Facility Access Policy

RosettaHealth is a virtual company and as such does not have any single physical location where business operations are conducted. All employees work from remote locations. As such all employees are still expected to observer the policies concerning physical access to their work environment spelled out in this policy.

Applicable Standards

Applicable Standards from the HITRUST Common Security Framework

  • 08.b - Physical Entry Controls

  • 08.d - Protecting Against External and Environmental Threats

  • 08.j - Equipment Maintenance

  • 08.l - Secure Disposal or Re-Use of Equipment

  • 09.p - Disposal of Media

Applicable Standards from the HIPAA Security Rule

  • 164.310(a)(2)(ii) Facility Security Plan

  • 164.310(a)(2)(iii) Access Control & Validation Procedures

  • 164.310(b-c) Workstation Use & Security

RosettaHealth-Controlled Facility Access Policies

  1. Employees are expected to work only in areas where they can be assured of positive, continuous control and oversight of their RosettaHealth issued workstation/laptop.

  2. Employees are expected to work only in areas where their screen cannot be viewed by others in the area.

  3. Employees are must ensure that their workstations may only be accessed and utilized by themselves. Family or household members are not permitted to access RosettaHealth issues workstation/laptop.

  4. All employees are required to monitor workstations and report unauthorized users and/or unauthorized attempts to access systems/applications as described in Incidence Response.

Data Center Facility Access Policies

  1. RosettaHealth works with AWS to assure restriction of physical access to systems used as part of HealthBus. See AWS information on physical access controls (https://aws.amazon.com/compliance/data-center/controls/).

  2. RosettaHealth works with Rackspace (SOC2, FEDRAMP, HITRUST certified data center provider) to assure restriction of physical access to systems used as part of HealthBus. Rackspace physical access controls are defined https://www.rackspace.com/information/legal/securitypractices.