LifeWays Operating Procedures
|
|
- Stuart Riley
- 5 years ago
- Views:
Transcription
1 GUIDELINES AND REQUIREMENTS I. PURPOSE To define the security, privacy and professional standards and considerations regarding electronic mail communication. II. SCOPE This procedure covers appropriate use of any sent from a LifeWays address and applies to all employees, contractors, students, and volunteers operating on behalf of LifeWays. III. DEFINITIONS The electronic transmission of information through a mail protocol such as SMTP or IMAP. Typical clients include Microsoft Outlook, Gmail, Yahoo and Hotmail. Forwarded resent from an internal network to an outside point. Chain or letter sent to successive people. Typically, the body of the note has direction to send out multiple copies of the note and promises good luck or money if the direction is followed. Protected Health Information (PHI) PHI is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. Sensitive information Information is considered sensitive if it can be damaging to LifeWays or its customers' reputation or market standing. Unauthorized Disclosure The intentional or unintentional revealing of restricted information to people, both inside and outside LifeWays, who do not have a need to know that information. U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. Mass Message A single message sent to a large number of recipients all at the same time Phishing The attempt or act of defrauding a network user by posing as a legitimate entity, usually through , in order to steal or leverage sensitive information for financial gain. Page 1 of 8
2 IV. PURPOSE A. The purpose of this procedure is to outline the guidelines that must be followed to help the employee make the best use of the electronic mail resources at his or her disposal while following practices that ensure the protection of confidentiality and minimize the potential threats to the LifeWays information systems infrastructure. V. COMMUNICATION PRIVILEGES & MONITORING A. The telephone, facsimile and computer, including the system, are tools to ensure efficient communication. These tools, provided by LifeWays, are necessary for carrying out day-to-day business communication at LifeWays. Complaints of improper use of these communication systems will be investigated as necessary to ensure compliance with this procedure. B. As the communication tools provided by LifeWays are not employee rights; employees should have no expectation of privacy in their communications including those via the telephone, voic , facsimile or computer systems. Employees should know that even if an is deleted from their computer screens, it is not deleted from the system. Electronic messages are archived for at least two (2) years. Private passwords assigned or created by employees to enable their access does not make private, since these messages can still be accessed. Additionally, employee messages sent and received through a personal, Web-based account (e.g. Yahoo) on a company-owned computer are NOT private either. LifeWays reserves the right to monitor any data and communications on any employer-provided telecommunication and computer systems. VI. ACCEPTABLE USE AGREEMENT FOR A. The agency shall implement an Acceptable Use Agreement between LifeWays and the individual employee to identify the user s responsibilities in protecting information and ensuring appropriate use of the agency s technology resources. B. This agreement shall address the acceptable use of electronic mail. The employee will receive and sign the agreement at the time of hire and annually thereafter during annual training. (Refer to Attachment 1 for a copy of the Acceptable Use Agreement for Electronic Mail.) VII. PROHIBITED USE OF ELECTRONIC MAIL A. The following are some specific examples of prohibited usage of systems. This list is not to be considered all-inclusive. Page 2 of 8
3 1. Do not use for urgent or time-sensitive communications, unless this is the sole source of communicating the information. 2. Do not use addresses for marketing purposes except as described in the LifeWays Marketing & Public Relations policy. 3. Do not share accounts with anyone, including family members or co-workers. B. Further questions regarding appropriate use of electronic mail should be directed to the employee s supervisor or the Director of Information Technology. VIII. GENERAL RULES FOR ENSURING CONFIDENTIALITY OF ALL ELECTRONIC MAIL CONTAINING PROTECTED HEALTH INFORMATION (PHI) A. Minimum Necessary: When using or disclosing protected health information or when requesting protected health information from another covered entity, a covered entity must make every effort to limit the use or disclosure of protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure or request. Simply being an employee within a covered entity does not allow you access to protected health information unless you have a need to know to perform your essential job functions. B. Users of telecommunication systems, such as , are in a uniquely important position to uphold privacy and protection of information, as they have the capacity to forward, print or circulate any message. As a result of being in this position, users must adhere to the following general rules: 1. Users should use discretion and confidentiality protections equal to or exceeding that which is applied to written documents. 2. PHI received or transmitted via electronic mail must be protected using encryption. A password-protected document is not necessarily encrypted. (Refer to LifeWays procedure Use and Disclosure of Protected Health Information for general privacy and security policies regarding information technology.) 3. The LEO Message system shall be used to communicate issues pertaining to consumer s treatment for users within the CMH system, as this is a secure platform for case discussion that includes PHI. The LEO Message system shall not be used for general, operational s that are not consumer-specific. Communication of this type (not consumer-specific) should be conducted through the LifeWays primary (Outlook 4. Printers must be operated in a secure manner to protect information confidentiality in an area that is accessible to staff only and not to consumers or visitors. Printed materials must be retrieved immediately. Page 3 of 8
