Security Policy Development: ABC Healthcare Remote Access Policy

Verified

Added on 2022/09/08

AI Summary

This report presents a detailed remote access security policy developed for ABC Healthcare Provider, addressing the critical need to protect patient data and confidential information within a network of remote healthcare clinics. The policy establishes clear guidelines for medical staff and healthcare professionals to securely access the organization's IT systems, mitigating risks such as unauthorized access, compromised credentials, and data breaches. The policy's scope encompasses all medical staff, contractors, vendors, and any workstation used to connect to the network, covering all activities from sending emails to viewing patient records. Key requirements include secure login credentials, encryption (VPNs), multiple authentication levels, and adherence to hardware and software configuration standards. The report also outlines compliance measures, exceptions, and non-compliance consequences, along with related policies and standards like password policies and third-party conformance standards. The ultimate goal is to ensure the secure and compliant remote access of sensitive patient data.

Running head: DEVELOPING SECURITY POLICIES
DEVELOPING POLICY
Name of the Student:
Name of the University:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1DEVELOPING POLICY
Overview
Regional ABC healthcare provider provides and delivers multiple remote healthcare
clinics within the entire region. The policy would help in securing the data and information of
patients and necessary confidential data (Dunn, 2015). There are higher risks of accessing
EPHI and storing EPHI. The risks include stolen login credentials, the practice of accessing
the EPHI outside the limited or restricted region, usage of EPHI in the personnel workstation,
which would give rise to improper access. A stolen laptop or any other personnel workstation
either accidentally or intentionally would have risen the increased risks of remote access
(Department of Health and Human Service, 2020). Therefore, an effective policy would help
in mitigating the risks and improves the practice of EPHI.
Purpose
The purpose of this policy is to build up rules explicitly relating to remote access to
ABC Healthcare Providers. Keeping unapproved access to organization information from
uncertain networks is of most extreme significance to ABC Healthcare Provider. This
approach is intended for medical staffs, or healthcare professionals can safely interface with
the corporate system unafraid of risk and to furnish the Company.
The main objectives of the policies are to mitigate the risks arises from the remote
access domain are as follows:
 Multiple login entries
 Unauthorized remote access to IT system
 Confidential data are compromised
 Stolen of any hardware

2DEVELOPING POLICY
Scope
The policy shall cover and apply to all the medical staff and the healthcare
professionals of ABC Healthcare Provider. The Contractors, voluntarily employees, vendors
of the organization, and any workstation used to connect the network of the organization are
covered under the policy (Fox & Vaidyanathan, 2016). Any other works that are undergoing
on behalf of ABC healthcare organization, starting from sending emails to viewing the
medical reports of patients, are also under the coverage of the policy. Additionally, this
policy would also cover every technical implementation used to connect ABC Healthcare
Provider.
Policy
 Authorized medical staff or users must prevent or secure their login credentials and
must not share with any individuals for any reason.
 If any authorized staff or workers are using the ABC healthcare provider networks in
their personnel devices, then it is their responsibility to prevent any leakage of
information (Andersson & Pettersson, 2015).
 If there is found of any misconduct or any illegal activities while accessing the remote
network, then there would be strict action taken and may impact on the employment.
 The appropriate usage of digital certificates which is a form of authentication
techniques for securing the SSL VPN
 It is responsible for all the stakeholders of the organization to adhere to follow the
policy and implement it in practice.
 There would be continual reviewing of the databases in a regular interval of time.

3DEVELOPING POLICY
Requirement
 Securing the remote access must be carefully controlled with encryption (i.e., Virtual
Private Systems (VPNs) along with solid pass-phrases.
 The medical workers or authorized person of the ABC healthcare provider must not
share their login credentials even to their family members.
 Users must not connect or share the organization VPN while the system is already
connected with another VPN (Agarwal et al., 2014).
 There should be multiple levels of authentication for accessing the VPN outside or in
the external devices.
 The highly confidential or restricted information and data must only be accessed with
the help of ABC Healthcare organization's internal network.
 Personal equipment used to interface with ABC Healthcare Provider frameworks must
meet the essentials of ABC Healthcare supplier had gear for remote access as
communicated in the Equipment and Software Configuration Standards. The
standards are for remotely giving access to ABC Healthcare supplier Networks
Policy Compliance
Compliance Measurement
The ABC healthcare providers would examine compliance with multiple elements or
methods such as business tool reports, any internal and external audits, the practice of
feedback towards the implementation of policy, and overall functioning of the policy (Safa,
Von Solms, & Furnell, 2016).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4DEVELOPING POLICY
Exception
Any exclusion to the methodology or implementation of the policy must be avowed
by Remote Access Services along with the ABC healthcare provider in advance.
Non-Compliance
Medical staffs or healthcare professionals found to have abused or violated the policy
would be subjected to violating the rules, and there would be a strict action taken that may
affect the termination of employment.
Related Standards, Policies, and Process
It will be ideal if policymakers audit the attending approaches for subtleties of
securing data or documents while getting to the company system through remote access
strategies, and worthy consumption of ABC Healthcare Provider. The following and
necessary policy that is related is
 Password Policy
 Adequate training on the adoption ePHI that would generate awareness and
knowledge among the employees for an effective following of policy
 Policy for third party
 Conformation standards of implementation of software along with hardware
for remotely accessing the ABC healthcare Provider.

5DEVELOPING POLICY
References
Agarwal, P., Adhya, S. K., Thirunarayanan, S., & Choudhary, A. (2014). U.S. Patent No.
8,893,259. Washington, DC: U.S. Patent and Trademark Office.
Andersson, S. M., & Pettersson, M. G. (2015). U.S. Patent No. 9,191,822. Washington, DC:
U.S. Patent and Trademark Office.
Department of Health and Human Service. (2020). HIPAA Security Guidance (pp. 1-6).
Department of Health and Human Service. Retrieved from
https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/
remoteuse.pdf
Dunn, W. N. (2015). Public policy analysis. Routledge.
Fox, M., & Vaidyanathan, G. (2016). IMPACTS OF HEALTHCARE BIG DATA: A
FRAMEWORK WITH LEGAL AND ETHICAL INSIGHTS. Issues in Information
Systems, 17(3).
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. computers & security, 56, 70-82.