The policy requirements and restrictions defined in this document shall apply to network infrastructures, databases, external media, encryption, hardcopy reports, films, slides, models, wireless, telecommunication, conversations, and any other methods used to convey knowledge and ideas across all hardware, software, and data transmission mechanisms. This policy must be adhered to by all Practice employees or temporary workers at all locations and by contractors working with the Practice as subcontractors.
The scope of the policy and procedures document defines common security requirements for all Practice personnel and systems that create, maintain, store, access, process or transmit information. This policy also applies to information resources owned by others, such as contractors of the Practice, entities in the private sector, in cases where Practice has a legal, contractual or fiduciary duty to protect said resources while in Practice custody. In the event of a conflict, the more restrictive measures apply. This policy covers the Practice network system which is comprised of various hardware, software, communication equipment and other devices designed to assist the Practice in the creation, receipt, storage, processing, and transmission of information. This definition includes equipment connected to any Practice domain or VLAN, either hardwired or wirelessly, and includes all stand-alone equipment that is deployed by the Practice at its office locations or at remote locales.
Among further breakdown of the areas discussed above covered in the handbook are as follows:
- Identification and Authentication
- Network Connectivity
- Malicius Code
- Encryption
- Building Security
- Telecommuting
- Specific Protocols and Devices
- Retention/ Destruction of Medical Information
- Change Management
- Audit Controls
- Information System Activity Review
- Data Integrity
- Contingency Plan
- Security Awareness & Training
- Security Management Process
- Emergency Operation Procedures
- Emergency Access “Break the Glass”
- Sanction Policy
- Employee Background Checks
- E-Discovery Policy: Production & Disclosure
- E-Discovery Policy: Retentions
- Breach Notification Procedures
- Forms
- Network Access Request Form
- Confidentiality Form
- Approved Software
- Approved Vendors
- Incident Response Tools
- Background Check Authorization
- Change Management Tracking Log
- Employee Hiring & Termination Checklist