Policy Manual

 
  10.MEP.2  

Facility Security      

Type: Procedure                 Category: Physical Plant                 Level: Community Care 

Parties: Community Care employees and contractees

Printer Friendly Version: http://apps.comcareme.org/policymanual/default.aspx?code=10.MEP.2&nonav=yes

Supporting References: HIPAA Security Rule 164.310.a.2.ii,164.310.a.2.iii,164.310.a.2.iv

Parent Effective Date Approval Level Revision Dates Last Reviewed
6.ME.17  2-7-2005  Management Team    2-7-2005
Related Document Code Related Document Name Type
6.MEP.5 Electronic Security Awareness Procedure

Procedure:  .

1.0              Responsibility and Authority

1.1              The Administrative Services Manager is responsible for the proper coordination, content and accuracy of this policy

2.0              Definitions

2.1              None

3.0              Procedure

3.1              Each Agency office shall have one person responsible for maintaining and updating the facility security plan. This plan will include provisions for internal and external security responses. Describe the physical mechanisms to control access to buildings and/or computer facilities such as security chips, keys, locks and cipher pads. Each area office shall audit and monitor physical mechanisms for security breaches and have in place sanctions for security breaches and keep a record of breaches and how they were handled. Information Security Events should be handled as prescribed in 6.MEP.5.

3.2              Each office shall have documented procedures for controlling access to facilities containing electronic protected/confidential information based on users' role or function.

3.3              Visitor logs shall be maintained at each Agency office to facilitate and document the control of visitors, and where appropriate include a positive identification check (e.g., a photo ID).

3.4              Each Agency office shall have physical barriers that separate users with access to protected/confidential information based on their "need to know" level. All residential homes shall have offices that can be physically locked when staff are required to be away from their workstations.

3.5              Each Agency office shall have formal documented procedures and instructions for validating the access privileges of an entity (person or organization) before granting those privileges.

3.6              Each Agency office shall have a central reception/security desk that verifies access privileges prior to granting access to a facility that contains or can access protected/confidential information.

3.7              Each Agency office shall maintain records to document repairs, or modifications to the facility (for example, hardware, walls, doors, locks).and evaluate the effect of the repairs or modifications to the facility security plan.

3.8              Each Agency office shall have an audit trail that can track changes for impacts to the security plan or existing systems; the Administrative Services Manager shall serve as the single point of contact overseeing facilities changes.

4.0              Reference Documents

4.1              None

5.0              Concurrence/Approval

5.1              Administrative Services Manager