Industry best practices, regulations, and policies usually stem from some negative experience. One such item which has come up lately is the computer screen lockout of 10 minutes. This is a regulatory requirement (HIPAA and PCI), Industry best practice based on NIST and ISO, as well as a HITRUST requirement. UMC has had this policy in place for the past three years, however we recently discovered not all computers were being affected by this policy.

When a user walks away from a computer and is logged in then anyone, employee or non-employee, now has access to information which they may not be entitled and this information is required to be protected by federal and state law. This lock out policy protects not only UMC and our patients but also our employees who may forget to lock the computer on their own. Whereas we wish healthcare was exempt from malicious actors who wish to profit from our data, this is just not the case. In fact healthcare has become the #1 target of bad guys. We appreciate everyone’s understanding as we make UMC more secure.

Phil Alexander | Director of Information Security & ISO| UMC Health System