Computer / Devices / Workstations Policy

See Purpose.

The purpose of this policy is to provide guidance for workstation security for The Diocese of Paterson workstations. This document will ensure the security of information on the workstation and information the workstation may have access to.

Additionally, the policy provides guidance to ensure the requirements of the HIPAA Security Rule “Workstation Security” Standard 164.310(c) are met.

This policy applies to all The Diocese of Paterson employees, contractors, workforce members, vendors and agents with a Diocesan-owned or personal-workstation

Appropriate measures must be taken when using workstations to ensure the confidentiality, integrity and availability of sensitive information, including protected health information (PHI) and that access to sensitive information is restricted to authorized users.

• 4.1 Workforce members using workstations shall consider the sensitivity of the information, including protected health information (PHI) that may be accessed and minimize the possibility of unauthorized access.
• 4.2 The Diocese of Paterson will implement physical and technical safeguards for all workstations that access electronic protected health information to restrict access to authorized users.
• 4.3 Appropriate measures include:
  • 4.3.1 Restricting physical access to workstations to only authorized personnel.
  • 4.3.2 Securing workstations (screen lock or logout) prior to leaving area to prevent unauthorized access.
  • 4.3.3 Enabling a password-protected screen saver with a short timeout period to ensure that workstations that were left unsecured will be protected. The password must comply with The Diocese of Paterson Password Protection Policy.
  • 4.3.4 Complying with all applicable password policies and procedures. See The Diocese of Paterson Password Protection Policy.
  • 4.3.5 Ensuring workstations are used for authorized business purposes only.
  • 4.3.6 Never installing unauthorized software on workstations Details can be seen through the Software Installation Policy.
  • 4.3.7 Storing all sensitive information, including protected health information (PHI) on network servers.
  • 4.3.8 Keeping food and drink away from workstations in order to avoid accidental spills.
  • 4.3.9 Securing laptops that contain sensitive information by using cable locks or locking laptops up in drawers or cabinets.
  • 4.3.10 Complying with the Baseline Workstation Security Configuration Standard.
  • 4.3.11 Installing privacy screen filters or using other physical barriers to alleviate exposing data.
  • 4.3.12 Ensuring workstations are left on but logged off in order to facilitate after-hours updates.
  • 4.3.13 Exit running applications and close open documents.
  • 4.3.14 Ensuring that all workstations use a surge protector (not just a power strip) or a UPS (battery backup).
  • 4.3.15 If wireless network access is used, ensure access is secure by following the Wireless Communication Standard.
  • 4.3.16 Emails which contain any form of sensitive information must be encrypted before sending by putting {ENCRYPT} in the subject line
    • 4.3.16.1 This includes but is not limited to, FERPA, CIPA, HIPAA, COPPA, or any other local or federal law.

• 5.1 Compliance Measurement
  The DoP Technology team may verify compliance to this Standard through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the Standard owner.
• 5.2 Exceptions
  All devices should be compliant with cyber insurance standards and local/federal governance standards. Any exception/outliers should be approved by the DoP Technology team in advance.
• 5.3 Non-Compliance
  An employee found to have violated this Standard may be subject to disciplinary action, up to and including termination of employment.

• 6.1 Account Security Policy
• 6.2 Baseline Workstation Security Configuration Standard
• 6.3 Software Installation Policy
• 6.4 Wireless Communication Standard
• 6.5 HIPPA 164.210
• 6.6 About HIPPA

None.