I received a message through the Integrated Querying and Reporting
Service (IQRS) that my IQRS session has expired. Why did I receive this message?
On most pages in the IQRS, your session will
automatically expire if you remain on the page for
more than 20 minutes without continuing to the next
page. The exception is the Query and Report Input forms;
the Add/Modify Subject Information screen; and the PDS Subject Enrollment
form on the Enroll PDS Subject screen; which expire after two hours of
inactivity. This helps to protect the integrity and security of the Data
Banks. If your session expires, simply log in again.
(Also in Error Messages FAQ and
Integrated Querying and Reporting Service [IQRS] FAQ.)
What do I do if I think someone else has accessed my
account?
Note the last log in date and time and change your password immediately.
Contact the Customer Service Center at
1-800-767-6732 for assistance.
Information Specialists are available to speak with you weekdays
from 8:30 a.m. to 6:00 p.m. (5:30 p.m. on Fridays) Eastern Time.
The Customer Service Center is closed on all Federal holidays.
Are there recommended security measures that I should take
to prevent computer viruses such as spyware, worms, adware, malware, etc.?
Yes, there are security measures you should take. Any person
connected to the Internet has the potential to have their workstation
infected by viruses such as spyware, worms, adware, malware, etc. Some
steps to protect your system include making sure that you have anti-virus,
anti-spyware, and anti-spam software installed locally on your computer.
This software must always be kept up-to-date with current signatures and
full machine scans should be run regularly. Be sure to follow-up with your
Information Technology department to ensure that these safeguards are in place.
What security measures are in place to
protect data transmissions to and from the Data Banks?
All data transmissions are protected using Secure Socket Layer (SSL) protocol.
SSL interface between applications (such as browsers) and the Transmission
Control Protocol/Internet Protocol (TCP/IP) protocols to provide server
authentication, client authentication, and an encrypted communication
channel between client and server. Software is installed to protect
against viruses, malware, and spyware. A firewall is used to filter
all traffic and to keep malicious traffic outside the protected
environment. An intrusion detection system monitors activity to
identify malicious or suspicious events. (Also in Interface Control Document Transfer
Program [ITP] FAQ and Querying and Reporting XML Service [QRXS] FAQ.)
Ensuring that the Data Banks Banks domain names are listed as valid senders
in your "Safe Senders List" or "Safe Recipients List" will
keep you informed of important Data Bank news and correspondence.
Microsoft Office OutlookŪ is a popular e-mail application with
features that work to protect a user's privacy and help block
unwanted messages. To add the Data Banks domain names to your
Safe Senders List using Microsoft Office OutlookŪ 2003 or
Microsoft Office OutlookŪ 2007:
On the Tools menu, click Options.
On the Preferences tab, under E-mail, click
Junk E-mail.
Click the Safe Senders tab.
Click Add.
In the Add Address or Domain window enter sra.com and then click OK.
Repeat for the npdb-hipdb.hrsa.gov domain name.
In the Junk E-mail Options window, click
Apply and then click OK.
In the Options window, click OK.
Note: For users who do not use Outlook, check your
e-mail application for these same functions.
I received a message through the Integrated
Querying and Reporting Service (IQRS) that another user within my
organization is currently logged in to the IQRS using my user account.
Why did I receive this message?
To prevent users from sharing a user ID account,
the IQRS
limits the number of concurrent sessions to one per user ID. There are several
reasons why you may have received this message:
If two users attempt to
log in to the IQRS using the same user ID and password, the second user will receive a warning message stating
that another user is already logged in to that account. If the second user continues to
log in, the first user's session will be terminated. Your
Entity Data Bank Administrator must create individual user accounts for every
person that is authorized to query or report for your entity.
If you do not use the Log Out button when
exiting the IRQS and attempt to log in to the IQRS within 20 minutes of exiting,
you will also receive a warning message.
Always use the Log Out button when you are finished
with your IQRS session. (Also in Integrated Querying and Reporting Service [IQRS]
FAQ and Error Messages FAQ.)
I received a message through the Integrated
Querying and Reporting Service (IQRS) that my IQRS session
was terminated because another user from my organization
logged in using my user account. Why did I receive this
warning message?
There are two reasons why you may receive this warning message.
The first reason that you may receive this warning message occurs
if a second user logs in to the IQRS using the same user ID and
password that you are using. To prevent users from sharing a
user ID account, the IQRS limits the number of concurrent sessions
to one per user ID. If two users attempt to log in to the IQRS using
the same user ID and password, the second user will receive a
warning message that another user is already logged in to that account.
If the second user elects to continue, the first user's session is
terminated and the system displays a session termination message.
Inform your Entity Data Bank Administrator about this issue.
The Entity Data Bank Administrator must create individual user ID
accounts for every person that is authorized to query or report
for your entity.
The second reason you may receive this message occurs if you did not use the
Log Out button when you last exited the IQRS and your previous
IQRS session is still active. Always use the Log Out button
when you are finished with your IQRS session.
(Also in Integrated Querying and Reporting Service [IQRS] FAQ and Error Messages FAQ.)
Are there special procedures that I must follow to
dispose of Data Banks information that is no longer needed?
Once you receive data from the Data Banks, you are responsible for its
security and compliance with the laws concerning its unauthorized
disclosure or use. Data Bank information contains personal information
that is protected under the provisions of the Privacy Act of 1974, 5 USC Section 552a.
Violations of the provisions of the Privacy Act may subject the offender to
criminal penalties. Also, the information reported to the
Data Banks is confidential and shall not be disclosed except
as specified by regulations. The Health and Human Services (HHS)
Office of Inspector General (OIG) has the authority to impose civil
money penalties on those who violate the confidentiality
provisions of the National Practitioner Data Bank (NPDB)
and/or the Healthcare Integrity and Protection Data Bank (HIPDB)
information.
Even accidental, or the unintentional release of sensitive
information, is a serious problem and must be prevented.
It is recommended that each entity have internal guidelines in place for
appropriate disposal of documents and digital media containing sensitive data.
Examples of NPDB-HIPDB sensitive information include: Entity Registration forms,
Authorized Agent Designation forms, Self-Query Input forms,
Report Verification Documents (RVDs), etc. Anything containing identifying
information such as Data Bank Identification Numbers (DBIDs), Electronic Funds
Transfer (EFT) account numbers, credit card numbers, or Social Security Numbers is
considered sensitive information.
The following may be used as guidelines for appropriate
disposal of sensitive information:
Paper documents should be cross-cut shredded prior to disposal.
Digital media (CDs, flash drives, tapes, diskettes, hard drives, etc.)
should be sanitized or destroyed prior to disposal.
