Information Technology Policies of the Healthcare Setting

Information Technology Policies of the Healthcare Setting
The primary goal of this document is to delineate the information and communication technology (ICT) procedures of the healthcare setting as well as the framework for communicating, reinforcing, and implementing these policies. The hospital consists of approximately 150 employees, including healthcare practitioners, ancillary workers, the administrative unit, and IT workers. This policy document has been created to establish and support the minimal requirements deemed essential in safeguarding assets, including data, against improper disclosure, unintentional or unauthorized access, destruction, modification, and unavailability. This will be done to uphold the sensitivity, value, and criticality of the hospital’s operations and the safety of its clients.
The assets protected under these guidelines include software, hardware, and data, including populace and patient health information (PHI). The stipulations contained in this document apply to all employees as well as contractors and vendors working in partnership with the healthcare setting or those who access the institution’s computing platforms remotely. By developing a practical and feasible policy system and using the recommended policy establishment procedure, the hospital aims to gain significant volitional compliance.
Policy Orientation
Vision
To implement sophisticated decisions promptly with feasible security procedures for safeguarding PHI and health systems.
Mission
The policy’s mission is to surpass expectations in the application and adherence to the hospital’s internal security merits. We intend to provide quality protection to our clients by offering reliable healthcare services without subjecting them and the organization to cyber-related security threats.
Policy Objectives
•    To offer users appropriate guidance regarding the utilization of various data and its associated assets within the healthcare setting.
•    To foster the implementation of proper data security management systems in the healthcare facility with clearly established responsibilities and roles.
•    To reinforce the adequate protection of the institution’s data assets and avoid infringements of any contractual, regulatory, statutory, and legislative obligations.
•    To ensure that the healthcare facility’s employees comprehend their duties, they fit in their assigned roles, and to minimize threats linked to the misuse of resources, fraud, and human error.
To promote the secure dissemination, storage, and processing of health data through proper planning, network management, media handling, change management, backups, and operating processes.
Acceptable Use
Password Use
•    Users will not reserve password copies in any electronic or written form. However, passwords of essential accounts may be saved securely.
•    Users may modify passwords in instances where there is evidence of potential password or system compromise.
•    Users are required to modify passwords at a 90-day regular interim or according to the periods accessed.
•    Users will adjust interim passwords upon the initial login.
•    It is recommended that users do not include passwords in automated login procedures.
•    Users are warned against sharing their passwords with other individuals.
•    Users must ensure that they have no audience when entering their respective passwords.
Password Construction
•    Users will select passwords that are hard to guess but easy to recall. The chosen password should consist of eight characters as the minimum length and constitute a blend of numerals, capital letters, and unique characters (! @ #).
•    Do not utilize number or word patterns or sequences such as 122333411 or aabbcc.
•    A user’s workplace password should not be similar to their non-work-related passwords.
Anti-Virus
•    Anti-virus will be installed on all laptops and workstations; it should be running and be updated regularly. A corporate anti-virus will be installed across the healthcare setting’s appropriate electronic devices.
•    All hosts utilized by employees and connected to the hospital’s Extranet/Intranet/Internet, irrespective of their ownership, must have the sanctioned virus-scanning software with an up-to-date virus database, except in instances where the gadget has been overridden by group or departmental policy.
•    Users are war