Page 1

Remote Access via the Citrix Access Gateway

Overview ……………………………………………………….…. Page 2

Logging into Remote Access ……………………………… Page 3

Changing Passwords ………..……....……………………. Page 4

Installing the Citrix Client ……………………………..…… Page 5

Installing Citrix Receiver on Ipad/IPhone …………… Page 7

Frequently Asked Questions ……………………………… Page 10

System Requirements ………………………………………. Page 11

Electronic Use Policy ……………………………………….… Page 12

July 2017

Page 2

Overview

This guide documents the use of the Citrix Access Gateway, the remote access solution used at Mercy.

This system fulfills regulatory requirements to more tightly control access to Mercy's systems for

remote users. Specifically, only those expressly granted access by their managers will have remote access.

Remote access has to be requested in accordance with Mercy's security policies and HIPAA regulations.

Citrix Access Gateway is less dependent on specific operating systems or browsers, so it should work

well for a wide variety of devices and situations. A single login will give access to all available Citrix applications

making the system much easier to use. Finally, the system can be accessed from clinics, homes, devices like

Ipads, and even from inside Mercy. The system will look the same regardless of where users are logging in.

Note that with this remote access system there will not be access to clinical system, with the exception

of Portal, for remote users. This means HEC, HED, HHS, HEV, HSM and PHS will not be accessible outside of

Mercy's walls. Non-clinical applications, Citrix applications without patient information, (MercyCentral,

employee portal etc.) will be accessible remotely.

If you have questions regarding the new remote access system, please call the Help Desk at

319-339-3617.

Page 3

Logging into the Citrix Access Gateway

1. Open a browser and enter the address: www.mercyiowacity.org and click the “For Employees and Physicians”

link in the upper right hand corner.” Then click the Access Gateway link on the Mercy Staff Access page.

2. Enter your Domain credentials and click the Log On button.

3. Browser Settings –

a. Internet Explorer - Users with

Internet Explorer 10 or greater needs to add the

'mercyicmobile.org' to the Compatibility View

Settings. Also, that everyone should add the

https://www.mercyicmobile.org to the Trusted

Sites.

b. Users with Windows 10 - The

internet browser EDGE is not supported and users

should use Internet Explorer instead (32bit).

c. Safari Users - Will need to make

sure that the ADD-ONs are active and the Citrix

Receiver is given full ALLOW rights.

4. To run an application, click on an icon in the browser window.

Note: The Citrix ICA client or Citrix Receiver must be installed on the

workstation in order to use the Access Gateway. If a window similar

to the one to the right is displayed when you select an application,

you will need to install the client. See the section “Installing the Citrix

Receiver” below.

Page 4

Changing Passwords Users will be required to change their Domain passwords every 90 days. When you password has expired, you will be prompted to enter a new password. New Domain password must be a minimum of 8 characters in length and contain 3 of the following 4 categories: CAPITAL A-Z, lower case a-z, numeric 0-9 or character @#$%. The new password must be different than the previous two passwords.

If you have an expired password, after logging in, the system will prompt you enter a new password: Enter a new password that is at least 8 characters in length and contains 3 of the following 4 categories: CAPITAL A-Z, lower case a-z, numeric 0-9 or character @#$%. The new password must be different than your previous two passwords.

Confirm your new password by entering it again.

Should your new password not meet the requirements, or the two entries do not match, you will be returned to the login page with a message: “Incorrect credentials. Try again.” Enter your login and original password to be prompted to enter a valid new password. If you have problems changing your password, please contact the Help Desk

at 319-339-3617

Forgotten Passwords

To reset a forgotten password, click on the “Forget your password? Click Here” link. Choose the Reset Password link and enter your domain login name. Answer the security questions and you will be prompted to enter a new password. The new password must conform to the password rules listed above. A link to the password reset page can also be found on the “For Employees and Physicians” page at www.mercyiowacity.org.

Page 5

Installing the Citrix Receiver

Citrix Receiver is required to access applications remotely. You can also install the Citrix client by

going to this website: http://www.citrix.com/download

On the left side of the Citrix Download page, point to Downloads, then select Download Receiver.

Next, click the “Download Receiver for xxx (Windows, MAC, etc)” button, check the box to accept

the License Agreement if it comes up, and then click Continue.

Depending on your browser, you may have to choose Download File from the options in the

message bar, or respond to other security questions in order to download the install file. Once the file

has been downloaded, choose Run to install the client. You may also receive a Warning message

that will prompt you click to allow Citrix Systems Inc. to run an add‐on.

Click Install to install the Citrix client and follow any additional prompts. At the end of the install click

FINISH (You do not need to set up an account). You may be asked to reboot your device.

Page 6

When the client install is completed, close all browsers except for the one that displays your

applications. Click on an application to run it.

Note: If a list of your applications does not appear in any of the browser windows, close all of your

browsers and then log back into the Remote Access page from www.mercyiowacity.org.

Page 7

How to Install Citrix Receiver on iPhone and iPad

Requirements

To install Citrix Receiver on your iPhone or iPad you need to have iPhone or iPad touch mobile device with iPhone 2.2 Software Update installed (version 2.2.1) with internet

connection.

