University of Colorado Denver Facility for Advanced Spatial Technology

aurorabellyNetworking and Communications

Nov 21, 2013 (3 years and 6 months ago)

60 views


University of Colorado Denver

Facility for

Advanced Spatial Technology


Subject: Supplemental Policies to HIPAA Policy



Policy #:

SP
-
6.1

Title:

Network Security Policy







Page
1

of
3




Reviewed by:

Sue Hawkins


Approved by:

Sue Hawkins


Effective Date

11/21/2013


Supe
rs
edes Policy:

N/A









Effective Date of This Revision:

November 21, 2013



Contact
:

HIPAA
Security

Officer

Responsible Department:

Sue Hawkins

Facility for Advanced Spatial Technology

1200 Larimer Street NC 5032


303
-
556
-
4172




Category:


Administrative Safeguard

Type:


Standard


Physical Safeguard



Implementation Specification


Technical Safeguard



Required


Addressable




AUDIENCE:


T
he

HIPAA

Security
policies
affects
all covered
health care
components that may be designated by
FAST

at anytime , to include
FAST
‘s partner/ subsidiaries
but only to the extent that each component performs
activities that would make such component a business assoc
iate of
FAST.

Such component would
include any third party outsourced

functions

including billing
,
transcription,
Information Technology
Services, Insurance Department, Internal Audit, Office, Legal Counsel, Press Office/Public Affairs, Public
Safety, Thes
e policies affect all
FAST
‘s

workforce members in covered components.


PURPOSE:


The purpose is to secure communication devices and data on
FAST

network.


SCOPE
:


This policy applies to all
FAST

workforce members including, but not limited to full
-
time emp
loyees, part
-
time employees, trainees, volunteers, contractors, temporary workers, and anyone else granted access to
sensitive information such as electronic protected health information (ePHI) by
FAST.






Applies to:


Officers


S
taff
/ Faculty


Student clinicians


Volunteers


Other agents


V
isitors


C
ontractors



University of Colorado Denver

Facility for

Advanced Spatial Technology


Subject: Supplemental Policies to HIPAA Policy



Policy #:

SP
-
6.1

Title:

Network Security Policy







Page
2

of
3




Reviewed by:

Sue Hawkins


Approved by:

Sue Hawkins


Effective Date

11/21/2013


Supe
rs
edes Policy:

N/A









POLICY
:


The standard for network protocols in
the FAST

infrastructure is TCP/IP.


FAST

will:


1.

Use encryption as much as possible to protect data

2.

Use firewall(s) to secure critical segments

3.

Deploy Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) on all critical
segments

4.

Disable

all services that are not in use or services that have use of which you are not sure

5.

Use wrappers around all services to log their usage as well as to restrict connectivity



Enforcement

Any employee found to have violated this policy may be subj
ect to disciplinary action, up to and including
termination of employment.







University of Colorado Denver

Facility for

Advanced Spatial Technology


Subject: Supplemental Policies to HIPAA Policy



Policy #:

SP
-
6.1

Title:

Network Security Policy







Page
3

of
3




Reviewed by:

Sue Hawkins


Approved by:

Sue Hawkins


Effective Date

11/21/2013


Supe
rs
edes Policy:

N/A










DEFINITIONS:


REFERENCE:


International Standards Organization (ISO/IEC 17799:2000(E)
)


NIST standards