Unit 2 Tft2 Task 1 Heart-Healthy Insurance Information Security Policy
Orlando Gonzalez
TFT2 Task 1
Heart-Healthy Insurance Information Security Policy
New Users Policy
In order to stay compliant with current HIPAA rules and regulations, all new users shall be given access according to their job function. New users will only be given the minimum level of access needed in order to accomplish their assigned duties. Should any higher access be needed, management will need to approve before such access is granted.
Password Requirements
In accordance with HIPAA Standard § 164.312(a)(1) (Access Control), all users shall have a unique name or number for identifying and tracking user identity. Passwords must be at a minimum of 8 characters in length with a combination of upper and lowercase letters, and at least
one special character (i.e. !@#$%). Passwords must be changed every 90 days. The previous six passwords may not be used when resetting or changing passwords. In the event of 3 consecutive incorrect password attempts, the user account shall be locked out for a period of 20 minutes before the user can attempt to re-enter their password.
References
Online resource - http://www.law.cornell.edu/cfr/text/45/164.312 accessed 01/06/14
Online resource - http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf accessed 1/06/14
TFT2 Task 1
Heart-Healthy Insurance Information Security Policy
New Users Policy
In order to stay compliant with current HIPAA rules and regulations, all new users shall be given access according to their job function. New users will only be given the minimum level of access needed in order to accomplish their assigned duties. Should any higher access be needed, management will need to approve before such access is granted.
Password Requirements
In accordance with HIPAA Standard § 164.312(a)(1) (Access Control), all users shall have a unique name or number for identifying and tracking user identity. Passwords must be at a minimum of 8 characters in length with a combination of upper and lowercase letters, and at least
one special character (i.e. !@#$%). Passwords must be changed every 90 days. The previous six passwords may not be used when resetting or changing passwords. In the event of 3 consecutive incorrect password attempts, the user account shall be locked out for a period of 20 minutes before the user can attempt to re-enter their password.
References
Online resource - http://www.law.cornell.edu/cfr/text/45/164.312 accessed 01/06/14
Online resource - http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf accessed 1/06/14