Sunshine Village, Inc. Information Technology Plan



Similar documents
WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Cyber Security Best Practices

Town of Essex Comprehensive Public Records and Technology Policy

Responsible Access and Use of Information Technology Resources and Services Policy

HIPAA Security Training Manual

PHI- Protected Health Information

Pierce County Policy on Computer Use and Information Systems

COMPUTER USE POLICY City of Proctor

EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY

Acceptable Use Policy

Information Technology Acceptable Use Policies

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

TECHNOLOGY ACCEPTABLE USE POLICY

5. Users of ITS are the persons described above under Policy Application of the diocese of Springfield in Illinois.

Chief Information Officer

Human Resources Policy and Procedure Manual

Network and Workstation Acceptable Use Policy

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

Summary Electronic Information Security Policy

UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs

LINCOLN UNIVERSITY. Approved by President and Active. 1. Purpose of Policy

CITY OF MARLBOROUGH MARLBOROUGH, MASSACHUSETTS

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

a) Access any information composed, created, received, downloaded, retrieved, stored, or sent using department computers.

Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

Hardware and Software

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014

Hosted Exchange. Security Overview. Learn More: Call us at

County Identity Theft Prevention Program

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

PROGRAM R 2361/Page 1 of 12 ACCEPTABLE USE OF COMPUTERS NETWORKS/COMPUTERS AND RESOURCES

Information Systems Security Policy

How To Write A Health Care Security Rule For A University

HIPAA Security Alert

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

INFORMATION SYSTEM GENERAL USAGE POLICY

Department of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

On-Site Computer Solutions values these technologies as part of an overall security plan:

Talk With Someone Live Now: (760) One Stop Data & Networking Solutions PREVENT DATA LOSS WITH REMOTE ONLINE BACKUP SERVICE

DIOCESE OF DALLAS. Computer Internet Policy

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

OHIO VALLEY EDUCATIONAL COOPERATIVE TECHNOLOGY ACCEPTABLE USE POLICY

Administrative Procedure 3720 Computer and Network Use

HAZELDENE LOWER SCHOOL

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES

ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010

Administrative Procedures Manual. Management Information Services

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

Acceptable Use Policy

How to Practice Safely in an era of Cybercrime and Privacy Fears

Kenmore State High School Student Laptop Charter

Accepting Payment Cards and ecommerce Payments

COLLINS CONSULTING, Inc.

Information Security and Electronic Communications Acceptable Use Policy (AUP)

SmartHIPAA! 5 simple and inexpensive tips to protect patient information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

FAYETTEVILLE STATE UNIVERSITY POLICY ON INFORMATION SECURITY

'Namgis Information Technology Policies

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Information Security Awareness Training Gramm-Leach-Bliley Act (GLB Act)

REMOTE BACKUP-WHY SO VITAL?

1:1 COMPUTER PROGRAM LAPTOP POLICY

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

Cyber Self Assessment

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

New Employee Orientation

Cyber Security Awareness

Network Usage Guidelines Contents

Information Security Plan effective March 1, 2010

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY

Administrators Guide Multi User Systems. Calendar Year

DEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE

Hawaii Behavioral Health. Technology Plan. Technology and System Plan. Carla Gross Chief Operating Officer. Technology and System Plan

Click. Schedule. Relax.

Bates Technical College. Information Technology Acceptable Use Policy

CC. TECHNOLOGY ACCEPTABLE USE POLICY. 1. Purpose

I. EXECUTIVE SUMMARY. Date: June 30, Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services

UF IT Risk Assessment Standard

Online Backup Solution with Disaster Recovery

Remote Deposit Terms of Use and Procedures

Why Lawyers? Why Now?

Responsible Use of Technology and Information Resources

White Paper. BD Assurity Linc Software Security. Overview

REGULATION ALLENDALE BOARD OF EDUCATION. PROGRAM R 2361/Page 1 of 7 USE OF COMPUTER NETWORK/COMPUTERS R 2361 USE OF COMPUTER NETWORK/COMPUTERS

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

R 2361 ACCEPTABLE USE OF COMPUTER NETWORK/COMPUTERS AND RESOURCES

Cyber Security Awareness

How To Monitor The Internet In Idaho

BROADALBIN-PERTH CENTRAL SCHOOL ADOPTED 1/22/00 3 RD READING AND ADOPTION 5/21/12. Employee Computer Use Agreement. Terms and Conditions

Information Technology Security Policies

Stable and Secure Network Infrastructure Benchmarks

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

13. Acceptable Use Policy

Transcription:

