Policy Statement
Purpose/ Objective
Remote Access for Health and Its benefits
XYZ Health Care Provider increasingly utilizing remote access solutions to retrieve vital medical information while working from home or local clinics as they become more technologically savvy. Remote access to electronic medical information help healthcare providers to reduce administrative costs, reduce errors, expand accessibility and ultimately enable them to become more efficient operations. Hospitals can easily connect to branch clinics, insurance companies, laboratories, medical transcriptionists, or other organizations without sacrificing security measures.
- Remote Access Solution
- Virtual Private Network (VPN)
- Secure Socket layers (SSL) Technology VPN
- Authentication Solution for Remote Access
- Biometrics
- USB Tokens
- Passwords
Scope
Procedures
Implementing a remote access solution for everyone involved seems like impossible, but with the right solution healthcare organizations can lower costs, raise productivity and improve patient care. Healthcare professionals frequently require timely access to confidential patient information in order to provide the highest quality care, which in some cases can mean the difference between life and death.
- Granting of Remote Access privileges to AHS IT Systems shall be considered for those requestors who are:
Members of the Affinity workforce or medical staff, Affiliated with XYZ as a member of the XYZ affiliated covered entity, Involved in a collaborative, contractual and/ or business associate relationship with XYZ or Approved by XYZ Privacy Officer, IT Security Officer, VP of IS, CIO or his/her designee.
- Remote Access privileges shall be made available through Citrix (preferred) or VPN to approved users.
Remote Access by workforce members via VPN shall be on an XYZ supplied standard device,
Remote Access by workforce members utilizing a non-XYZ device shall be via the Citrix portal,
Remote Access by Vendors/Business Associates can be provided via the Citrix portal or VPN with internal access restricted and Exceptions the above require a business case and approval from IT leadership.
- Requests by users for Remote Access shall be directed to XYZ IT Security Officer for consideration. Prior to granting Remote Access privileges, the requestor will be required to do the following:
Complete a Remote Access Request form, Non-exempt workforce members must obtain approval from Management and Human Resources leadership and As applicable, complete a HIPAA-compliant business associate agreement.
- Verifying eligibility of the requestor, the IT Security Officer is responsible for documentation and management of all components of access to XYZ IT Systems.
- AHS may choose to evaluate the Remote Access requestor's physical site (e.g. business, home office, etc.) and/or equipment prior to granting Remote Access privileges.
- The IT Security Officer's decision to proceed with granting Remote Access privileges will be based on the requestor's ability.
- After the request is processed, Remote Access instructions will be delivered by email that will include login information.
- The IT Security Officer of XYZ with periodic audits to verify the eligibility of all remote access users. Access by ineligible users can be blocked by the IT Security Officer.
Guidelines
As healthcare organizations increasingly turn to the Web to access their applications, security becomes even more crucial - since confidential health information is becoming available over the Internet – and now under HIPAA, organizations face regulatory requirements for privacy and security.SSL VPNs are well-suited to meet the anytime, anywhere remote-access needs of the healthcare industry in general, while complying with the security demands of the HIPAA regulations in particular.
SSL VPNs can provide real-time access to patient health information, while maximizing physician time and productivity. It is critical then that healthcare organizations’ security policies be implemented consistently throughout their network. Healthcare institutions need to choose the solution that is most appropriate for their network, but taking into account its cost-effectiveness, ease of use, ease of deployment, and higher security, the healthcare industry is sure to benefit most with SSL VPNs.
References
http://www.bizforum.org/whitepapers/rainbow-2.htm
http://www.affinityhealth.org/object/secreq-www.html
