with the exception
of Portal, for remote users. This means HEC, HED, HHS, HEV, HSM and PHS will not be accessible outside of
Mercy's walls. Non-clinical applications, Citrix applications without patient information, (MercyCentral,
employee portal etc.) will be accessible remotely.
If you have questions regarding the new remote access system, please call the Help Desk at
319-339-3617.
Page 3
Logging into the Citrix Access Gateway
1. Open a browser and enter the address: www.mercyiowacity.org and click the “For Employees and Physicians”
link in the upper right hand corner.” Then click the Access Gateway link on the Mercy Staff Access page.
2. Enter your Domain credentials and click the Log On button.
3. Browser Settings –
a. Internet Explorer - Users with
Internet Explorer 10 or greater needs to add the
'mercyicmobile.org' to the Compatibility View
Settings. Also, that everyone should add the
https://www.mercyicmobile.org to the Trusted
Sites.
b. Users with Windows 10 - The
internet browser EDGE is not supported and users
should use Internet Explorer instead (32bit).
c. Safari Users - Will need to make
sure that the ADD-ONs are active and the Citrix
Receiver is given full ALLOW rights.
4. To run an application, click on an icon in the browser window.
Note: The Citrix ICA client or Citrix Receiver must be installed on the
workstation in order to use the Access Gateway. If a window similar
to the one to the right is displayed when you select an application,
you will need to install the client. See the section “Installing the Citrix
Receiver” below.
Page 4
Changing Passwords Users will be required to change their Domain passwords every 90 days. When you password has expired, you will be prompted to enter a new password. New Domain password must be a minimum of 8 characters in length and contain 3 of the following 4 categories: CAPITAL A-Z, lower case a-z, numeric 0-9 or character @#$%. The new password must be different than the previous two passwords.
If you have an expired password, after logging in, the system will prompt you enter a new password: Enter a new password that is at least 8 characters in length and contains 3 of the following 4 categories: CAPITAL A-Z, lower case a-z, numeric 0-9 or character @#$%. The new password must be different than your previous two passwords.
Confirm your new password by entering it again.
Should your new password not meet the requirements, or the two entries do not match, you will be returned to the login page with a message: “Incorrect credentials. Try again.” Enter your login and original password to be prompted to enter a valid new password. If you have problems changing your password, please contact the Help Desk
at 319-339-3617
Forgotten Passwords
To reset a forgotten password, click on the “Forget your password? Click Here” link. Choose the Reset Password link and enter your domain login name. Answer the security questions and you will be prompted to enter a new password. The new password must conform to the password rules listed above. A link to the password reset page can also be found on the “For Employees and Physicians” page at www.mercyiowacity.org.
Page 5
Installing the Citrix Receiver
Citrix Receiver is required to access applications remotely. You can also install the Citrix client by
going to this website: http://www.citrix.com/download
On the left side of the Citrix Download page, point to Downloads, then select Download Receiver.
Next, click the “Download Receiver for xxx (Windows, MAC, etc)” button, check the box to accept
the License Agreement if it comes up, and then click Continue.
Depending on your browser, you may have to choose Download File from the options in the
message bar, or respond to other security questions in order to download the install file. Once the file
has been downloaded, choose Run to install the client. You may also receive a Warning message
that will prompt you click to allow Citrix Systems Inc. to run an add‐on.
Click Install to install the Citrix client and follow any additional prompts. At the end of the install click
FINISH (You do not need to set up an account). You may be asked to reboot your device.
Page 6
When the client install is completed, close all browsers except for the one that displays your
applications. Click on an application to run it.
Note: If a list of your applications does not appear in any of the browser windows, close all of your
browsers and then log back into the Remote Access page from www.mercyiowacity.org.
Page 7
How to Install Citrix Receiver on iPhone and iPad
Requirements
To install Citrix Receiver on your iPhone or iPad you need to have iPhone or iPad touch mobile device with iPhone 2.2 Software Update installed (version 2.2.1) with internet
connection.
Background
With the Citrix Receiver for the iPhone, you can access any XenApp hosted application from your Apple iPhone or iPad Touch. You can view, review, edit, and interact with
full-featured Windows applications, documents, and data just like you would if you were at your PC.
Procedure
Follow the below procedure on how to install Citrix Receiver on Apple iPhone or iPad:
1. Go to App Store Application on your iPhone or iPad and tap on App Store.
2. The App Store page is displayed. In Search tool bar, search for Citrix Receiver. The Citrix Receiver is displayed.
3. The Citrix Receiver info page is displayed. Tap on Free.
Page 8
4. Again Citrix Receiver info page is displayed. Tap on Install.
5. The Apple ID Password pop-up is displayed to enter Apple ID password. Enter your Apple ID password and tap on OK.
6. The Citrix Receiver will start to get installed on your iPhone or iPad.
Page 9
7. In few seconds Citrix Receiver is installed on your iPhone or iPad. See Page 3 for instructions on using the Citrix Access Gateway to access Mercy Applications.
