Hospital’s network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on the organization’s systems remains the property of... Hospital.
Not sure how that is going to work out overall, seems a bit over arching — like what, precisely, is 'data'? But the thing that really has me annoyed because it clobbers my work flow is the fun statement:
All PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off when the host will be unattended.
My point being that a generic, hardcoded time to lock the workstation is a dumb idea, especially when many of the computers are located within a controlled environment. Logging in a couple of dozen times per day is not how I would define a productive use of my time.
Has anyone else found an 'authorative" pontification of these ideas, especially in regards to healthcare systems in the US? (Hopefully the rest of the world isn't as batshit insane as we are).