Skip to Main Content

Office of Mental Health

Description of the Security Management System

The Security Management System (SMS) is a Web-based application that state and local facilities will use to grant staff members access to secured OMH Web-based applications including the Patient Characteristics Survey (PCS) and the PSYCKES Medicaid.

How does SMS work?

The NYS Office of Mental Health (OMH) sends a facility control ID to each Facility Director. The Director appoints the Security Manager and entrusts him or her with the facility control ID (see guidelines for selecting a Security Manager). This ID is used to electronically self-register to use SMS. After OMH receives and approves the electronic self-registration request, the Security Manager will be sent a SecurID token and instructions for its use. Because SMS is a powerful tool that can be used to grant access to confidential patient information, "strong authentication" is required to sign-on. To ensure strong authentication, OMH utilizes a RSA SecurID token containing a computer chip that displays a different, single-use 6-digit code every minute. The Security Manager will sign-in to SMS with his or her userID, a Personal Identification Number (PIN), and this 6-digit token code.

The role of Security Manager is important and OMH is aware that performing the duties of this position requires time and effort. The SMS is designed to minimize the time requirements for the Security Manager to add and remove users and expand or reduce users' access to sensitive data. By appointing a responsible person to authorize data access, each facility in the public mental health system will be able to control access in a secure manner that offers the flexibility to adjust to staff turnover, reassignment or leave.

How will SMS be used for the Patient Characteristics Survey (PCS) Web application?

In SMS, each facility's Security Manager will add and remove PCS users and determine each user's level of access to the PCS Web application. For example, the Security Manager may give persons A and B the ability to submit and view data (Submitter) for service recipients of the facility's unit 101, give person C the ability to submit data for service recipients of the facility's unit 102, and give person D the supervisory authority to submit, view or download client data for all of the facility's units (Supervisor). Similarly, SMS allows the Security Manager to remove users and to reset their passwords.

Definitions of Security Groups

Comments or questions about the information on this page can be directed to the OMH Helpdesk.