4 5. Basic communication systems are not inherently secure. sent via the Internet and other external systems can be intercepted and read by individuals other than the intended recipient. Therefore, when is used for communication of confidential or sensitive information, specific measures must be taken to safeguard the confidentiality of the information. The safeguard measures are as follows: 6. The recipient s address should be confirmed before sending. Obtaining an e- mail address from a directory is not proof that the will go to the proper recipient. If the sender is unsure of the accuracy of the recipient s address, contact should first be made (by any means, including ) to confirm that the address is correct. 7. All communications containing PHI must be encrypted. This can be accomplished by: a. Typing the word, Confidential in the subject line of Outlook, when using the LifeWays system. b. originating from a LifeWays employee account (i.e. lifewayscmh.org) sent to a LifeWays employee account is already encrypted. No further encryption is required when sending PHI. Other guidelines such as Minimum Necessary and Need to Know still apply. 8. The subject line should also include a notation referring to the sensitive nature of the , to further safeguard the confidentiality of electronically submitted data. 9. subject lines cannot be encrypted and shall therefore never include PHI. 10. The signature block should include the following statement for all communications: a. Confidentiality Note: The information transmitted is intended for the person or entity to whom or which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is strictly prohibited. If you receive this in error, please notify the original sender immediately by return and delete this message along with its attachments from your computer. 11. The use of distribution lists is prohibited when an contains PHI. 12. Double-check all address fields prior to sending messages, including to, cc, and bcc. 13. PHI must only be distributed to those with a legitimate need to know. 14. Distribution of PHI other than for treatment purposes is restricted to the minimum amount that is reasonably necessary information to use or disclose. Page 4 of 8
5 15. Distribution of PHI outside of LifeWays constitutes a disclosure of PHI and shall only be done with prior authorization from the consumer and shall also be tracked and logged in accordance with the HIPAA regulation. 16. The option to request a read receipt is recommended as a method to ensure delivery to the intended recipient. 17. For extended absences, an employee shall either have forwarded to their Supervisor at LifeWays or have an auto-reply message stating the employee cannot answer the at this time and providing instruction on alternative methods of contacting LifeWays. 18. The LifeWays electronic medical record (EMR) provides a secure internal messaging system, and should be used to communicate protected health information for the purposes of coordinating treatment with other healthcare providers that have a release to exchange information. IX. CORRESPONDENCE WITH CONSUMERS A. Corresponding with consumers over should be limited and only occur when the user can communicate in a manner that does not disclose protected health information and after a written authorization is obtained from the consumer. B. If the situation escalates, users must be able to re-direct the consumer to communicate through a phone call or office visit. X. PERSONAL USE A. The LifeWays system is provided to employees by the agency to conduct business activities. LifeWays shall not to be used as personal . XI. MASS MESSAGES A. In addition to the risk that is presented by sending mass- s, mass s generate a large amount of data that must be maintained by the agency. Therefore, mass mailings sent from a LifeWays account shall be infrequent and made with a high level of discretion. B. External Mass mailings that include external recipients and are delivered from Microsoft Outlook or Constant Contact (the company s marketing system) must be approved by the employee s Supervisor before sending. C. Internal LifeWays has provided the distribution group lwteams for internal mass mailings. This distribution group is available to all employees, but must also be used Page 5 of 8
6 with a high level of discretion. Employees shall adhere to the following guidelines: 1. Personnel related s, including employee benefit fundraisers, must be coordinated by the Human Resources Department. Related communication to all-staff that utilizes the lwteams distribution group, or individual addresses, must be approved by or delivered from a Human Resources team member. 2. Company activities, including Perks team activities or other company-wide events, must be coordinated by the Perks Team. Related communication to all-staff that utilizes the lwteams distribution group, or individual addresses, must be approved by or delivered from a Perks team member or the Perk team leader. 