Add this page to your book 
Remove this page from your book 
Manage book (
Help **This is an old revision of the document!**
1. Only persons identified should have access to a certain computer. There should be permission to access a certain computer. There should be permission to access system from the original user.
1a. Role-based access control shall be implemented.
1b. No form is being filled-out when requesting for access of the server.
2. Some hospitals are implementing a 1 user is to 1 account policy.
2a. Limited access to station should be implemented.
3. Only specific application intended for use should be stored in the computer.
4. The computer to be used must be fixed in one place and not portable.
5. Only selected offices can use USB. Some hospitals disable use of USB.
6. Server should be located in a dedicated room.
6a. Office of IT people should be separate from the server room.
6b. A dedicated facility shall be put in place for data center.
6c. A dedicated infrastructure in the hospital which has restricted and limited access to be used for the purpose of housing the servers or data centers shall be put up. At the minimum, a data cabinet shall be installed in lieu of a server room. Clinics may use cloud computing while hospitals may use servers and put up server rooms.
7. Any electronic device should be confined and cannot be taken outside the hospital premises and should only be dedicated for hospital use. Exceptions shall include disaster, vaccination, among others.
7a. Phone for official use is allocated for communication with healthcare providers relating to patient's treatment.
7b. Bringing of smart phones, laptops, tablets and other electronic gadget should be prohibited inside the medical records area.
7c. Capturing of patient data using camera, etc. should not be permitted.
7d. Systems not dedicated to handle patient information e.g. mobile phones should not be allowed to be used.
8. Budget allocation for the IT infrastructure of the hospitals contained in the annual financial plan.
8a. A budget for the setting up of physical infrastructure for the IT equipment for PhilHealth use shall be allocated as part of the capitation fund being provided by PhilHealth.
9. CCTV, audit trails are put in place to monitor access of IT investments.
10. Only one person is in charge of handling the servers.
10a. There must be identified personnel who can access the IT room, e.g. Q.A. for investigations, HICC for monitoring.
11. Workstation for data collection and processing should be located in a separate area.
12. Conduct pre-deployment site assessment.
13. In the event that the machine is lost or stolen, deactivate account until retrieved or reported. However, it is best to reset credentials.
14. State provisions regarding setting up of infrastructure where physical servers or data center of hospital information system shall be located. Applicability of the existing administrative order containing provisions on IHOMP shall be considered. Implementation of an off-site back-up shall be done if the aforementioned administrative order shall be affected by this proposed set of rule. Information that is backed up shall be encrypted.