• Home
• Customer Service
• FAQs
• Site Index
• Visit DPDB

• ABOUT THE DATA BANKS

  • NPDB
  • HIPDB
  • What's New
  • FAQs

• GENERAL INFORMATION

  • Registering
  • Billing and Fees
  • Disputing Reports
  • Querying & Reporting
  • Reporting Codes
  • Section 1921
  • Data Bank Outreach

• QUERYING & REPORTING

  • IQRS Features
  • Using the PDS Prototype
  • Using the QRXS
  • Using the ITP Interface
  • Sample Response Files
  • IQRS Subject Database
  • IQRS User Review Panel

• PUBLICATIONS

  • NPDB Guidebook
  • HIPDB Guidebook
  • Fact Sheets & Brochures
  • Newsletters

• LEGISLATION & POLICIES

  • Federal Register Notices
  • Legislation & Regulations
  • Privacy Policy

• STATISTICAL INFORMATION

  • Annual Reports
  • Public Use Data File
  • Data by Profession & State
• 

Security
Frequently Asked Questions (FAQ)

---

See also:

• Common NPDB-HIPDB Definitions
• Ensuring IQRS Security
• Fact Sheet on Security and Confidentiality
• Fact Sheet on User IDs and Passwords

---

1. I received a message through the Integrated Querying and Reporting Service (IQRS) that my IQRS session has expired. Why did I receive this message?

   On most pages in the IQRS, your session will automatically expire if you remain on the page for more than 20 minutes without continuing to the next page. The exception is the Query and Report Input forms; the Add/Modify Subject Information screen; and the PDS Subject Enrollment form on the Enroll PDS Subject screen; which expire after two hours of inactivity. This helps to protect the integrity and security of the Data Banks. If your session expires, simply log in again. (Also in Error Messages FAQ and Integrated Querying and Reporting Service [IQRS] FAQ.)

2. What do I do if I think someone else has accessed my account?

   Note the last log in date and time and change your password immediately. Contact the Customer Service Center at 1-800-767-6732 for assistance. Information Specialists are available to speak with you weekdays from 8:30 a.m. to 6:00 p.m. (5:30 p.m. on Fridays) Eastern Time. The Customer Service Center is closed on all Federal holidays.

3. Are there recommended security measures that I should take to prevent computer viruses such as spyware, worms, adware, malware, etc.?

   Yes, there are security measures you should take. Any person connected to the Internet has the potential to have their workstation infected by viruses such as spyware, worms, adware, malware, etc. Some steps to protect your system include making sure that you have anti-virus, anti-spyware, and anti-spam software installed locally on your computer. This software must always be kept up-to-date with current signatures and full machine scans should be run regularly. Be sure to follow-up with your Information Technology department to ensure that these safeguards are in place.

4. What security measures are in place to protect data transmissions to and from the Data Banks?

   All data transmissions are protected using Secure Socket Layer (SSL) protocol. SSL interface between applications (such as browsers) and the Transmission Control Protocol/Internet Protocol (TCP/IP) protocols to provide server authentication, client authentication, and an encrypted communication channel between client and server. Software is installed to protect against viruses, malware, and spyware. A firewall is used to filter all traffic and to keep malicious traffic outside the protected environment. An intrusion detection system monitors activity to identify malicious or suspicious events. (Also in Interface Control Document Transfer Program [ITP] FAQ and Querying and Reporting XML Service [QRXS] FAQ.)

5. How do I prevent my mail server from mistakenly marking e-mail from the Data Banks as junk e-mail?

   Ensuring that the Data Banks Banks domain names are listed as valid senders in your "Safe Senders List" or "Safe Recipients List" will keep you informed of important Data Bank news and correspondence. Microsoft Office Outlook® is a popular e-mail application with features that work to protect a user's privacy and help block unwanted messages. To add the Data Banks domain names to your Safe Senders List using Microsoft Office Outlook® 2003 or Microsoft Office Outlook® 2007:

   1. On the Tools menu, click Options.
      
   2. On the Preferences tab, under E-mail, click Junk E-mail.
      
   3. Click the Safe Senders tab.
      
   4. Click Add.
      
   5. In the Add Address or Domain window enter sra.com and then click OK.
      
   6. Repeat for the npdb-hipdb.hrsa.gov domain name.
      
   7. In the Junk E-mail Options window, click Apply and then click OK.
      
   8. In the Options window, click OK.
      

   Note: For users who do not use Outlook, check your e-mail application for these same functions.

