Chief Compliance and Ethics Officer Health Care

Cyber Security or Data Security Policy Example

  • 1.  Cyber Security or Data Security Policy Example

    Posted 07-06-2020 03:55 PM
    Do any of you have a data security or computer use policy that handles the use of personal devices (laptops, smartphones, tablets) for work use?  We currently have an outdated policy that stipulates no working on personal devices, but in this mobile world, everyone in the company uses their personal smartphones for some company use and many are using their own laptops instead of a company-provided laptop.  We need to revise our policy to allow for bring your own device (BYOD) options that still protect company data/security.  You can share what you have here or send me a direct message to jana@lumea.org.

    Thank you for your help!

    ------------------------------
    Jana Rasmussen
    Compliance Manager
    LUMEA, Inc
    Lehi,UT
    ------------------------------
    19th Annual CEI Virtual Conference


  • 2.  RE: Cyber Security or Data Security Policy Example

    Posted 07-07-2020 07:40 AM
    I would encourage organizations to NOT share their cyber security policies externally. We live in an age where external threat actors take this information and use it against organizations to exercise attacks.

    Speaking generically, I would suggest providing a list of examples for your staff. For example, in our Workstation Security Policy we give examples of acceptable use versus unacceptable use. We do the same in our Safeguard Policy. For example we tell our staff that they may not use company owned devices to surf porn or operate their own business. Similarly you want to require staff who bring their own device to have security software such as MaaS360 installed on them.

    ------------------------------
    Brenda Manning J.D., C.H.C., C.H.P.C.
    Privacy Director
    Interim Privacy Officer
    Carilion Clinic

    The views expressed herein are my own and do not represent those of my employer. They are not meant to constitute legal advice or create an attorney-client relationship.
    ------------------------------

    19th Annual CEI Virtual Conference


  • 3.  RE: Cyber Security or Data Security Policy Example

    Posted 07-07-2020 08:19 AM
    Try looking at HIPAA Cow (hipaacow.org).  they have a mobile device policy template that includes BYOD in it. Frank is associated with it, so you know it is quality.

    ------------------------------
    Lloyd Hemmert
    Compliance & Ethics Officer
    Hill Country MHDD Centers
    Kerrville,TX
    [lhemmert@hillcountry.org]
    ------------------------------

    19th Annual CEI Virtual Conference


  • 4.  RE: Cyber Security or Data Security Policy Example

    Posted 07-08-2020 07:09 AM
    I was contacted privately regarding my comment about not sharing cyber security policies / information. As someone who has been involved in cyber security investigations, threat actors will go to great lengths to hack your organizations, so I would advise not posting them in forums such as this, online etc. It's certainly great to collaborate, but keep it general.

    ------------------------------
    Brenda Manning J.D., C.H.C., C.H.P.C.
    Privacy Director
    Interim Privacy Officer
    Carilion Clinic

    The views expressed herein are my own and do not represent those of my employer. They are not meant to constitute legal advice or create an attorney-client relationship.
    ------------------------------

    19th Annual CEI Virtual Conference


  • 5.  RE: Cyber Security or Data Security Policy Example

    Posted 07-08-2020 07:30 AM
    Indeed...HIPAA Cow has a good library of Security and Privacy P&Ps.

    Interesting enough...I have compared many of the HIPAA Cow policies with P&Ps that people have bought from P&P vendors...and let me just say...people could have saved lots of $$$ if they would have taken a peek at what is on the HIPAA Cow website.

    Worth a look if folks are unfamiliar with the site and its documents.

    ------------------------------
    -------------Frank "Snake Bite Leader" Ruelas--------------
    ► We don't fail unless we quit! ◄
    Bill Wong's Resource Folder: https://bit.ly/BillWong
    NEXT UP:
    A&M Session: https://www.surveymonkey.com/r/5NLQCMG

    ░ Pass the Exam Group for 2020 ░
    Melissa Singleton - Jan - CHPC
    Julie Clutter - Jan - CHPC
    Tanisha Grant - Feb - CHC
    Lisa Bibby - Jan - CHPC
    Kelly Puida - Mar - CHPC
    Christina Serrano - Mar - CHC
    Rachel Anderson - May - CHC
    Melissa Alexander - June - CHC
    Theresa Veazey - June - CHC
    Barbara Zubeck - June - CHPC
    Patricia Radatz - June - CHC
    ------------------------------

    19th Annual CEI Virtual Conference