Infosec and
Regulatory Compliance |
|
|
|
v |
|
Data Backup plan
:
We routinely update and maintain, for a specific period of time, retrieval
of exact copies of information..
|
v |
|
We have
documented standard policies and procedures for the receipt, storage,
dissemination, transmission and/or disposal of health information.
|
v |
|
Formally
documented policies and procedures are in place for granting different
levels of access to healthcare information.
|
v |
|
Our In-house
system administrators review system activity such as logins, file access and
security incidents on an ongoing basis.
|
v |
|
We perform
surprise audit checks of the individual desktops & systems.
|
v |
|
No laptops or
cell phones are allowed under any circumstances on the operations floor.
Laptops are permitted to select employees on requirement basis.
|
v |
|
We implement
formal documented procedures for connecting and loading new equipment and
programs, periodic review of maintenance and security testing of hardware or
software.
|
v |
|
The systems on
the operations floor do not have either floppy or CD drives. The data is
stored or downloaded on the HDD through centralized server.
|
v |
|
Only the
administrator has the access to a CD drive.
|
v |
|
Training : We
impart education concerning the vulnerabilities of health information. This
includes, but is not limited to; awareness training, periodic security
reminders, user education concerning virus protection, user education in
importance of monitoring login success or failure and how to report
discrepancies, user education in password management etc.
|
|
|
|