Your SlideShare is downloading. ×
IM2459 Mobile Device Policy
IM2459 Mobile Device Policy
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

IM2459 Mobile Device Policy


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. AGNESIAN HEALTHCARE POLICY AND PROCEDURE (AHE9/03 , CLW9/03 , FDLRC9/03 , SAH9/03 , SFH9/03 , WMH9/03 , RMC08/12 ) SUBJECT: Mobile Computing Devices Policy Department Responsible: Information Services (HIPAA Security Committee) Page 1 of 2 Policy No: IM2459 Effective Date: December, 2009 Approved: s/Nancy Birschbach Vice President & Chief Information Officer Reviewed/Revised Date: 11/2004, 5/2006, 9/2007 NB, 12/2009, 8/2012, 1/2013 revised Developed Date: 09/03 Formerly named Portable Computing Devices POLICY STATEMENT: The purpose of the Agnesian HealthCare Mobile Devices Security policy is to establish guidelines for the use of mobile devices (i.e., smartphones, laptops, tablets, and other smart devices (i.e., iTouch)) and their connection to the internal resources at Agnesian HealthCare. The guidelines are necessary to preserve the integrity, availability and confidentiality of Protected Health Information (PHI) and confidential Agnesian HealthCare data. DEFINITIONS: AHC: Agnesian HealthCare I.S.: Information Services PHI: Protected Health Information Mobile Computing Devices: Any easily portable device that is capable of receiving and/or transmitting data. PROCEDURE: Agnesian HealthCare is committed to providing remote access to internal resources when appropriate for business use. The I.S. Devices Security Team uses best practices to help guide this policy and implement training. Devices that are granted access to locally stored business information and applications (for example, email, calendars and contacts) must follow the procedures outlined below: Users must set device password authentication upon issue. Users should choose a password that is strong and should not share their password with others. Non AHC - owned mobile computing devices that require network connectivity or store AHC-owned PHI or confidential data must conform to AHC I.S. standards and must be approved by the AHC Information Security Officer. Protected Health Information and confidential Agnesian HealthCare data should not be stored on mobile computing devices. Transmission or storage of PHI and confidential AHC information must be encrypted using an approved security software. Corporate issued laptops must be encrypted using an AHC approved encryption software. Corporate issued mobile devices and personal mobile devices requesting AHC network access must enroll in the Mobile Device Management tool issued by I.S. Using mobile computing devices to photograph and transmit AHC owned information is strictly prohibited.
  • 2. SUBJECT: Mobile Devices Policy Policy No: IM2459 Page 2 of 2 Users must initiate the “device lock” feature. This lock should be set for no more than 3 minutes in length. Users must utilize a “remote wipe” application for the device. o It is recommended that all personal (non AHC) information should be backed up regularly. o A lost/stolen mobile device must be reported immediately to the I.S. department Help Desk xt 8000 to determine if remote wipe is necessary. Users must follow all additional AHC I.S. standards and are subject to audits by the AHC Information Security Officer. I.S. encourages users to only download applications from trusted sources. I.S. will review director approved requests for users who have their own devices and wish to access AHC network resources. Agnesian HealthCare reserves the right to refuse or revoke network access. Violation of this policy may result in disciplinary action, which may include termination for associates, a termination of contract in the case of contractors or consultants. Associates who terminate employment with Agnesian HealthCare should refer to policy HR2043 - Separation of Employment and turn in all Agnesian owned devices with their ID badge and keys.