Standard Practice
TITLE:
Remote Access to Hospital Computer Networks
EFFECTIVE:
May 1, 2006
PURPOSE:
It is The George Washington University Hospital’s (GWUH) policy to control the
use and security of all remote access to the GWUH network. It is the
responsibility of all users with remote access privileges to GWUH’s network to
ensure that their remote access connection is given the same consideration as
the user’s on-site connection to GWUH. Remote access technologies that are
covered by this policy include, but are not limited to, dial-in modems, frame
relay, ISDN, DSL, VPN, cable modems and secured connection to host
application.
SCOPE:
All GWUH employees and other authorized users that have remote access
privileges to GWUH’s network.
POLICY:
As GWUH continues to grow, so do the computer systems and networks that
support the daily functions of our business. This growth necessitates remote
access for employees, physicians, and authorized vendors. Secure remote
connections are required for all off-site access to GWUH network systems.
GWUH IT currently supports two methods of remote user access – VPNs (Virtual
Private Networks) and Citrix Web Portal. Both methods establish a secure and
trusted connection to the end point.
REVIEWED: January, 2014
This policy provides the guidelines that ensure all appropriate persons and
entities are given access to information on the GWUH computer network for the
complete and effective execution of their responsibilities.
Remote access is meant to be an alternative method of meeting hospital needs,
and is only granted to employees on a case-by-case basis. GWUH also supports
Remote Access for its Medical Staff, IT Vendors, Contractors and other
authorized users, as necessary, to support the IT systems and provide an
integrated delivery network for our patients and their families.
THE GEORGE WASHINGTON UNIVERSITY HOSPITAL
STANDARD PRACTICE
PAGE 1 OF 4
Standard Practice
Remote Access to Hospital Computer Networks
I.
Acceptable Use
Hardware devices, software programs, and network systems purchased and provided by
the hospital for remote access are to be used only for creating, researching, and
processing hospital-related materials. By using the hospital’s hardware, software, and
network systems you assume personal responsibility for their appropriate use and agree
to comply with this policy and other applicable company policies, as well as local, state
and federal laws and regulations.
Eligibility to remotely access GWUH hospital information systems is determined by the
Director of Information Services. All employee requests must be submitted by the
Department Director.
II.
Equipment & Tools
The hospital may provide tools and equipment for remotely accessing the computer
network. This may include computer hardware, software, VPN access, e-mail,
connectivity to host applications, and other applicable equipment as deemed necessary.
The use of equipment and software provided by the hospital for remotely accessing the
hospital’s computer network is limited to authorized persons and for purposes relating
to hospital business. The hospital will provide for repairs to the hospital equipment.
When the employee uses her/his own equipment, if authorized, the employee is
responsible for maintenance and repair of equipment.
Remote access users must take reasonable efforts to protect all company-provided
software and hardware devices from theft and physical damage.
III.
Use of Personal Computers and Equipment
There are literally thousands of possible interactions between the software needed by
the remote user and the average mix of programs on most home computers.
Troubleshooting software and hardware conflicts can take hours, and can result in a
complete reinstall of operating systems and application software as the only remedy for
problems. For that reason, the Information Services department will only provide
support for equipment and software provided by the hospital.
The hospital will bear no responsibility if the installation or use of any necessary
software causes system lock ups, crashes, or complete or partial data loss. Remote
access users are solely responsible for backing up data on their personal machine before
beginning any hospital work. At its discretion, the hospital will disallow remote access
for any user using a personal home computer that proves incapable, for any reason, of
not working correctly with the company-provided software, or not meeting the
minimum system specifications.
THE GEORGE WASHINGTON UNIVERSITY HOSPITAL
STANDARD PRACTICE
PAGE 2 OF 4
Standard Practice
Remote Access to Hospital Computer Networks
For remote access via secured links to applications, please review the minimum
hardware requirements provided with the link. Application access and functionality can
be limited if personal devices are not in compliance with minimum hardware
requirements. Secure access links shall not be shared.
IV.
Violations and Penalties
Penalties for violation of the Remote Access Policy will vary depending on the nature
and severity of the violation. All authorized remote access users who violate the
Remote Access Policy will be subject to:
1. Loss of remote access privileges.
2. Civil or criminal prosecution under Federal and/or State law.
3. Disciplinary action as described in the hospital’s employee handbook including but
not limited to reprimand, suspension and/or termination of employment.
V.
Remote Access Support
GWUH IS department will provide application support for remote access users during
normal business hours. After hours and weekend support is limited only to remote
access issues/situations that directly affect patient care.
THE GEORGE WASHINGTON UNIVERSITY HOSPITAL
STANDARD PRACTICE
PAGE 3 OF 4
Standard Practice
Remote Access to Hospital Computer Networks
Acknowledgment of Remote Access Policy
This form is used to acknowledge receipt of, and compliance with, the hospital’s Remote Access Policy.
Procedure
Complete the following steps:
1. Read the Remote Access Policy.
2. Sign and date in the spaces provided below.
3. Return this page only to the Information Services Network Systems Manager or Director.
Signature
By signing below, I agree to the following terms:
 I have received and read a copy of the “Remote Access Policy” and understand and agree to the
same;
 I understand and agree that any software and hardware devices provided to me by the hospital
remain the property of the hospital;
 I understand and agree I am not to modify, alter, or upgrade any software programs or
hardware devices provided to me by the organization without the permission of the Information
Technology department;
 I understand and agree that I shall not share secure access links;
 I understand and agree that, if I leave the company for any reason, I shall immediately return to
the company the original and copies of any and all software, computer materials, or computer
equipment that I may have received from the company that is either in my possession or
otherwise directly or indirectly under my control;
 I understand and agree I must make reasonable efforts to protect all company provided
software and hardware devices from theft and physical damage.
______________________________________
Remote Access User Signature
Date
______________________________________
Remote Access User Name
Date
______________________________________
Title
______________________________________
Requestor Manager Signature
Date
______________________________________
Department/Location
______________________________________
Information Security Manager Approval
THE GEORGE WASHINGTON UNIVERSITY HOSPITAL
STANDARD PRACTICE
PAGE 4 OF 4