Scope: This policy applies to Users that have an established relationship with SRHS and SRHS Information Systems (IS) Department and expressed the need to provide remote access to our Meditech Information System

Introduction: Sumner Regional Health Systems (SRHS) has a formal documented process for granting and authorizing remote access to SRHS information systems. SRHS will not grant access to information systems until properly authorized. Authorization to access information systems is granted based on need and prior approval. The purpose of this policy is to establish a secure means to access SRHS’s Information Systems by approved users outside of the SRHS wide area network.

Scope: This policy applies to users that have an established relationship with SRHS and has expressed the need for remote access. Users include but are not limited to, employees, contractors, physicians, and representatives of vendors and business partners.

Policy: SRHS has the ability to provide secure access to the information systems at locations not connected to the SRHS network. This system uses the public internet to access the network and uses appropriate encryption methods to protect the data. Approved users will be issued appropriate login credentials as needed based on system requirements. All users must sign a password security statement and agree not to share their login credentials. ***Click here for the End User Security Policy Notification***

The signed statement must be faxed to the Information Systems department at (615) 328-6665.

Remote access must be installed on a PC that meets the following requirements:

located in a secure area not accessible by the general public
version of virus protection software and operating system must be current
no existence of remote control software or any other activity monitoring software
at least 256mb RAM
at least Pentium II, 1.0 GHz processor
at least 25Mb of available disk space
Windows 2000 or later operating system
end-user provided Internet connectivity, preferably broad-band (cable or DSL or T1 line)

If the user has trouble installing the software, they can contact the Information Systems Help Desk at (615) 328-6608 for assistance. SRHS Information Systems is not required to support non-SRHS PCs (e.g., hardware, software, internet connectivity) other than problems with the operation and installation of remote access.

All usage is subject to audits for compliance with SRHS's confidentiality policies. Compliance policy breeches will result in immediate revocation of access privileges. Restoration of privileges must be approved by the Information Systems Director and HIPAA Privacy Officer.

Those requesting remote access must complete the online request form and agree to the terms of this policy.

Procedure

1. Submitting the Request

Users will request remote access by completing the Remote Access Request form located on www.sumner.org.

2. Processing Requests

After verifying the eligibility of the requestor, Information Systems will document and file the request.

3. Delivery

After the request is processed, the user will be contacted and provided the remote access web page address, instructions for installation, and necessary login credentials.

4. Installation

Upon successful installation, the user should be able to access the authorized network applications. Any problems or questions should be directed to the IS Help Desk at (615) 328-6608.

5. Termination

At the point the user no longer qualifies as a user under this policy, Information Systems should be notified and network access will be revoked immediately.

6. Access

Network remote access users must not attempt to gain access to SRHS information systems containing ePHI for which they have not been given proper authorization.