Sunshine Village Inc Sunshine Village, Inc. Information Technology Plan Established by the Board of Directors January 2007 Revised and approved by the Board of Directors February 2008 a) Objectives: Sound consumer care and business decisions are based on timely, relevant and concise information. The objective of this plan is to establish and maintain a cohesive, agency wide IT system that will support Sunshine Village s strategic objectives, achieve an efficient utilization of resources, and give the Board of Directors, Management, Staff, Funding Agencies, the Consumers and their families, and the general public relevant and accurate information so that all parties can make the best decisions possible with the most accurate information available. b) The Information System Needs of Sunshine Village: Accurate and current consumer personal, behavioral, and medical information so that management and staff have reliable data available to base their consumer care decisions. Accurate and current consumer personal and insurance information so that the Sunshine Village could provide required financial information and bill the funding agencies for the services provided. Accurate and current financial and management information so that the Board of Directors and Management could make financial and investment decisions and provide required financial reports to the funding agencies Relevant, accurate and well-presented information about Sunshine Village to the consumers, their families and general public. A reliable inter-office communication system c) Management Information Infrastructure: Sunshine Village has six sites, Litwin Lane, Chicopee, West Springfield, Holyoke, Three Rivers, Westfield and Westover. Litwin has the administrative offices and consumer employment and day habilitation facilities. Westover has a consumer employment facility and all the other are consumer day habilitation facilities Because of the geographical locations, the Information system architecture has been designed to be flexible and connected by internet. Litwin Lane

All the data is saved on two networked servers which are backed up daily. The Financial Information Systems including the Accounting software are operated on a Windows 2000 Server, and all files are saved on a Novell Server. Both are protected by uninterrupted power supplies. All Other Sites: Connectivity All the sites other than Litwin have between 5 and 10 computers and are peer to peer networked; connected to the internet to access email and Oracle Client Data Software. All the machines are protected by MacAfee Antivirus. All the files are saved on the local machines and backed up on USB or portable drives daily. As of April 1, 2008 these portable drives will be copied every Friday on another portable hard drive and sent to Litwin Lane for safekeeping. The individual machines will also be backed up on the USB thumb drives by the user. Staring July 1, 2008, the Sites will be linked to a file server at Litwin Lane and data backed up directly on a weekly basis. All Management Staff, Case Managers and Nurses are assigned Individual computers and corporate email accounts and have access to the internet. Oracle, the primary agency-wide consumer database is on the internet with industry standard Secure Sockets Layer (SSL) security with individual passwords assigned for each staff member. Portable Computing The Nursing staff and some of the clinical staff are assigned Laptop commuters to work effectively at multiple sites. These laptops have secure industry standard encrypted partitions where the data is placed. If the laptops are stolen or lost, data, would be unrecoverable. The data is also backed up on encrypted USB drives by the staff member and uploaded periodically to a secure stationary workstation. d) Computer Operating Systems: SUNSHINE VILLAGE uses industry standard business software and hardware. The data servers run Novell and Windows S000 Server multi-license operating systems with Backup Exec data protection software. These servers are protected by uninterruptible power supplies. 2

For the workstations, the Microsoft Windows XP Operating system is used. Some of the newer machines will use Microsoft Vista Software Applications: Sunshine Village always uses legal licensed and wherever necessary, HIPPA and other statutory compliant software. General Applications: Sunshine Village uses the Microsoft Office Suite for its general business applications like word processing, spreadsheets, presentations and databases. The staff are periodically sent for training on these applications by in house staff and when necessary to outside training centers. Specialized Applications: Sunshine Village uses MIP Fund Accounting for financial management, payroll and reporting functions. This software runs on a network Windows 2000 server and is available to all fiscal staff and the executive Director and the Director of Human Resources. The agency uses MIP Fundraising to manage and record fundraising activities. All consumer information is managed by the Oracle Database. This is a web based database and is accessible by all the sites. It is protected by industry standard encryption. It has been designed by the staff and programmed by a local vendor. The design is extremely flexible and is constantly changed and upgraded according to the needs of the agency. The Agency uses ETS software designed by a local vendor to track and manage and report consumer employment information. The agency also uses various other industry standard applications for reporting, presentation, and for consumer use. e) Continuity and Disaster Contingency Planning: Sunshine Village has extensive plans and systems to cover any situations arising from electronic data loss; and to and for the Information Systems to be back in operation with minimal data loss within 48 hours. The management staff from Litwin and the other sites are continuously trained on these plans. 3

