Essay about IS3340-Unit 2-Assignment 2

1560 Words May 25th, 2014 7 Pages
Unit 2 Assignment 2: Procedure Guide on Access Control
I. Access Control Procedure
a. If a system does not support the minimum structure and complexity as detailed in the aforementioned guidelines, one of the following procedures must be implemented:
i. The password assigned must be adequately complex to insure that it is not easily guessed and the complexity of the chosen alternative must be defined and documented. ii. The legacy system must be upgraded to support the requirements of this paragraph as soon as administratively possible. iii. All EPHI must be removed and relocated to a system that supports the foregoing security password structure. iv. Users or workforce members must not allow another user or workforce member to
…show more content…
Encryption of EPHI is required in some instances as a transmission control and integrity mechanism.
b. Firewall Use
i. Purpose: WU HIPAA Security policy requires that all networks housing EPHI repositories must be appropriately secured. ii. Networks containing EPHI-based systems and applications must implement perimeter security and access control with a firewall. iii. Firewalls must be configured to support the following minimum requirements:
1. Limit network access to only authorized workforce members and entities.
2. Limit network access to only legitimate or established connections. An established connection is return traffic in response to an application request submitted from within the secure network.
3. Console and other management ports must be appropriately secured or disabled.
4. Implement mechanism to log failed access attempts.
5. Must be located in a physically secure environment.

IV. Access Control Procedure (Continued)
a. WU HIPAA Security policy requires that each Business Unit document its configuration of firewall(s) used to protect networks containing EPHI-based systems and applications. This documentation must include firewall rules and must be submitted to and approved by the HIPAA Security Office.
b. Remote Access
i. Purpose: To ensure that all networks that contain EPHI based systems and applications are appropriately secured. ii. Dialup

Related Documents