HS 9453-D Remote Access - Office of Compliance Services - UCLA ...

Remote Access Policyii.iii.iv.The maximum VPN concentrator session length is 15 hours.HS 9453-DNo Device connected to MedNet via VPN is allowed to serve as aproxy to forward traffic from other devices.When using VPN technology with personal equipment, users mustunderstand that they must comply with all UCLA and UCLA Healthpolicies applicable to devices connected to UCLA networks.Requirements include, but are not limited toa. Operating systems must be kept up to date on patches.b. Anti-virus software must be running and the virus definitionskept up to date.c. If there is a native host-based firewall, it must be enabled.d. Restricted Information must be encrypted.For more information, see the following policies:HS Policy No. 9421, “Workforce Access to and use of PHI(Minimum Necessary)”HS Policy No. 9451, “Use of Electronic Information”HS Policy No. 9453-C, “Storage of Restricted Information onMobile Devices and Removable Media”HS Policy No. 9457, “Minimum Standards for NetworkDevices”UCLA Policy No. 401, “Minimum Standards for NetworkDevices”UCLA Policy No. 404, “Protection of Electronically StoredPersonal Information”II.III.IV.EnforcementFailure to follow any provisions of this policy may result in disciplinary action, upto and including termination.QuestionsWorkforce members should consult their IT support group or the InformationSecurity Office (InfoSecAll@mednet.ucla.edu) if they have any questions on thispolicy.Exceptions to PolicyAny exceptions to these policies must be for a valid patient care or businessreason and must be approved by the Information Security Officer working inconsultation with the appropriate IT groups prior to any remote access.4 of 5 UCLA HealthCompliance Policies and ProceduresPrivacy and Information Security Policies