3. Individual employee activities, such as personal fundraisers or selling, shall not be communicated to all-staff using the lwteams distribution group. LifeWays supports individual employee activities and selling, but this must be communicated through alternative means, such as the Employee Activities Bulletin Boards in the company Break Room. 4. When an employee receives an message sent to lwteams or any other distribution group, the recipient should only use the, Reply all option when the reply pertains to everyone on the distribution list. Otherwise it is more desirable to use the, Reply option, responding only to the individual who originated the . D. Employees shall follow the above guidelines and seek clarification from their immediate supervisor on other unusual circumstances that must be communicated to all-staff using the lwteams distribution group. XII. SPAM AND VIRUS PROTECTION A. LifeWays uses Microsoft Exchange Online service. Exchange Online is a component of the LifeWays Office 365 Enterprise Level 3 subscription, purchased annually from Microsoft. B. Exchange Online Protection, included with Exchange Online, provides inbound and outbound spam filtering, malware and virus filtering, and quarantine. C. Employees will receive a Spam Notification message when a potentially dangerous is captured by the filtering system. Employees have the option to release the from quarantine, report the as not junk or simply leave it in quarantine. If a sender is not recognized, the user should leave the message in quarantine. D. Employees should never click on a link in an message that is not from a recognized sender. Never open an that seems suspicious. Phishing is one of the most common tools cybercriminals use to compromise IT networks, breach security measures, exact Page 6 of 8
7 ransoms and steal data. Employees should immediately direct concerns about questionable to the Information Technology Team. XIII. PROFESSIONALISM A. Employees must remember that all activities from a LifeWays communications system will be regarded as activities authorized by LifeWays. Employees shall not create or forward communications that contain abusive or objectionable language, that defame or libel others, or that infringe on the privacy rights of others, or which would otherwise violate employer policies, including, but not limited to, the Workplace Conduct policy. B. Employees must recognize that communications can be sequestered for local, state and federal investigations. C. Employees may not delete, alter, re-configure computer hardware or software or use the passwords and encryption keys of other employees to gain access to other employee s communications systems. D. Employees must take extra effort to ensure every communication is conducted in a professional, ethical and confidential manner. In addition to requiring each to have professional and respectable content within the body of the , LifeWays requires that employees utilize a standard format and signature block. This allows the company to communicate a consistent and professional image to internal and external customers E. Guidelines for format: 1. No backgrounds 2. No logos, graphics except those specifically sanctioned by LifeWays 3. Subject line is specific (is not null) 4. Subject line can never contain PHI 5. Subject line includes the word Confidential for that contains PHI 6. Salutation and closing is included 7. Standard Company Signature Block is used, which includes contact information and Confidentiality Statement F. Standard Company Signature Block: First and Last Name, Credentials (if Applicable) Job Title LifeWays Community Mental Health Proudly Serving Jackson & Hillsdale Counties Direct Line 10-Digit Phone Number 10-Digit Fax Number Page 7 of 8
8 LifeWays Community Mental Health, in partnership with our community and provider network, inspires hope and equips individuals on their journey toward recovery and wellness. Confidentiality Note: The information transmitted is intended for the person or entity to whom or which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is strictly prohibited. If you receive this in error, please notify the original sender immediately by return and delete this message along with its attachments from your computer. XIV. ENFORCEMENT A. Employees will be expected to follow the guidelines within this procedure and seek out the necessary training and education from the Information Technology Team where needed to support compliance. B. Any employee found to have violated this procedure may be subject to disciplinary action in accordance with Human Resources policies and procedures. ATTACHMENTS Acceptable Use Agreement for Electronic Mail (LW # A) Instructions for changing your signature block in Outlook (LW # B) REFERENCES Audience: LifeWays Board/Staff LifeWays Provider Network U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) LifeWays Policy Information Systems and Risk Management LifeWays Operating Procedures Use and Disclosure of Protected Health Information Acceptable Internet Use HISTORY * Formerly Guidelines and Requirements Effective 05/01/2008 Reviewed/Revised: 05/12 7/14, 11/14, 2/17 Page 8 of 8