Page 10
Frequently Asked Questions
Why is Mercy changing its Remote Access system?
Changing the method for remote access is needed because the current systems are obsolete and could pose
security issues if left in place. The new solution is also less dependent on operating system and other factors, so it should
be more reliable and easier to use. Finally, this upgrade will allow Mercy to more tightly control remote access to
systems in accordance with Mercy's security policies and federal HIPAA regulatory laws.
Will I still be able to access files on Mercy’s shared drives?
Direct access to files on Mercy’s internal networks will no longer be possible. Some Citrix applications which can
be run remotely, such as Microsoft Office (Word, Excel, etc), can open and edit documents stored on shared drives.
I need remote access to a specific application. Will this system work?
The remote access system will allow users to run most applications that are delivered via Citrix. If the application
you want to access is not delivered via Citrix, you will not be able to run the app remotely. You may be able to use the
Citrix RDP application to control your work PC from offsite.
Can I use my Ipad/Iphone with the new system?
The Citrix Receiver app is available for free for Ipad’s and Iphones. See the installation instructions beginning on
page 6.
I connect to my work desktop remotely. Will I be able to with the new system?
Yes. You will need to use the Citrix RDP application to connect and control to your desktop remotely.
Why can’t I log into the new system?
The remote access system uses your Mercy Domain credentials for login (the username and password you use
to log into a PC at Mercy). If you have forgotten your Domain credentials, contact the Help Desk at 319-339-3617 to
have your password reset. It’s also possible you have not been authorized to use remote access. Contact your
manager/supervisor to verify they have submitted an Online Access Request authorizing you for remote access.
Page 11
System Requirements
Updated: 2013-05-08
Windows Operating System
•Windows 8, 32-bit and 64-bit editions (including Embedded Edition) •Windows 7, 32-bit and 64-bit editions (including Embedded Edition) •Windows XP Professional, 32-bit and 64-bit editions •Windows XP Embedded •Windows Vista, 32-bit and 64-bit editions •Windows Thin PC
Hardware
•VGA or SVGA video adapter with color monitor •Windows-compatible sound card for sound support (optional) •A network interface card (NIC) and the appropriate network transport software
Browser
•Internet Explorer 10.0 through 6.0 •Mozilla Firefox 15.x (minimum supported version)
MAC Operating System
•Mac OS X 10.8 •Mac OS X 10.7, 32-bit and 64-bit •Mac OS X 10.6, 32-bit and 64-bit
Hardware
•Intel-based processor •At least 256 MB of RAM •106.7 MB of free disk space •A working network or Internet connection to connect to servers
Browser
•Safari Version 5.x •Mozilla Firefox Versions 3.x through 10.x •Google Chrome 20.x
Page 12
Section: Miscellaneous Policy No.: E19
External Standard/Requirements: Health Insurance Portability and Accountability Act
Health Information Technology for Economic and Clinical Health Act
45 C.F.R. §160, §162, §164 (HIPAA)
Pub. L. 111-5 “ARRA” (HITECH)
Title: Electronic Information and Communication Access and Use Policy
Date Issued: 10/96 Page No.: 1 of 4
Reviewed: 03/98
Revised: 01/00, 03/03, 12/06, 11/09, 02/13, 03/15
I. POLICY
A. Mercy Iowa City maintains electronic information and communication systems to assist with the conduct
of hospital business. All computer system networks, business and telephone equipment and other
electronic communication systems are company property. Additionally, all information contained,
composed, sent, or received on Mercy Iowa City’s electronic information and communication systems is
and remains the property of Mercy Iowa City. This information is not the private property of any
employee.
B. The use of the electronic information and communication systems is reserved for the conduct of business
at Mercy Iowa City.
1. Electronic information and communication systems may not be used to solicit for or promote
commercial ventures, political causes, outside organizations, or other non-job-related solicitations
or purposes.
2. Electronic information and communication systems may not be used to contain, create, send, or
receive any offensive, harassing or disruptive messages. Offensive messages include, but are not
limited to, any messages containing racial slurs, sexual implications, derogatory remarks about a
specific gender, or any other comment that offensively addresses someone's race, age, sex, sexual
orientation or identity, religion, national origin or disability.
3. Information that is confidential in nature shall not be provided over any broadcast media such as:
public address systems, Internet, email, voice pagers, speakerphones, and portable radios. The
only exception will be for electronic broadcasting when an encryption system approved by Mercy
Iowa City is used. When the mode of communication is not securely private, users are advised to
use caution
Policy No.: E19
Page No.: 2 of 4
Page 13
in relaying sensitive confidential information. (Refer to Information Services Policy and
Procedures.)
