RosettaHealth is a virtual company and as such does not have any single physical location where business operations are conducted. All employees work from remote locations. As such all employees are still expected to observer the policies concerning physical access to their work environment spelled out in this policy.

Applicable Standards

Applicable Standards from the HITRUST Common Security Framework

08.b - Physical Entry Controls
08.d - Protecting Against External and Environmental Threats
08.j - Equipment Maintenance
08.l - Secure Disposal or Re-Use of Equipment
09.p - Disposal of Media

Applicable Standards from the HIPAA Security Rule

164.310(a)(2)(ii) Facility Security Plan
164.310(a)(2)(iii) Access Control & Validation Procedures
164.310(b-c) Workstation Use & Security

RosettaHealth-Controlled Facility Access Policies

Employees are expected to work only in areas where they can be assured of positive, continuous control and oversight of their RosettaHealth issued workstation/laptop.
Employees are expected to work only in areas where their screen cannot be viewed by others in the area.
Employees are must ensure that their workstations may only be accessed and utilized by themselves. Family or household members are not permitted to access RosettaHealth issues workstation/laptop.
All employees are required to monitor workstations and report unauthorized users and/or unauthorized attempts to access systems/applications as described in Incidence Response.

Data Center Facility Access Policies

RosettaHealth works with AWS to assure restriction of physical access to systems used as part of the RosettaHealth Platform. See AWS information on physical access controls (https://aws.amazon.com/compliance/data-center/controls/).
RosettaHealth works with Rackspace (SOC2, FEDRAMP, HITRUST certified data center provider) to assure restriction of physical access to systems used as part of the RosettaHealth Platform. Rackspace physical access controls are defined https://www.rackspace.com/information/legal/securitypractices.