Healthcare Information Security Policy Case Study

591 Words3 Pages

Healthcare Information Security Policy

1. Acceptable Use

a) Employees should not use healthcare information systems to access or use material which is deemed to be inappropriate, offensive, copyrighted, illegal or which jeopardizes security by breeching confidentiality, compromising integrity and / or making information assets of organization unavailable for use.

2. Access Control

a) All authorizations shall be linked back to the MS (medical superintendent) of the organization in an unbroken chain.

b) Access control mechanism for medical information systems and their processing facilities must be established by respective management(s).

i. Access control for Medical Data, Financial Data, Data Centers, information systems, patient’s records room, employee records room or any …show more content…

Application, Database, Network and System administrator privileges shall only be given to those who have been designated as administrator by their Department Head.

iii. All default users shall be blocked and where they are required alias shall be used

e) The principle of Segregation of Duties (SoD) shall be applied for personnel with extensive system privileges thus ensuring no Conflict of Interest exist.

f) All access to healthcare information systems are to be documented and retained by the relevant custodian, clearly identifying individual users/owners, its privileges, approval and authorization. All users will get default organizational domain and email accounts whenever a system (desktop or laptop) is issued to them.

i. All company owned devices will be part of domain(s) of organization.

g) All access control mechanisms must use uniquely identifiable username to establish accountability, Non Repudiation and a valid audit trail.

i. For individuals it is recommended to use the Active Directory naming convention for information systems (application, databases, Operating system) usernames.

ii. For system accounts clearly identifiable system name are to be