WEB SECURITY POLICY
Overview : With the increasing amount of personal data that is being compiled on the Internet and specifically individual’s medical information we must look at the ethical dilemma of who has access to our data. Not only general demographic data such as full name, home address, phone number, and date of birth but also extremely sensitive medical information such as diagnosis and medication prescribed. Even though the convenience of digital records accessible to care providers via the web can expedite service, security and privacy have to be considered and maintained. An organizational policy is required to provide guidance, direction and responsibilities to ...view middle of the document...
Scope: The policy provides IT managers and users in the organization with centralized policies and guidelines concerning the acceptable use and practices for utilizing Web resources but maintaining HIPAA standards. By meeting the requirements of the HIPPA Security rule which establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. (Security, 2003)
The policy requirements and restrictions defined in this document shall be adhered to by all employees at all locations and by contractors working for the organization.
Procedures: The following requirements are the minimum to meet HIPAA standards. Various standards fall as the responsibility of stakeholders across the organization. Some specifically fall on an individual group of stakeholders and some across the entire organization. Encryption of all information is a requirement of all personnel when working on any medical data, personal identifiable information (PII) or personal health information for individuals or companies serviced by the organization when using the Internet for transmitting the data. IT staff have the responsibility that all information is backed up in a secure and expeditious manner. This also entails maintaining multiple copies and testing backups for viability. A requirement for all personnel is to ensure appropriate authorization of personnel for access to specific data and maintain the security and report any possible violations. Along with ensuring authorized use of data would be maintaining the integrity, ensuring no alteration or tampering with data, for all data which falls to all personnel. Not less than annually, the IT staff shall conduct entitlement reviews with department heads to ensure that all employees have the appropriate roles, access, and software necessary to perform their job functions effectively while being limited access to the minimum necessary data to facilitate HIPAA compliance and protect patient data. (Consortium, 2011) Another primary requirement for the IT staff would be storage and encryption of all backups and ensuring viable continuity of operation procedures. The disposal of all data when no longer required for the operations of the organization is the responsibility of all personnel.