7/29/2019 Chicago South Medical Powerpoint
1/14
Team CIA
7/29/2019 Chicago South Medical Powerpoint
2/14
7/29/2019 Chicago South Medical Powerpoint
3/14
7/29/2019 Chicago South Medical Powerpoint
4/14
7/29/2019 Chicago South Medical Powerpoint
5/14
7/29/2019 Chicago South Medical Powerpoint
6/14
Design & Implementation Phase Design Phase
Chicago South Medical (CSM) will be implementing a
new way to improve controls for; systems administrator accounts
password strength
remote access to patient records
7/29/2019 Chicago South Medical Powerpoint
7/14
Design & Implementation Phase
ContinuedImplementation Phase
CSM will introduce new ways to develop access
improvements as well as email improvementsAccess Improvements
CSM objective is to improve controls for privileged andsystem administrator accounts and this will be done by
creating an Enterprise Information Security Policy(EISP)
7/29/2019 Chicago South Medical Powerpoint
8/14
DESIGN AND IMPLEMENTATIONImproving password strength
CSM will be creating the following System-Specific
Security Policy (SSSP):
All users and administrators must follow the standardbelow when establishing or administering passwords.
7/29/2019 Chicago South Medical Powerpoint
9/14
Password Requirements Must be at least 8 characters long. Password must always contain: One alphabetic character One number One special character Password cannot contain 3 or more consecutive characters from the
user ID. Password must not match any of the 4 previous passwords. Password will expire 90 days after the last password change.
Password cannot be changed for 0 days after the last password change. Password must not be one of 4 previous passwords. Password change reminder will be sent 30 days after the last password
change.
7/29/2019 Chicago South Medical Powerpoint
10/14
FRAMEWORK
Chicago South Medical Hospital will continue to use
the HITRUST Common Security Framework (CSF).This framework helps the hospital create, store, accessor exchange electronic health records and othersensitive information
7/29/2019 Chicago South Medical Powerpoint
11/14
SETAThe Encryption Plug-in
The Encryption Plug-in places an Encrypt Message button inthe Outlook menu bar when you are composing a new message,
replying to, or forwarding another message. This buttonprovides an easy way for you to mark a message to be encryptedbefore sending the email to an external email account ([email protected] or [email protected]).
Using the Encryption Plug-in You can send secure emails by selecting the Encrypt Message
button as you are composing an email message. Before you senda secure message, verify that the Encrypt Message button isselected, as shown below:
mailto:[email protected]:[email protected]:[email protected]:[email protected]7/29/2019 Chicago South Medical Powerpoint
12/14
SETA
7/29/2019 Chicago South Medical Powerpoint
13/14
WHAT EMAIL SHOULD BE
ENCRYPTED Any time you are sending sensitive or confidential
information outside of CSM, you should encrypt themessage to protect it from unwanted disclosure.
Any email with the following kinds of information must besent securely as this kind of information is regulated orotherwise sensitive:
Personal identifiers
Financial information
Health information
Proprietary information about CSM plans, strategies andoperations
7/29/2019 Chicago South Medical Powerpoint
14/14
What Email Should be Encrypted