6. I received a message through the Integrated Querying and Reporting Service (IQRS) that another user within my organization is currently logged in to the IQRS using my user account. Why did I receive this message?

   To prevent users from sharing a user ID account, the IQRS limits the number of concurrent sessions to one per user ID. There are several reasons why you may have received this message:

   1. If two users attempt to log in to the IQRS using the same user ID and password, the second user will receive a warning message stating that another user is already logged in to that account. If the second user continues to log in, the first user's session will be terminated. Your Entity Data Bank Administrator must create individual user accounts for every person that is authorized to query or report for your entity.
      
   2. If you do not use the Log Out button when exiting the IRQS and attempt to log in to the IQRS within 20 minutes of exiting, you will also receive a warning message. Always use the Log Out button when you are finished with your IQRS session. (Also in Integrated Querying and Reporting Service [IQRS] FAQ and Error Messages FAQ.)
      
7. I received a message through the Integrated Querying and Reporting Service (IQRS) that my IQRS session was terminated because another user from my organization logged in using my user account. Why did I receive this warning message?

   There are two reasons why you may receive this warning message. The first reason that you may receive this warning message occurs if a second user logs in to the IQRS using the same user ID and password that you are using. To prevent users from sharing a user ID account, the IQRS limits the number of concurrent sessions to one per user ID. If two users attempt to log in to the IQRS using the same user ID and password, the second user will receive a warning message that another user is already logged in to that account. If the second user elects to continue, the first user's session is terminated and the system displays a session termination message. Inform your Entity Data Bank Administrator about this issue. The Entity Data Bank Administrator must create individual user ID accounts for every person that is authorized to query or report for your entity.

   The second reason you may receive this message occurs if you did not use the Log Out button when you last exited the IQRS and your previous IQRS session is still active. Always use the Log Out button when you are finished with your IQRS session. (Also in Integrated Querying and Reporting Service [IQRS] FAQ and Error Messages FAQ.)

8. Are there special procedures that I must follow to dispose of Data Banks information that is no longer needed?

   Once you receive data from the Data Banks, you are responsible for its security and compliance with the laws concerning its unauthorized disclosure or use. Data Bank information contains personal information that is protected under the provisions of the Privacy Act of 1974, 5 USC Section 552a. Violations of the provisions of the Privacy Act may subject the offender to criminal penalties. Also, the information reported to the Data Banks is confidential and shall not be disclosed except as specified by regulations. The Health and Human Services (HHS) Office of Inspector General (OIG) has the authority to impose civil money penalties on those who violate the confidentiality provisions of the National Practitioner Data Bank (NPDB) and/or the Healthcare Integrity and Protection Data Bank (HIPDB) information.

   Even accidental, or the unintentional release of sensitive information, is a serious problem and must be prevented. It is recommended that each entity have internal guidelines in place for appropriate disposal of documents and digital media containing sensitive data. Examples of NPDB-HIPDB sensitive information include: Entity Registration forms, Authorized Agent Designation forms, Self-Query Input forms, Report Verification Documents (RVDs), etc. Anything containing identifying information such as Data Bank Identification Numbers (DBIDs), Electronic Funds Transfer (EFT) account numbers, credit card numbers, or Social Security Numbers is considered sensitive information.

   The following may be used as guidelines for appropriate disposal of sensitive information:

   • Paper documents should be cross-cut shredded prior to disposal.
   • Digital media (CDs, flash drives, tapes, diskettes, hard drives, etc.) should be sanitized or destroyed prior to disposal.

---

Back to Top	Return to FAQ Topics	Customer Service Center 1-800-767-6732
	Last revised January 2008

---