Remote Access request form and policy
Remote Access Usage Policy
Purpose
To establish a secured means to access the Affinity's MEDITECH Information System by approved users outside of the Affinity Wide Area Network.
Policy Statement
Affinity uses Remote Access to provide access to the Affinity system at locations not connected to the Affinity network. This system uses the public Internet to access our network. All data are encrypted over the public network.
Affinity's IS department makes Remote Access readily available to exempt employees, physicians with active privileges that are approved MEDITECH users, and Affinity Vendors. Users of Remote Access must have signed a confidentiality agreement for MEDITECH usage.
Remote Access only allows the physicians to conduct hospital business and is no way an additional benefit to the physician or their practice. To ensure compliance with labor laws non-exempt (hourly) employees require Human Resource approval to access MEDITECH or any other Affinity IS system outside of their work location. Non-exempt (hourly) employees approved for remote access must document and submit for payment through API Web or another approved method, any and all time spent accessing work related emails and other programs and files, according to the pay practices and payroll processing timelines of Affinity Health System.
Remote Access usage, all usage is subject to audits for compliance with Affinity's confidentiality policies. Compliance or policy breeches will result in immediate revocation of Remote Access privileges. VP approval will be required for restoration of privileges. Breeches may also result in disciplinary or legal action.
Those requesting Remote Access must sign the attached agreement stating that the user will be accountable for installing Remote Access on a secure PC. In order to be secure a PC must not be accessible by the general public and the Remote Access account must not be shared with anyone not approved as a Remote user. Furthermore, Remote Access cannot be installed or run from a PC that has remote control software or any other activity monitoring software.
Remote Access will only run on PCs meeting the following requirements:
at least 128mb RAM
at least Pentium III processor
at least 25Mb of available disk space
Windows 2000 or later operating system
end-user provided Internet connectivity, preferably broad-band (cable or DSL or T1 line)
If the user has trouble installing the software they can contact the Affinity IS Help Desk for assistance. Affinity IS is not able to support problems with non-Affinity PCs (e.g., hardware, software, internet connectivity) other than problems with the operation and installation of SecureAccess.
Procedure
1. Submitting the Request
Anyone meeting the criteria above may request Remote Access from the IS Security Officer by completing the attached form and assigning the attestation. The requestor must specify the PC location for each copy of Remote Access requested.
2. Processing Requests
After verifying the eligibility of the requestor the IS Security Officer will document the request in a database of all requests. The signed requests will be filed.
3. Software Delivery
After the requests are processed Remote Access will be delivered by an email for each location that will include the installation program, instructions for use and the Remote Access password.
4. Software Installation
The requesting users should be able to install Remote Access following the instructions. Any problems or questions should be directed to the IS help desk (920-628-9400). Physicians can contact Jean Aijala for assistance.
5. Termination
At the point the Remote Access user no longer qualifies as a user under this policy they must immediately remove all installed copies under their responsibility. The IS Security office is also charged with periodic audits to verify the eligibility of all SecureAccess users. Access by ineligible users can be blocked by the IS Security Officer.
