Assignment task:
Imagine that you have been asked to implement an IT security policy at a medical clinic that has from 10 - 20 employees altogether. This clinic is fictitious, but you can model it after one that you are familiar with. The clinic has two desktop computers at the front desk, a computer in each of the two doctor's offices, a computer in the manager's office, and a computer at each of the four nurse's stations.
There is no person in the clinic designated as the IT support person. Instead, the manager of the clinic has had friends come in for free when necessary to set up the computer equipment and fix any problems that occur. All the computers are at least ten years old and run the Windows 10 operating system. The admin account on each computer is accessed by the same password, and all the employees know the password. In other words, there are no individual user accounts.
Because of recent HIPAA regulation changes the management needs to implement a standard IT security policy for medical clinics. This policy requires that an IT support team be the only people who know the admin password for each computer. In addition, each employee is required to have his/her own user account login credentials for any computer that they use. Moreover, security updates need to be done on each computer at least every three months.
For this assignment you need to create a simple plan on how you would recommend the clinic implement the new HIPAA requirements described in the paragraph above. Your plan should contain steps that need to be performed along with a timeline of when the events occur and who is responsible for doing them. Limit your document to 150 to 200 words. Create no charts or tables.