PACE SCHOOL - OPERATIONS POLICY & Policy #: OPR215
PROCEDURE
Title: Workstation Use - OPR215 Most Recent Board Approval Date: 3/22/05
Most Recent Policy Revision Date: 1/23/07
Owner: Chief Executive Officer
Approver: Chief Executive Officer, Information Management
Specialist, Executive Officer
Printed copies are for reference only. Please refer to the electronic copy for the latest version.
Policy Title: Workstation Use
Policy #OPRPOL215
Policy Statement:
It is the policy of Pace School to require appropriate safeguarding of workstations by employees
so as to secure electronic information systems and clients’ protected health information
maintained electronically within these systems.
Related Procedures:
1. At no time shall any workforce member or other person, entity or application, be
permitted to in any way use, or otherwise access, any workstation of any information system of
Pace School without first being granted appropriate access privileges by the Information
Management Specialist (IMS) pursuant to the procedure set forth in the Policy on Information
System User Account Management. .
2. Any workforce member and/or other authorized user shall be responsible for
safeguarding the security of the workstation and its immediate surroundings pursuant to this
policy, including the security of any and all storage media.
3. The particular configuration and specifications of each of Pace School’s workstations
shall be documented, with such documentation being maintained by the IMS; such
documentation shall include, at a minimum: the location of the workstation, a description of all
hardware devices making up the workstation, and a listing of all software applications available
to the user at this workstation. Any changes to the configuration and/or specifications shall be
documented by the IMS and/or the Technology Coordinator and shall be maintained with the
original documentation.
4. No workforce member and/or other authorized user shall at any time make any changes,
or allow any changes to be made, to any settings and/or otherwise re-configure any workstation
to in any way terminate, circumvent and/or otherwise attempt to in any way reduce the
effectiveness of any mandatory configuration required by any section of this policy and/or
otherwise mandated by the IMS/Security Officer.
5. Each workforce member shall be responsible for protecting the security of electronic
protected health information accessible through any workstation that the workforce member has
been granted the right to use and/or does use. Workforce members and/or other authorized users
shall take all necessary steps to physically safeguard the electronic protected health information
accessible through the workstation. Such steps will include, but will not be limited to:
3/9/2015 9:09 AM Workstation Use - OPR215 Pg 1
PACE SCHOOL - OPERATIONS POLICY & Policy #: OPR215
PROCEDURE
Title: Workstation Use - OPR215 Most Recent Board Approval Date: 3/22/05
Most Recent Policy Revision Date: 1/23/07
Owner: Chief Executive Officer
Approver: Chief Executive Officer, Information Management
Specialist, Executive Officer
Printed copies are for reference only. Please refer to the electronic copy for the latest version.
maintaining the monitor in such a position that the screen cannot be read by clients or others in
the vicinity; shielding the contents of the monitor screen and/or the keyboard whenever
necessary to avoid the viewing of protected health information, the user’s I.D. and/or password,
etc.; switching a screen/window to a screen/window that does not contain protected health
information whenever appropriate to prevent the unauthorized viewing of electronic PHI; etc.
3/9/2015 9:09 AM Workstation Use - OPR215 Pg 2
PACE SCHOOL-OPERATIONS POLICY/PROCEDURE Policy #:
Title: Workstation Use - OPR215
Owner: Revised Date:
Approver: Board Approval Date:
Printed copies are for reference only. Please refer to the electronic copy for the latest version.
6. All workforce members and/or other authorized users who share a workstation are
required to log off any workstation they are using whenever they must leave the immediate
vicinity (i.e. the room) of that workstation. All workforce members are required to log off
their workstations at the end of the day.
7. All workforce members are required to log off the network at the end of the workday.
Failure to do so more than three (3) times within a given month constitutes a negligent or
unintentional violation of this security policy and will fall under Sanction Range A (Pace
School HIPAA Security Policy No. 1021 “Workforce Security Training and Sanctions for
Violations of Security Policy”)
8. All of Pace School’s workstations shall have installed and enabled upon them a
password-protected screensaver that shall at all times be set to be activated upon five (5)
minutes for direct care staff and fifteen (15) minutes for indirect care staff of keyboard
inactivity; passwords related to such screensavers mirror the current users network password
.
9. No hardware device made a part of any workstation of the Pace School shall be in any
way moved from the current workstation and/or disposed of without the prior authorization
of, and specific instruction by, Organization’s IMS/Security Officer and/or Technology
Coordinator. Notwithstanding such approval, at no time shall any hardware device of the
Pace School be disposed of without the proper removal of all protected health information
maintained within and/or upon the device, unless the hardware device is properly destroyed
in such a way that there is no possible means to recover any protected health information that
may have been retained prior to destruction. The IMS/Security Officer and/or Technology
Coordinator, specifically noting the name and position of the workforce member responsible
for the movement and/or disposal of the hardware device, shall document each such
movement and/or disposal of any hardware device.
Adopted: 3/22/05
Effective: 4/15/05
Revised: 1/23/07
3/9/2015 9:09 AM Workstation Use - OPR215 Pg 3