Tft2 Task 2

831 Words4 Pages
Tft2 Task 2 Adam Saalman In the aftermath of the situation within the organization, some issues stand out: • Profiles were around prior to EHR. • Profiles were not recorded. • Non privileged outside users had access to EHR.. • Non­recorded profile was inserted to a new environment. • Exposure to attain elevated access. This is cause for the following three policy modifications. Electronic Patient Health Information Remote Access Policy This policy will dictate the access level for remote users. The policy will stand to ensure that only the minimum amount of data for a patient is exposed outside of the network to the authorized user. This policy will be enforced on all employees that must use the EHR system and all connecting devices from the outside networks. The policy is in effect for all remote sessions into the network for reading or writing to patient records. This is not limited to just the EHR system and is applicable to any connection type such as home internet, cellular, etc. Policy Details: Proper remote users must ensure their connections are secure and treat remote work as if they were within the local network. Isolation for Sensitive Systems (ISO 27002:2005, 11.6.2) There will be no internet usage while connected to the hospital network. The VPN policies will enforce the rules and if it detects a possible bypass, the VPN connection to the network will be terminated. Protection from Malicious Software (NIST, 164.308(a)(5)(ii)(b)) The only devices that will be issued by the hospital will be laptops, cell phones, and PDA’s. These devices are acceptable mediums to use for external connections. User Authentication for External Connections (ISO 27002:2005, 11.4.2) The permitted uses are as follows: ● Home patient care will be allowed to use virtual desktop access. ● After hours prescription services
Open Document