Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Corporate Appropriate Access

advertisement 
DEPARTMENT: Information Technology
& Services
PAGE: 1 of 3
APPROVED: July 21, 1999
EFFECTIVE DATE: October 1, 1999
POLICY DESCRIPTION: Corporate Appropriate
Access
REPLACES POLICY DATED:
RETIRED:
REFERENCE NUMBER: IS.AA.025
SCOPE: All Corporate-employed personnel or contractors engaged by the Corporate office who are
users (“Corporate Users”) of the Clinical Patient Care System (“CPCS”).
PURPOSE: To define, maintain and distribute Appropriate Access standards that include standards
and procedures to be followed by all Corporate users of the Clinical Patient Care System (CPCS).
POLICY: The company will provide to all Corporate users of CPCS an Appropriate Access
Standards Manual. Each manual contains pertinent requirements for appropriate access to clinical
and/or financial information. These requirements are developed to provide a Corporate user timely
access to patient-specific information which is necessary to perform his/her job responsibilities and
define the settings needed to support timely and appropriate access to patient information.
Each Corporate user is ultimately responsible for adhering to the Corporate Appropriate Access
standards. Corporate users must only access/view information that they have a legitimate “need to
know” in order to perform their job responsibilities, regardless of the extent of access actually
provided to the user. Users will access clinical and financial information in an honest, ethical and
confidential manner. The access of patient information will be done in such a manner that, at a
minimum, meets all applicable Federal and state laws, regulations, and accreditation standards.
Compliance with the Corporate Appropriate Access standards will be measured by the monitoring
specified in the standards, and through the oversight of the Corporate Security Committee.
Noncompliance with these standards can result in an intentional or unintentional breach of patient
confidentiality of medical records contained in CPCS. These standards and accompanying education
will help to safeguard patient information and minimize exposure and/or liability for individual,
facility and company users.
These standards will be updated and modified to ensure compliance with changes in corporate policy
and regulations, or to complement future system enhancements.
PROCEDURE:
The Corporate Appropriate Access Standards Manual will consist of four (4) content areas:
1. Policy statement
 Corporate Appropriate Access Policy, IS.AA.025.
2. Infrastructure for maintenance and support – establishes the committee oversight and
DEPARTMENT: Information Technology
& Services
PAGE: 2 of 3
APPROVED: July 21, 1999
EFFECTIVE DATE: October 1, 1999
POLICY DESCRIPTION: Corporate Appropriate
Access
REPLACES POLICY DATED:
RETIRED:
REFERENCE NUMBER: IS.AA.025
departmental staff position for maintenance of standards, and requirement for signing of
Information Security Agreement. These standards address:
 Corporate Security Committee
 Local Security Coordinator Designation
 Information Security Agreement
3. Global Access Standards – Subject areas such as Release of Information and Enforcement and
Discipline are addressed in these standards. The requirements in these standards complement and
are consistent with facility Appropriate Access requirements, referenced below. The Corporate
Global Access standards include:
 External Entity Access
 Sealed Patient Record Access
 Confidential Patient Record Access
 Release of Information and Re-Disclosure
 MIS Access
 PCI Menu Access
 Conformance and Monitoring
 Enforcement and Discipline
4. Department-Specific Standards – Each pertinent department within IT&S and Operations is
described in detail as related to CPCS access needs. Access is defined within each module for
each different position description within the department. Global issues are addressed in all
standards, such as access to emulation and security level settings.
 IT&S Departmental Standards
 Operations Departmental Standards
REFERENCES:
Corporate Appropriate Access Standards
CPCS Appropriate Access, IS.AA.001
Multi-Facility Security Committee Policy, IS.AA.002
Facility Security Committee Policy, IS.AA.003
Release of and Access to Demographic and Clinical Patient Information Policy, IS.AA.004
Re-Disclosure of Patient Health Information Policy, IS.AA.005
Confidential Patient Setting in CPCS, IS.AA.006
DEPARTMENT: Information Technology
& Services
PAGE: 3 of 3
APPROVED: July 21, 1999
EFFECTIVE DATE: October 1, 1999
POLICY DESCRIPTION: Corporate Appropriate
Access
REPLACES POLICY DATED:
RETIRED:
REFERENCE NUMBER: IS.AA.025
Sealed Patient Setting in CPCS, IS.AA.007
PCI Menu Access, IS.AA.008
Restrict by Location, IS.AA.009
Physicians and Physicians Office Staff, IS.AA.010
External Entity Access, IS.AA.011
Employee Health Records, IS.AA.012
Information Security Policy, IS.AA.013
Conformance & Monitoring Reports Policy, IS.AA.014
Enforcement and Discipline Policy, IS.AA.015
Related documents
Please enter your title
Please enter your title
CSCS & CPCS Presentation 10 September 2014
CSCS & CPCS Presentation 10 September 2014
Supplementary Materials and Methods (doc 78K)
Supplementary Materials and Methods (doc 78K)
Detailed work plan, training, evaluation and progress reports
Detailed work plan, training, evaluation and progress reports
CPCS Diagnostic Questionnaire for GOCCs
CPCS Diagnostic Questionnaire for GOCCs
NAMSS Leadership Conference 2012
NAMSS Leadership Conference 2012
SUPPLEMENTAL MATERIAL Methods Cell culture, viral
SUPPLEMENTAL MATERIAL Methods Cell culture, viral
Critical Power Strategy_EN
Critical Power Strategy_EN
safety resources sheet
safety resources sheet
here - Blogs - University of Kent
here - Blogs - University of Kent
SENIOR ASSOCIATE PASTOR
SENIOR ASSOCIATE PASTOR
Transport for London
Transport for London
Download
advertisement