Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
physical_security [2016/02/29 15:05] jillian_nadette_de_leon |
physical_security [2016/06/15 15:34] jillian_nadette_de_leon |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ##PHYSICAL SECURITY | ##PHYSICAL SECURITY | ||
| - | *Pre-deployment site assessment shall be conducted and the computers to be installed shall be fixed in one place and not portable.\\ | ||
| - | *The area for data collection and processing shall be separate from the server room.\\ | ||
| - | *The IT room shall only be accessible to authorized personnel and to personnel involved during quality assurance monitoring and HICC for monitoring.\\ | ||
| **COMPUTER ACCESS**\\ | **COMPUTER ACCESS**\\ | ||
| - | * Pre-deployment site assessment shall be conducted and computers to be installed shall be non-portable and fixed in one place. Computers shall be accessible to authorized personnel only and role-based system access shall be implemented. Each user shall have one account only. Multiple accounts per user are not allowed. A person requesting for access to a computer shall fill-out a request form. | + | * Pre-deployment site assessment shall be conducted and computers to be installed shall be non-portable and fixed in one place. Computers shall be accessible to authorized personnel only and role-based system access shall be implemented. Each user shall have one account only. Multiple accounts per user are not allowed. A person requesting for access to a computer shall fill-out a request form. \\ |
| + | * Anti-glare filters on computer monitors shall be installed. This will not only help reduce glare, but also prevent anyone from seeing what is on the screen unless directly in front of the computer.\\ | ||
| //Applications.// Only applications for the hospital information system shall be installed in the computer system. Other applications, most especially social media applications are strictly not allowed. | //Applications.// Only applications for the hospital information system shall be installed in the computer system. Other applications, most especially social media applications are strictly not allowed. | ||
| - | //Computer loss.// In case of computer loss, the accounts in the computer system shall be reset and deactivated until it is retrieved or reported. | ||
| **SERVERS**\\ | **SERVERS**\\ | ||
| - | *The health facility shall provide a designated area for the housing of servers/data centers. It shall be a separate area from the data collection and processing as well as from the IT office. The server room shall be marked as "Restricted" and shall only be accessible to authorized personnel. If the health facility cannot allot a space for the server room, at the minimum, a data cabinet shall be installed.\\ | + | *The health facility shall provide a designated area for the housing of servers/data centers. It shall be a separate area from the data collection and processing as well as from the IT office. The server room shall be marked as "Restricted" and shall only be accessible to authorized personnel. If the health facility cannot allot a space for the server room, at the minimum, a data cabinet shall be installed and restrictions in terms of access shall be provided.\\ |
| - | + | ||
| - | * For smaller health facilities or clinics, they may use cloud computing while bigger facilities use servers. \\ | + | |
| //IT Room.// The IT room shall only be accessible to authorized personnel and to personnel involved during quality assurance monitoring. A designated IT personnel shall be tasked to handle the servers.\\ | //IT Room.// The IT room shall only be accessible to authorized personnel and to personnel involved during quality assurance monitoring. A designated IT personnel shall be tasked to handle the servers.\\ | ||
| **OTHER DEVICES**\\ | **OTHER DEVICES**\\ | ||
| - | * Facility-registered electronic devices shall not be brought outside the hospital premises except under circumstances such as disasters and vaccinations. USB devices shall be limited to office use but as may be practical, shall not be used.\\ | + | * Facility-registered electronic devices shall not be brought outside the premises of the health facility except under circumstances such as disasters and vaccinations or unless otherwise approved by the head of the facility. USB devices shall be limited to office use but as may be practical, shall not be used.\\ |
| + | * Mobile devices used for job responsibilities are subject to audits even if an employee owns it.\\ | ||
| * Capturing of patient data using camera phones and bringing of electronic devices such as cellular phones, laptops, tablets, and cameras inside the medical records area is strictly not allowed.\\ | * Capturing of patient data using camera phones and bringing of electronic devices such as cellular phones, laptops, tablets, and cameras inside the medical records area is strictly not allowed.\\ | ||