Background

With the Citrix Receiver for the iPhone, you can access any XenApp hosted application from your Apple iPhone or iPad Touch. You can view, review, edit, and interact with

full-featured Windows applications, documents, and data just like you would if you were at your PC.

Procedure

Follow the below procedure on how to install Citrix Receiver on Apple iPhone or iPad:

1. Go to App Store Application on your iPhone or iPad and tap on App Store.

2. The App Store page is displayed. In Search tool bar, search for Citrix Receiver. The Citrix Receiver is displayed.

3. The Citrix Receiver info page is displayed. Tap on Free.

Page 8

4. Again Citrix Receiver info page is displayed. Tap on Install.

5. The Apple ID Password pop-up is displayed to enter Apple ID password. Enter your Apple ID password and tap on OK.

6. The Citrix Receiver will start to get installed on your iPhone or iPad.

Page 9

7. In few seconds Citrix Receiver is installed on your iPhone or iPad. See Page 3 for instructions on using the Citrix Access Gateway to access Mercy Applications.

Page 10

Frequently Asked Questions

Why is Mercy changing its Remote Access system?

Changing the method for remote access is needed because the current systems are obsolete and could pose

security issues if left in place. The new solution is also less dependent on operating system and other factors, so it should

be more reliable and easier to use. Finally, this upgrade will allow Mercy to more tightly control remote access to

systems in accordance with Mercy's security policies and federal HIPAA regulatory laws.

Will I still be able to access files on Mercy’s shared drives?

Direct access to files on Mercy’s internal networks will no longer be possible. Some Citrix applications which can

be run remotely, such as Microsoft Office (Word, Excel, etc), can open and edit documents stored on shared drives.

I need remote access to a specific application. Will this system work?

The remote access system will allow users to run most applications that are delivered via Citrix. If the application

you want to access is not delivered via Citrix, you will not be able to run the app remotely. You may be able to use the

Citrix RDP application to control your work PC from offsite.

Can I use my Ipad/Iphone with the new system?

The Citrix Receiver app is available for free for Ipad’s and Iphones. See the installation instructions beginning on

page 6.

I connect to my work desktop remotely. Will I be able to with the new system?

Yes. You will need to use the Citrix RDP application to connect and control to your desktop remotely.

Why can’t I log into the new system?

The remote access system uses your Mercy Domain credentials for login (the username and password you use

to log into a PC at Mercy). If you have forgotten your Domain credentials, contact the Help Desk at 319-339-3617 to

have your password reset. It’s also possible you have not been authorized to use remote access. Contact your

manager/supervisor to verify they have submitted an Online Access Request authorizing you for remote access.

Page 11

System Requirements

Updated: 2013-05-08

Windows Operating System

•Windows 8, 32-bit and 64-bit editions (including Embedded Edition) •Windows 7, 32-bit and 64-bit editions (including Embedded Edition) •Windows XP Professional, 32-bit and 64-bit editions •Windows XP Embedded •Windows Vista, 32-bit and 64-bit editions •Windows Thin PC

Hardware

•VGA or SVGA video adapter with color monitor •Windows-compatible sound card for sound support (optional) •A network interface card (NIC) and the appropriate network transport software

Browser

•Internet Explorer 10.0 through 6.0 •Mozilla Firefox 15.x (minimum supported version)

MAC Operating System

•Mac OS X 10.8 •Mac OS X 10.7, 32-bit and 64-bit •Mac OS X 10.6, 32-bit and 64-bit

Hardware

•Intel-based processor •At least 256 MB of RAM •106.7 MB of free disk space •A working network or Internet connection to connect to servers

Browser

•Safari Version 5.x •Mozilla Firefox Versions 3.x through 10.x •Google Chrome 20.x

Page 12

Section: Miscellaneous Policy No.: E19

External Standard/Requirements: Health Insurance Portability and Accountability Act

Health Information Technology for Economic and Clinical Health Act

45 C.F.R. §160, §162, §164 (HIPAA)

Pub. L. 111-5 “ARRA” (HITECH)

Title: Electronic Information and Communication Access and Use Policy

Date Issued: 10/96 Page No.: 1 of 4

Reviewed: 03/98

Revised: 01/00, 03/03, 12/06, 11/09, 02/13, 03/15

I. POLICY

A. Mercy Iowa City maintains electronic information and communication systems to assist with the conduct

of hospital business. All computer system networks, business and telephone equipment and other

electronic communication systems are company property. Additionally, all information contained,

composed, sent, or received on Mercy Iowa City’s electronic information and communication systems is

and remains the property of Mercy Iowa City. This information is not the private property of any

employee.

B. The use of the electronic information and communication systems is reserved for the conduct of business

at Mercy Iowa City.

1. Electronic information and communication systems may not be used to solicit for or promote

commercial ventures, political causes, outside organizations, or other non-job-related solicitations

or purposes.

