FILE MANAGEMENT.

Eusebio works in the administration department of a dental clinic. In a digital document you
need to design, as a diagram, a filing system that includes all the phases of the provision of
services (reception, registration, provision, collection, after-sales-customer service) and the
documents that support them to be able to reflect the following:

PHASES OF THE PROVISION OF FILES

RECEPTION
RECORD
PAYMENT
AFTER-SALES
CUSTOMER SERVICE

1. Specify the file access criteria, according to the different profiles of workers who
operate in the clinic (doctors, assistants, management, administration department).

 Doctors They will have access to any information related to the company.
 Leadership You will have access to all information related to the company.
 Administration Department You will have access to information related to the labor
and economic sphere of the company.
 Auxiliaries They will only have access to the information that their superiors require,
such as invoices, orders, appointments...

2. Define file and document transfer and deletion resources.

The destruction of documents can be carried out using special machines or by contracting this
service to an external company dedicated to this. Furthermore, the effective destruction of
documentation must be carried out correctly to avoid breaching the Organic Law on Data
Protection (LOPD) and having to face its sanctions.

The destruction of documents involves both physical documents and those stored on
computer media. For the first case we have paper destruction machines and for the second we
must have the appropriate computer equipment to prevent the original information contained
therein from being rescued.

Depending on the volume of data that the entity generates, it is common to contract this
service to specialized external companies that, endorsed by an institution, provide the client
with a certificate that accredits and guarantees the elimination of the documents.

3. Determine the criteria that guarantee the security and confidentiality of the
documentation (patient medical records, patient personal data, patient fiscal and
economic documentation, data from material suppliers).

To determine the criteria that guarantee the security and confidentiality of the
documentation, we will follow the protection levels established in RD 1720/2007. These levels
are the following:

I. All files or data processing must adopt security measures classified as basic level.
 II. In addition to the basic ones, medium -level measures must be implemented on these
types of files:
 Those related to the commission of administrative or criminal infractions.
 Those whose operation is governed by article 29 of Organic Law 15/1999, of
December 13.
 Those for which the Tax Administrations are responsible and are related to the
exercise of their tax powers.
 Those for which financial entities are responsible for purposes related to the
provision of financial services.
 Those for which the Managing Entities and Common Services of Social Security
are responsible. Likewise, those for which the mutual insurance companies are
responsible for work accidents and occupational diseases of the Social
Security.
 Those that contain a set of personal data that offer a definition of the
characteristics or personality of citizens and that allow evaluating certain
aspects of their personality or behavior.

III. In addition to the basic and medium-level measures, high -level measures must be
implemented on these types of files:
 Those that refer to data on ideology, union membership, religion, beliefs,
racial origin, health or sexual life.
 Those that contain or refer to data collected for police purposes without the
consent of the affected persons.
 Those that contain data derived from acts of gender violence.

According to the RD named above, the security measures applicable to files and automated
treatments will be the following.

Basic level security measures .

Article 89. Functions and obligations of staff.

Article 90. Event log.

Article 91. Access control.

Article 92. Support management.

Article 93. Identification and authentication.

Article 94. Backup and recovery.

Medium level security measures.

Article 95. Security manager.

Article 96. Audit.

Article 97. Support management.

Article 98. Identification and authentication.

Article 99. Physical access control.

Article 100. Event log.

High level security measures.

Article 101. Management and distribution of media.

Article 102. Backup and recovery.

Article 103. Access log.

Article 104. Telecommunications.

On the other hand, the security measures applicable to non-automated files and treatments
are the following:

Basic level security measures.

Article 105. Common obligations.

Article 106. Archiving criteria.

Article 107. Storage devices.

Article 108. Custody of the supports.

Medium level security measures .

Article 109. Safety responsibility.

Article 110. Audit. Third Section.

High level security measures.

Article 111. Information storage.

Article 112. Copy or reproduction.

Article 113. Access to documentation.

Article 114. Transfer of documentation.

4. Necessary frequency in the application of the antivirus program scan and a list of
possible antivirus programs on the market for implementation in the clinic.

The frequency with which we must use the scan application of an antivirus program on our
computer should be daily, since it is confidential information that we handle daily and we need
it to be secure.

Regarding the possible antivirus programs on the market, these are divided into three
categories, depending on the function for which they were designed.

Firstly, there are the so-called “Preventive Antiviruses”, which fulfill the function, as their
name indicates, of anticipating the infection by intercepting and analyzing all data entry and
exit operations. It should be noted that this type of antivirus to perform its task must be
installed on the disk and reside in the PC's memory, which is why they take up many resources
that ultimately slow down the computer.

Another type of antivirus is the so-called “Identifier antivirus”, whose primary function is to
identify threats that may already be active on our computer, and that affect the performance
of the system. To achieve its goal, this type of antivirus analyzes all the files on the computer
in search of byte strings related to malware.

The last type of antivirus is the so-called “Decontaminating Antivirus” , whose purpose is to
eliminate an infection when it has already occurred and attacked the computer. Many of these
antiviruses will also attempt to revert to the state before the infection occurred.

Literally dozens of antiviruses are distributed, both free and paid, the truth is that not all
antiviruses offer the sufficient degree of security that they should.

In the event that we are looking for an effective antivirus that meets the most modern
requirements and standards in the fight against malware, viruses and other threats, these are
some of the most renowned free antivirus names on the market, which we can use in the
clinic:

o Microsoft Windows Defender.

o Microsoft Security Essentials.

o AVG Free Antivirus.

o Avast! Free Antivirus.

o Avira AntiVirus Personal.

Since Eusebio must explain to his new colleague in the administration department the
system to follow in the computerized and management system, he also needs to present an
example case to explain to her the way of operating. To this end, plan to prepare an example
with the following case:

“A patient's medical history has been completed in a conveniently formatted text document.
This document is associated with the client's file in the client database. You must determine:

 The way to control this document (access permissions for the different profiles of
clinic workers).

The way to control this file is using a decentralized file, where the business documentation is
distributed among the different departments that make up the company. Each of these
departments receives, dispatches, files and preserves the documentation that corresponds to
it, whether produced or received.

Thanks to the decentralization of files, the independence of the different departments is

enhanced and time is saved in the number of requests and trips. In addition, the confidentiality
of the documentation is guaranteed, as it may be convenient for not all departments to access
all the information archived in the company.

 Way to send this information to Dr. Ibáñez, who has requested it.

The information can be sent to Dr. Ibáñez through the Intranets, which allows users to work
together in a simpler and more effective way, allowing us to share information in a secure way.

 Timing of backup copies of this and other documents (patient medical records) found
in the “H_2013” folder.
It is advisable that backup copies be made periodically every day, as this will prevent
information that has not been saved correctly from being lost.

 Identify what type of file this is (management, intermediate, historical...)

It is a management file, since it is subject to continuous use and administrative consultation by

the same offices.

 Define the conservation mode of this file and the actions to be carried out (or
programs to be used) to ensure its maintenance.

The documentation must be stored correctly, in filing cabinets that facilitate its access, due to
its operability and protecting it from external agents such as light, dust, humidity, etc. A space
must be available away from extreme environmental conditions that could even allow the
passage of insects or rodents.

On the other hand, if the file is digital, backup copies should always be made to mitigate
possible losses due to breakage or failure of the device. In addition, we will have to use an
antivirus to prevent cybercriminals from entities access information without authorization.