Policy Manual

 
  6.MEP.16  

Computer Workstation Physical Security      

Type: Procedure                 Category: Information Technology                 Level: Community Care 

Parties: Community Care Contractees and Employees

Printer Friendly Version: http://apps.comcareme.org/policymanual/default.aspx?code=6.MEP.16&nonav=yes

Supporting References: HIPAA Security Rule 164.310.c

Parent Effective Date Approval Level Revision Dates Last Reviewed
6.ME.18  N/A  Management Team    N/A
Related Document Code Related Document Name Type

Procedure:  .

Computer Workstation Physical Security

 

Note: See 6.MEM.1 HIPAA Security-Rule Related Definitions http://policy.caremaine.org/Document.asp?Code=6%2EMEM%2E1 for more information.

 

  1. Desktop or fixed computers
    1. Desktop computers are not to be removed from their physical locations without authorization from the Administrative Services Manager.
    2. Electronic media stored with a particular workstation and containing or that may contain electronic protected health information must be protected in the same manner as physical confidential information.
  2. Mobile devices including, but not limited to, notebook or laptop computers or PDAs, and their electronic media
    1. Each mobile device will be assigned to a single individual who is responsible for it. Mobile devices shared by Team resources shall be assigned to a single member of the Team management, who will be responsible for ensuring that the individual receiving the device is aware of physical security guidelines.
    2. Mobile devices must be protected in the same manner as physical confidential information when unattended.

                                                               i.      Devices in transit in an automobile or other similar vehicle must be locked and all reasonable precautions taken to avoid theft or loss.

                                                             ii.      Devices in homes or other non-Agency-controlled locations should be stored appropriately to avoid use by unauthorized individuals or theft or loss.

                                                            iii.      Devices in Agency-controlled locations should be stored in locations where security is reasonably expected and not stored or left unattended in locationsthat present a security risk (for example, a restroom or waiting area).

    1. Environmental conditions can damage electronic hardware resulting in data loss.

                                                               i.      Devices should not be in locations such as automobiles for prolonged periods of time during times of extreme temperatures (for example, a 0 degree day in the winter or an 80 degree day in the summer).

                                                             ii.      Dust, liquids, foods and other foreign material should not be in the immediate vicinity of the equipment.

  1. Awareness and reporting
    1. All workforce members are expected to report actual or potential security problems of which they are aware according to Security Incident Reporting policy and procedure http://policy.caremaine.org/Document.asp?Code=6%2EME%2E16
  2. Disciplinary action
    1. Failure to follow the above procedure may result in disciplinary action according to Agency procedure.