2. Electronic information and communication systems may not be used to contain, create, send, or

receive any offensive, harassing or disruptive messages. Offensive messages include, but are not

limited to, any messages containing racial slurs, sexual implications, derogatory remarks about a

specific gender, or any other comment that offensively addresses someone's race, age, sex, sexual

orientation or identity, religion, national origin or disability.

3. Information that is confidential in nature shall not be provided over any broadcast media such as:

public address systems, Internet, email, voice pagers, speakerphones, and portable radios. The

only exception will be for electronic broadcasting when an encryption system approved by Mercy

Iowa City is used. When the mode of communication is not securely private, users are advised to

use caution

Policy No.: E19

Page No.: 2 of 4

Page 13

in relaying sensitive confidential information. (Refer to Information Services Policy and

Procedures.)

4. Security features provided with or installed for electronic information and communications

systems including, but not limited to, passwords and security codes, must be used to protect

confidential information and restrict unauthorized access. Any exceptions to this policy, such as

disabling the security features of a system, must receive prior approval by the Chief Information

Officer or designee.

5. No employee may install any software onto any Mercy computer(s) without prior approval by the

Chief Information Officer or designee. Rogue software is subject to removal by IS staff.

6. No employee may download Mercy data onto a personal, non Mercy owned, device of any sort.

This includes, but is not limited to, personal laptops, tablets, USB thumb drives or other

removable disk drives, or devices that can be used as a disk drive.

7. No Mercy data may be downloaded onto any portable device unless that device is encrypted in

such a way that data could not be accessed if the device is lost or stolen. This includes, but is not

limited to; Mercy provided laptops, tablets, USB thumb drives or other removable disk drives, or

devices that can be used as a disk drive.

8. Mercy Iowa City reserves the right to limit network access to internal resources and/or external

resources based on business need, capacity and/or risk. This may include, but is not limited to,

websites with objectionable content, social networking sites or sites posing a risk to patient

privacy or employee productivity. Employees wishing to access a blocked site may petition their

business case in writing for access.

9. Mercy employees who use social networking websites or post information identifying themselves

as Mercy employees are expected to uphold Mercy Values, protect patient privacy and promote

goodwill toward Mercy Iowa City. The use of social networking sites in such a manner as to

damage Mercy or its reputation will be considered grounds for discipline up to and including

termination from employment. At no time are patient photos, patient information or business

information to be posted without prior approval by community Relations.

10. Electronic data including, but not limited to, protected patient data, business or financial data is

not to be downloaded, copied to or kept on computers or other electronic devices not owned or

approved by Mercy Iowa City.

C. Mercy Iowa City reserves and intends to exercise the right to access, review, audit and intercept all

messages created, received, contained, stored or sent on its electronic communication systems.

1. The confidentiality of any message should not be assumed. The use of passwords or message

delete functions for security does not guarantee confidentiality. The systems' Administrators

have the authority to change a password, to restrict an employee's access, or to give access to a

supervisor as necessary.

2. Notwithstanding the hospital's right of access to any electronic communications, such messages

should be treated as confidential by other employees and accessed only by the intended recipient.

Employees are not authorized to retrieve or read any communication that is not sent to them. Any

exception to this policy must receive prior approval by the appropriate department director or the

Chief Information Officer.

Page 14

3. Employees shall not use a code, access a file, or retrieve any stored information unless authorized

to do so as is consistent with Policy E09: Disclosure and Use of Confidential Information.

Employees should not attempt to gain access to another employee's messages without the latter's

permission.

4. All computer and other communication codes and passwords must be provided to supervisors

upon request.

5. Mercy Iowa City reserves the rights to limit the amount of email individual users can keep, set

limits on the quantity of email kept and the duration for retaining email.

6. Mercy Iowa City archives all email messages for 4 years. Email archives are not deleted when

employees leave. Access to archived email messages is strictly limited to the Chief Privacy Officer and Risk Management coordinator.

7. Mercy Iowa City provides email accounts to all employees and expects them to be used only for

hospital business.

D. Employees who violate this policy are subject to discipline up to and including termination from

employment.

E. Employees who discover a violation of this policy shall notify their department director and the Chief

Information Officer or designee.

II. DEFINITION OF TERMS

Confidential patient information: Any information obtained as the result of treatment, examination, observation,

payment transaction, and conversation between a patient and a healthcare provider. Confidential patient

information includes, but is not limited to, Protected Health Information (PHI) as defined by HIPAA.

Personal portable device: Any device that can be used to store data that was not purchased by Mercy.

Non-confidential patient information: Information that is generally common knowledge and for which there is no

specific request by the patient to restrict disclosure such as name of the patient, verification of hospitalization or

outpatient service, dates of service, except in the case of mental health patient information.

Mental health patient information: Any patient information regarding a patient hospitalized in the mental health

unit or whose attending physician is a psychiatrist.

Social Networking: Any tool used to connect people who share the names, interests and/or activities through the

use of web-based services. Such tools may include but are not limited to; blogs, wikis, podcasts, RSS feeds and

social websites.

III. PROCEDURES

None.

Mercy Iowa City policies and procedures are not intended to outline specific actions but provide general guidelines for conduct. If there are any questions regarding

interpretation of this policy and procedure, please contact your supervisor or administration.