MUSC Policy: Information Security - Workstation Use

 TITLE: Information Security  ID:
 ORIGINATOR: Information Security Office  DATE: Jan 5, 2005
 REVIEWED: President's Council  DATE: Feb 16, 2005
 APPROVED: Raymond S. Greenberg, MD, PhD  DATE: Feb 16, 2005
 IMPLEMENTATION: Enterprise-wide  DATE: Feb 16, 2005

1. RATIONALE

Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:

HIPAA Security: 164.310(b) Standard: Workstation use
HIPAA Security: 164.310(c) Standard: Workstation security
HIPAA Security: 164.308(a)(5)(ii)(B) Protection from malicious software

2. POLICY

MUSC workstations, and any other devices used to access MUSC's network, may be used only for authorized purposes. Workforce members are prohibited from using any MUSC workstation, or any other device used to access MUSC's network, in excess of their authority.

3. PROCEDURES

3.1. Definitions

Refer to MUSC Policy: Information Security: Appendix A.

3.2. Authorized Uses

A specific workforce member's use of a specific workstation for a specific purpose must be authorized by all of the following: (a) the designated Owner of the workstation, (b) the workforce member's supervisor or manager, and (c) MUSC policies that establish boundaries for acceptable use.

3.3 Installation of Unauthorized Software

Workforce members are prohibited from installing unauthorized software on MUSC workstations.

3.4. Access to Protected Information

If access to protected information from a workstation is possible, then the designated Owner of the workstation must ensure that:

3.5. Sanctions

Refer to MUSC Policy: Information Security: Sanctions.

3.6. See Also

MUSC Computer Use Policy
MUSC Policy: Information Security
MUSC Policy: Information Security - Network Access

4. ACCESS

This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.