DSHS TB/HIV/STD Security and Database Account Management
General Information
- Security Training and Confidentiality Requirements
Anyone needing access to a DSHS TB, HIV, or STD application or database must complete the TB/HIV/STD Data Security and Confidentiality training, as listed below. Database account access expires twelve months after completing the security and confidentiality training. Access to DSHS applications and databases is subject to revocation at any time.
- Local Responsible Party (LRP) Instructions
LRPs accept the responsibility for implementing and enforcing DSHS security and confidentiality policies and procedures within their agency. LRPs are responsible for approving database access for any employees or contractors at their agency. DSHS only provides access to databases for individuals who LRPs confirm.
LRP Designees
Large agencies may assign one or more individuals as LRP designees. The LRP retains the ultimate responsibility of implementing and enforcing security and confidentiality policies and procedures; however, the LRP may delegate the authority to approve database access requests for individuals in their agency. To assign an LRP designee, the LRP must email the DSHS HIV/STD Section Privacy Coordinator, stating permission and confirming they have reviewed the roles and responsibilities of an LRP designee with this individual.
For more information on LRP responsibilities and duties, visit Security Policy and Procedures.
- Steps to request or retain access to DSHS databases
- The prospective or renewing user follows the steps to request new access and renew account access.
- DSHS alerts the LRP or designee when a user requests new access, renews account access, and deactivates a user.
Requesting New Access to a DSHS Database
The following steps apply to new DSHS TB, HIV, or STD applications and database account requests. Requests for new access to a database must come from a DSHS-approved LRP or LRP designee. Individuals must check with their supervisor if they do not know who the LRP is. DSHS will not accept requests for new access to a DSHS database without approval from an LRP or LRP designee.
Renewing Database Access (Annual)
DSHS requires people with access to confidential TB, HIV, STD, or hepatitis C information to complete security training and sign a Confidentiality Agreement and an Acceptable Use Agreement at the time of employment and on an annual basis. This includes DSHS employees (permanent, temporary, and contractors), IT staff, volunteers, and students.
New User and Renewal Instructions:
Complete the Security and Confidentiality Training course. For those who take the security and confidentiality course:
- Complete the training and pass with a score of at least 85 percent;
- Save the completed course certificate as Lastname_Firstname_Agency_Strn.pdf; and
- Upload the TB/HIV/STD Data Security and Confidentiality Certificate to Smartsheet and submit the request.
Visit the Smartsheet to request new access, renew account access, and deactivate a user.
Deactivating User Access from DSHS Databases
A supervisor or LRP is responsible for notifying the DSHS HIV/STD Section Privacy Coordinator when an employee’s employment ends with the agency or changes to a new department or role that no longer requires the individual to access the database(s). The LRP or supervisor must complete the deactivation requests.
***Only submit access requests for yourself. DSHS will decline third-party requests.***
For deactivations visit the Smartsheet.
Security Confirmation for Employees Who Do Not Require Database Access
Complete the following steps to submit security and confidentiality requirements:
- Complete the Security and Confidentiality Training course.
- For those who take the online security and confidentiality course:
- Complete the training and pass with a score of at least 85 percent.
- Save the completed course certificate as Lastname_Firstname_Agency_Strn.pdf.
- For those who take an in-class security and confidentiality course:
- Check with your agency or trainer to receive a course completion certificate if one is not provided.
- Save the completed course certificate as Lastname_Firstname_Agency_Strn.pdf.
- For those who take the online security and confidentiality course:
- Complete and sign the Confidentiality Agreement. Right click on the link and select "Save as" to complete the agreement.
- Individuals must complete the confidentiality agreement in Adobe Reader. Completing the agreement in Chrome or another web browser prevents individuals from signing the form.
- Save the form as Lastname_Firstname_Agency_CON.pdf
- Email completed forms to the LRP.
- Save documents for personal records.
For additional assistance regarding your account request, email TBHIVSTD.AccountRequests@dshs.texas.gov with the ticket ID.
For Take Charge Texas visit TakeChargeTexas | Texas DSHS