All relevant staff are also informed about the importance of not loading any unauthorized software or downloading any unauthorized files. All the machines in the agency are protected by MacAfee/Norton/Trend micro antivirus and firewall software, which haven programmed to download updates automatically. Regular virus and spy ware scans are scheduled on all computers to run at least twice a week. Litwin Lane All the data is saved on two networked servers which are backed up daily. The Financial Information Systems including the Accounting software are operated on a Windows 2000 Server, and all files are saved on a Novell Server. Both are protected by uninterrupted power supplies. Both are backed up daily by two rotating color coded sets of 5 tapes, one for each day of the week. The set of tapes which are used for the week are brought in on a daily basis and the completed tapes is taken are taken off site every evening by one staff member. Another staff member keeps the other set of tapes off site till the following week when it would be their turn to bring in the set daily. Thus a backup set for each machine is always maintained offsite by one staff member and the four of the tapes for each day is kept off site by the other staff member. In addition, both the data in the Novell and MIP servers are backed up daily on networked drives based situated in the CFO s office. As of April 1, 2008, a monthly backup of both MIP and NOVELL Machines are stored in the bank Vault at Chicopee Savings Bank along with the Server disks and documentation. In case of server or machine or software failure, DELL or Whalley Computers will be called in for tech support. f) Electronic Communication: All management staff, case managers and clinical staff are assigned individual email accounts and have access to the internet. The internet access and email accounts are to be used for agency business only. The Sunshine Village has a website, www.sunshine.us. This website is primarily for informational purposes for the consumers, their families and guardians, local businesses and the general public. There is a password protected sub-site which has all the company policy and operational manuals online for the use of the staff. g) Polices on Usage of Agency Equipment and IT resources: 4

Sunshine Village equipment, including computer hardware and software are valuable assets. They must be used for Sunshine Village business only. Staff may not copy or use Sunshine Village purchased/leased software contrary to the interests of the organization or for purposes other than the business reason for the purchase or lease. Employees may not use e-mail for personal, non-business-related use. Sunshine Village may access any staff computer, e-mail, stored E-mail information files, or Voice-mail to better serve the needs of the Agency or to make certain that they are being used properly and in compliance with this policy. E-mail, Voice-mail, as all computer imputed data, are considered Company files and not the property of any individual. The use of a password is to control access to company equipment and is not intended to create a right or expectation of privacy. A password must be registered with the systems manager of Sunshine Village, and must be provided to the supervisor. No Agency property- including computers - may be used for unlawful purposes; or to offend, harass, abuse, or otherwise communicate offensive, unlawful, or inappropriate messages or messages in violation of Sunshine Village s policy prohibiting harassment, including sexual harassment. Nor may they be used to access material unrelated to the performance of the business of the Agency. Employees should be aware that E- mail/voice-mail messages could be retrieved and even subpoenaed for litigation and government compliance investigations. Stored information and E-mail/Voice-mail messages may not be deleted or destroyed if the subject of or relevant to a claim of litigation. Violation of this policy will subject the employee to discipline. h) Security, Privacy and Confidentiality: Computer and e-mail security: All staff with access to consumer, financial or any other agency related information are expected to treat the information with the highest level of confidentiality. Staff with electronic access to the information are assigned passwords and are expected to treat them with extreme care. If any password is lost or is suspected of being compromised, they are required to inform their supervisors immediately. Upon notification, the CFO will (instruct the systems manager to) issue a new password to the staff and the old one will be deleted. In the event that an employee with these types of access leaves the agency, the systems manager will be immediately informed; and the password- protected accounts will be deleted or changed so that the person no longer has access to the agency s protected information. All staff members with access to client records are required to sign the HIPPA confidentiality agreement and are expected to adhere to agency policies at all times. 5

i) Staff Training: All staff required to utilize specialized company applications, like the Financial Reporting system and the Consumer Databases, are trained on them upon hire and are periodically retrained on them as the necessity arises. The agency has a Consumer Computer Training Lab, when available is used to train staff on general business applications like Microsoft Word and Excel to help improve the staff productivity. j) Consumer Access to Computers: Sunshine Village is committed to helping the consumers help grow to extent that they are able to perform a wide range of tasks contributing to their own well-being and delivering important services to dozens of businesses throughout the region. Where appropriate, computer training is used as an educational tool to train the consumers. A computer lab has been set up at Litwin Lane for this purpose and at the other offices; dedicated computers are used for training. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information