Date of Last Review 6/6/08
SME: Director of Management Information Systems

Workstation and Security

This policy is to describe the physical attributes and security of our workstations, tablets and mobile carts that access patient health information (PHI).

Workstations

Computers that access PHI are located in various areas throughout the hospital and have certain security measures to protect them.

Offices leading to the units – These computers are behind double locked doors leading to the units, another closed/locked door to the office. Some offices have one or two computers with each facing from each other and assigned to individual people. The computers have password screen savers that come up within fifteen minutes of inactivity. The users need to login in to UTHCPC’s Novell network and then log-in to Sunrise with their assigned User ID and password for each.

Computers on the units - These computers are behind double locked doors leading to the units and two locked doors to access the units. On the units are nurses’ stations that share computers. The screens are protected and the computers have password screen savers that come up within fifteen minutes of inactivity. The users need to login in to UTHCPC’s Novell network and then log-in to Sunrise with their assigned User ID and password for each.

On the units there are conference rooms that are used to interview patients and document PHI. There are one to four computers in those areas. Each behind a closed door on the unit and each with a password screen saver that comes up within fifteen minutes of inactivity. The users need to login in to UTHCPC’s Novell network and then log-in to Sunrise with their assigned User ID and password for each.

Offices on the hallways – These computers are behind locked doors. Some offices have one or two computers with each facing from each other and assigned to individual people. The computers have password screen savers that come up within fifteen minutes of inactivity. The users need to login in to UTHCPC Novell network and then log-in to Sunrise with their assigned User ID and password for each.

Public Use Workstations

All public use workstations are locked down via a highly restrictive group policy. These workstation do not have access to clinical data.

Carts and Tablets

Mobile Carts – Are used by various people on the units. These carts are behind double locked doors leading to the units and two locked doors to access the units. The carts access the wireless 802.11G network configured by UT. To access the network the user must sign in using their LDAP ID and password. Then login to the clinical application using their assigned User ID and password. The computers have password screen savers that come up within fifteen minutes of inactivity.

Tablets/Laptops – Tablets/Laptops are used by individuals who are mobile throughout the hospital. The tablets/laptops access the wireless 802.11G network configured by UT. To access the network the user must sign in using their LDAP ID and password. Then login to the clinical application using their assigned User ID and password. The computers have password screen savers that come up within fifteen minutes of inactivity. The tablets/laptops are stored behind locked doors when not in use.

There are tablets/laptops that are used out side of the hospital. These devices are also encrypted with software encryption. All PHI data needs be approved by HIM before removal.

None of these systems store Sunrise or Invision PHI data. All data is stored on Siemens’ central database in Malvern, PA. or located in UTHCPC’s server room behind an ID badged locked door and a security camera. Access is limited to select employees (MIS personnel, Facility Director, and UT Security).

Director of MIS
UT-HCPC

Related standards

Texas Administrative Code Chapter 202.77

The Joint Commission : Management of Information
                                         HIPAA