Policies and Procedures Reliance Healthcare Computer Policies

Policies and Procedures

Reliance Healthcare Computer Policies and Procedures

The installation of a new computer system requires many considerations from a managerial standpoint. Computer usage, particularly access to the Internet is controversial, as there is significant room for abuse by staff. The new system will help to streamline processes in the organization, but it will also provide opportunities for non-productive time. The forthcoming policies and procedures are designed to allow employees access to the technology that will make their lives better, but also limit liability and loss due to unauthorized Internet use.

Security is of utmost importance in the new system. The computer system will need to have the highest level of security possible, as it contains personal information about patients. It contains private healthcare information that is protected by the Federal Government. It also contains sensitive company information. The nature of the information makes it necessary to have the highest level of information possible. In addition, only certain staff members need to have access to certain types of patient information. The system must protect and limit access of patient and company sensitive information. For this reason, a firewall and proxy server will be used to limit access to the information. Data management software, such as Agile, will be installed to help limit access to information that must only be available to certain employees. HIPAA compliance and security software such as EpiForce. A firewall such as McAfee or Norton's would also be used for general security concerns. All systems and software would be windows driven to allow for cross-platform usability.

In terms of Internet usage, employees would be able to access the Internet through the firewall. A system administrator would make certain that they could only access approved content. Employees would not be allowed to answer or send private email while during working hours, or from a company computer. This opens the system up to risk of intrusion and potentially the sharing of confidential information. Absolutely no personal surfing or usage of social networking would be tolerated from company computers. The system administrator would restrict computers from accessing websites such as Ebay, Facebook, MySpace, and Twitter. Any employee found to be attempting such access would be counseled and face disciplinary actions if they are found to do so again. The company computer will be for company business only.

Security and data management in the healthcare industry are strict due to the nature of the information. The facility will need to handle many different types of data. Some will include patient information, test results, patient treatment records, and personally sensitive information. It will include patient bank account information, financial information, social security information and other information that could result in identity theft will also be stored in the computer. This level of information represents personal information. However, the system will also contain company information such as financial reports, policies, procedures, emails, memos, supply orders, forecasts and other information about the company. Different types of data handling and software will be needed for the different types of information that will be generated.

The purpose of the computer policies and procedures will consider security to be the most important feature. However, this must be accomplished without limiting or slowing access to the information for those who need it. Prior to set up of the computer system, a consultant that specials in system design for healthcare facilities will be utilized. Setting up an information system for the healthcare industry is different from that which is needed in other industries. Information technology in the healthcare industry is highly specialized. As a manager it is important to understand the complexities of information systems in the healthcare industry.

Reliance Healthcare

COMPUTER POLICIES AND PROCEDURES MANUAL

Manual Code: CPP001 2011

Subject: Employee computer policy rules and regulation

Effective

Date 12/11/11

Reviewed

as of: 12/01/11

Scheduled

Review 6/1/12

Supersedes:

Pages:

1

Distribution:

Scope: All Personnel

Policy: To communicate policies concerning computer usage and access to all personnel

Forms: None

Policy Cross Reference: CPP 001 2009

Definition: Computer access means use of the computer system as the job description dictates

Procedure:

1. Reliance Healthcare personnel will refrain from utilizing computer systems for personal purposes both during and after working hours. They will refrain from utilizing social networking and other non-work related websites using company computers. Prohibited websites include, but are not limited to, Ebay, Facebook, MySpace, Twitter and other social networking websites that are not work related.