MUSC Policy MUSC-xx: Information Security - Workstation Use


Definitions:

Refer to MUSC Policy MUSC-xx: Information Security: Appendix A.

Policy:

MUSC workstations, and any other devices used to access MUSC's network, may be used only for authorized purposes. Workforce members are prohibited from using any MUSC workstation, or any other device used to access MUSC's network, in excess of their authority.

A specific workforce member's use of a specific workstation for a specific purpose must be authorized by all of the following: (a) the designated Owner of the workstation, (b) the workforce member's supervisor or manager, and (c) MUSC policies that establish boundaries for acceptable use.

Workforce members are prohibited from installing unauthorized software on MUSC workstations.

If access to protected information from a workstation is possible, then the designated Owner of the workstation must ensure that:

  • the authorized use(s) of the workstation are evident to prospective users
  • authorized users follow appropriate procedures for initiating, terminating, and suspending their sessions on the workstation
  • physical access to the workstation is restricted to its authorized users
  • visual access to the workstation's display is restricted to authorized users.

Sanctions:

Refer to MUSC Policy MUSC-xx: Information Security: Sanctions.

See Also:

MUSC Policy MUSC-xx: Information Security
MUSC Policy MUSC-xx: Network Access
MUSC Computer Use Policy

References:

HIPAA Security 164.310(b) Standard: Workstation use
HIPAA Security 164.310(c) Standard: Workstation security
HIPAA Security 164.308(a)(5)(ii)(B) Protection from malicious software
$Id: workstation-use.html,v 1.3 2004/10/25 13:59:17 gadsden Exp $