9 Acceptable Use Agreement Electronic Mail User Responsibilities Introduction The agency provides employees with electronic mail to support effective, efficient communication both internally and externally. is necessary for carrying out day-to-day communication at LifeWays. These guidelines are intended to help you make the best use of electronic mail, while following practices that ensure the protection of confidentiality and minimize potential threats to the agency s IT infrastructure. You should understand the following All electronic mail activity is monitored and logged and can be sequestered for local, state and federal investigations. All electronic mail coming into or leaving the agency is scanned for viruses and offensive materials. The agency reserves the right to monitor communications on any and all devices provided by LifeWays. Users shall have no expectation of privacy in anything they store, send or receive using the agency s electronic mail resources. The agency may monitor messages without prior notice. LifeWays IT team uses a multi-tiered approach to maintaining a secure environment. Users play a key role in and data security. sent from one LifeWays account to another is inherently more secure than sent to external recipients. Therefore, when is used to send Protected Health Information (PHI), specific measures must be taken to safeguard the confidentiality of that information. All users of the agency s electronic mail resources must comply with the following guidelines Protect identifying consumer health information by using only the minimum necessary to accomplish the intended purpose. Use the secured messaging system within the electronic medical record system (LEO) when protected health information (PHI) is necessary in communications. s containing PHI, going to non-lifeways recipients (i.e. non-lifeways addresses), MUST be encrypted. Type the word CONFIDENTIAL in the subject to encrypt . Never include PHI in the subject of an message. Take extra effort to ensure every electronic mail communication is conducted in a professional, ethical and confidential manner. Double-check the address line (To:, Cc:, Bcc:) before sending a message to ensure you are sending it to the right person who has a need to know. Do not forward electronic mail messages sent to you personally, to others without the permission of the originator. Use a high-level of discretion and obtain supervisor approval before sending a mass mailing externally or internally. Use, Reply when responding to an message. Only use, Reply All when it is truly necessary to all recipients in an distribution group. Delete electronic mail messages when they are no longer required. Only use the LifeWays electronic mail system for business purposes. Do not represent yourself as another person or share electronic mail accounts with colleagues. Include the agency s standard signature block and confidentiality statement for all electronic mail messages. Employee Signature Date If you are in any doubt about an issue affecting the use of electronic mail you should consult Technology Services. Significant breach of the agency s Electronic Mail Acceptable Use Agreement may lead to disciplinary action. Reference: 1 LifeWays Policy Telecommunication Systems LifeWays Operating Procedure Acceptable Use of Information Technology Resources LifeWays Operating Procedure Guidelines and Requirements U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) LW # A 03/01/14
10 Instructions for Changing Your Signature Block in Outlook 1 LifeWays Tech Tip LW # B 12/20/2013
11 Instructions for Changing Your Signature Block in Outlook LW # B 12/20/2013
12 Instructions for Changing Your Signature Block in Outlook 3 LifeWays Standard Signature: First and Last Name, Credentials (if Applicable) Job Title LifeWays Community Mental Health Proudly Serving Jackson & Hillsdale Counties Direct Line 10-Digit Phone Number 10-Digit Fax Number LifeWays Community Mental Health, in partnership with our community and provider network, inspires hope and equips individuals on their journey toward recovery and wellness. Confidentiality Note: The information transmitted is intended for the person or entity to whom or which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is strictly prohibited. If you receive this in error, please notify the original sender immediately by return and delete this message along with its attachments from your computer Complete! LW # B 12/20/2013
University Policies and Procedures ELECTRONIC MAIL POLICY
University Policies and Procedures 10-03.00 ELECTRONIC MAIL POLICY I. Policy Statement: All students, faculty and staff members are issued a Towson University (the University ) e-mail address and must
More informationHIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
More informationDONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY
DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY Published By: Fusion Factor Corporation 2647 Gateway Road Ste 105-303 Carlsbad, CA 92009 USA 1.0 Overview Fusion Factor s intentions for publishing an
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More informationHIPAA Privacy and Security Training Program
Note The following HIPAA training is intended for Vendors, Business Associates, Students, Pre Approved Shadowers, and Visitors. The following training module does not provide credit for annual training
More informationAcceptable Use Policy
Acceptable Use Policy 1. Purpose The purpose of this policy is to outline the acceptable use of computer equipment at Robotech CAD Solutions. These rules are in place to protect the employee and Robotech
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationWASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information
WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7 Appropriate Methods of Communicating Protected Health Information Statement of Policy Washington University and its member organizations (collectively, Washington
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview The Information Technology (IT) department s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Quincy College s established
More informationAcceptable Use Policy
Acceptable Use Policy POLICY 07.01.01 Effective Date: 01/01/2015 The following are responsible for the accuracy of the information contained in this document Responsible Policy Administrator Information
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview ONS IT s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to ONS established culture of openness, trust and integrity.