4. Security features provided with or installed for electronic information and communications
systems including, but not limited to, passwords and security codes, must be used to protect
confidential information and restrict unauthorized access. Any exceptions to this policy, such as
disabling the security features of a system, must receive prior approval by the Chief Information
Officer or designee.
5. No employee may install any software onto any Mercy computer(s) without prior approval by the
Chief Information Officer or designee. Rogue software is subject to removal by IS staff.
6. No employee may download Mercy data onto a personal, non Mercy owned, device of any sort.
This includes, but is not limited to, personal laptops, tablets, USB thumb drives or other
removable disk drives, or devices that can be used as a disk drive.
7. No Mercy data may be downloaded onto any portable device unless that device is encrypted in
such a way that data could not be accessed if the device is lost or stolen. This includes, but is not
limited to; Mercy provided laptops, tablets, USB thumb drives or other removable disk drives, or
devices that can be used as a disk drive.
8. Mercy Iowa City reserves the right to limit network access to internal resources and/or external
resources based on business need, capacity and/or risk. This may include, but is not limited to,
websites with objectionable content, social networking sites or sites posing a risk to patient
privacy or employee productivity. Employees wishing to access a blocked site may petition their
business case in writing for access.
9. Mercy employees who use social networking websites or post information identifying themselves
as Mercy employees are expected to uphold Mercy Values, protect patient privacy and promote
goodwill toward Mercy Iowa City. The use of social networking sites in such a manner as to
damage Mercy or its reputation will be considered grounds for discipline up to and including
termination from employment. At no time are patient photos, patient information or business
information to be posted without prior approval by community Relations.
10. Electronic data including, but not limited to, protected patient data, business or financial data is
not to be downloaded, copied to or kept on computers or other electronic devices not owned or
approved by Mercy Iowa City.
C. Mercy Iowa City reserves and intends to exercise the right to access, review, audit and intercept all
messages created, received, contained, stored or sent on its electronic communication systems.
1. The confidentiality of any message should not be assumed. The use of passwords or message
delete functions for security does not guarantee confidentiality. The systems' Administrators
have the authority to change a password, to restrict an employee's access, or to give access to a
supervisor as necessary.
2. Notwithstanding the hospital's right of access to any electronic communications, such messages
should be treated as confidential by other employees and accessed only by the intended recipient.
Employees are not authorized to retrieve or read any communication that is not sent to them. Any
exception to this policy must receive prior approval by the appropriate department director or the
Chief Information Officer.
Page 14
3. Employees shall not use a code, access a file, or retrieve any stored information unless authorized
to do so as is consistent with Policy E09: Disclosure and Use of Confidential Information.
Employees should not attempt to gain access to another employee's messages without the latter's
permission.
4. All computer and other communication codes and passwords must be provided to supervisors
upon request.
5. Mercy Iowa City reserves the rights to limit the amount of email individual users can keep, set
limits on the quantity of email kept and the duration for retaining email.
6. Mercy Iowa City archives all email messages for 4 years. Email archives are not deleted when
employees leave. Access to archived email messages is strictly limited to the Chief Privacy Officer and Risk Management coordinator.
7. Mercy Iowa City provides email accounts to all employees and expects them to be used only for
hospital business.
D. Employees who violate this policy are subject to discipline up to and including termination from
employment.
E. Employees who discover a violation of this policy shall notify their department director and the Chief
Information Officer or designee.
II. DEFINITION OF TERMS
Confidential patient information: Any information obtained as the result of treatment, examination, observation,
payment transaction, and conversation between a patient and a healthcare provider. Confidential patient
information includes, but is not limited to, Protected Health Information (PHI) as defined by HIPAA.
Personal portable device: Any device that can be used to store data that was not purchased by Mercy.
Non-confidential patient information: Information that is generally common knowledge and for which there is no
specific request by the patient to restrict disclosure such as name of the patient, verification of hospitalization or
outpatient service, dates of service, except in the case of mental health patient information.
Mental health patient information: Any patient information regarding a patient hospitalized in the mental health
unit or whose attending physician is a psychiatrist.
Social Networking: Any tool used to connect people who share the names, interests and/or activities through the
use of web-based services. Such tools may include but are not limited to; blogs, wikis, podcasts, RSS feeds and
social websites.
III. PROCEDURES
None.
Mercy Iowa City policies and procedures are not intended to outline specific actions but provide general guidelines for conduct. If there are any questions regarding
interpretation of this policy and procedure, please contact your supervisor or administration.