More informationII.C.4. Policy: Southeastern Technical College Computer Use
II.C.4. Policy: Southeastern Technical College Computer Use 1.0 Overview Due to the technological revolution in the workplace, businesses such as Southeastern Technical College (STC) have turned to computer
More informationName of Policy: Computer Use Policy
Page: Page 1 of 5 Director Approved By: Approval Date: Reason(s) for Change Responsible: Corporate Services Leadership April 22, Reflect current technology and practice Corporate Services Leadership Leadership
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 5 POLICY TITLE Section Subsection Responsible Office Private Sensitive Information Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Information
More informationCOUNTY OF RIVERSIDE, CALIFORNIA BOARD OF SUPERVISORS POLICY. ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9
ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9 Purpose: The purpose of this policy is to establish guidelines for proper use of all forms of electronic media. As used in this policy, electronic media includes,
More informationCorporate Policy. Revision Change Date Originator Description Rev Erick Edstrom Initial
Corporate Policy Information Systems Acceptable Use Document No: ISY-090-10 Effective Date: 2014-06-10 Page 1 of 5 Rev. No: 0 Issuing Policy: Information Systems Department Policy Originator: Erick Edstrom
More informationELECTRONIC MAIL POLICY
m acta I. PURPOSE The Information Systems (IS) Department is responsible for development and maintenance of this policy. The Finance and Administration Division is responsible for publishing and distributing
More informationACCEPTABLE USE OF HCHD INTERNET AND SYSTEM
Page Number: 1 of 6 TITLE: PURPOSE: ACCEPTABLE USE OF HCHD INTERNET AND EMAIL SYSTEM To establish the guidelines for the use of the Harris County Hospital District s Internet and email system. POLICY STATEMENT:
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More informationAcceptable Use Policy
IT and Operations Section 100 Policy # Organizational Functional Area: Policy For: Date Originated: Date Revised: Date Board Approved: Department/Individual Responsible for Maintaining Policy: IT and Operations
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationAuditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC
Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements
More informationVirtua Health, Inc. is a 501 (c) (3) non-profit corporation located in Marlton, New Jersey ( Virtua ).
myvirtua.org Terms of Use PLEASE READ THESE TERMS OF USE CAREFULLY Virtua Health, Inc. is a 501 (c) (3) non-profit corporation located in Marlton, New Jersey ( Virtua ). Virtua has partnered with a company
More informationAcceptable Use Policy
Acceptable Use Policy. August 2016 1. Overview Kalamazoo College provides and maintains information technology resources to support its academic programs and administrative operations. This Acceptable
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More informationHIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders
HIPAA Developed by The University of Texas at Dallas Callier Center for Communication Disorders Purpose of this training Everyone with access to Protected Health Information (PHI) must comply with HIPAA
More informationPolicies & Regulations
Policies & Regulations Email Policy Number Effective Revised Review Responsible Division/Department: Administration and Finance / Office of the CIO/ Information Technology Services (ITS) New Policy Major
More informationUniversity of North Texas System Administration Identity Theft Prevention Program
University of North Texas System Administration Identity Theft Prevention Program I. Purpose of the Identity Theft Prevention Program The Federal Trade Commission ( FTC ) requires certain entities, including
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationSpringfield, Illinois Police Department
Directive Number: ADM-46 01-084 Issue Date: 05/28/01 Distribution: C,E* Revision Dates: 06/01/01 Effective Date: 06/01/01 Related CALEA Standards: 82.1.7 References: CALEA Standards Manual Rescinds: ADM-46/01-015
More informationNMHC HIPAA Security Training Version
NMHC HIPAA Security Training 2017 Version HIPAA Data Security HIPAA Data Security is intended to provide the technical controls to ensure electronic Protected Health Information (PHI) is kept secure and
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: Can serve as annual HIPAA training for physician practice
More informationHIPAA For Assisted Living WALA iii
Table of Contents The Wisconsin Assisted Living Association... ix Mission... ix Vision... ix Values... ix Acknowledgments... ix Who Should Use This Manual... x How to Use This Manual... x Updates and Forms...
More informationJacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope
Jacksonville State University Acceptable Use Policy 1. Overview Information Technology s (IT) intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Jacksonville
More informationHIPAA Privacy & Security Training. HIPAA The Health Insurance Portability and Accountability Act of 1996
HIPAA Privacy & Security Training HIPAA The Health Insurance Portability and Accountability Act of 1996 AMTA confidentiality requirements AMTA Professional Competencies 20. Documentation 20.7 Demonstrate
More informationHIPAA & Privacy Compliance Update
HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com
More informationSample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.
Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring
More informationFERPA & Student Data Communication Systems
FERPA & Student Data Ellevation is subject to the Family Educational Rights and Privacy Act (FERPA) as operating under the "school official" exception, wherein student directory and PII (Personal Identifying
More informationTherapy Provider Portal. User Guide
Therapy Provider Portal User Guide Page 2 of 16 UCare User Guide V1.7 Table of Contents I. Introduction...3 About HSM Therapy Management... 4 Terms of Use... 4 Contact Information... 6 II. Using the Therapy
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationInformation Privacy and Security Training 2016 for Instructors and Students. Authored by: Office of HIPAA Administration
Information Privacy and Security Training 2016 for Instructors and Students Authored by: Office of HIPAA Administration Objectives After you finish this Computer-Based Learning (CBL) module, you should
More informationPTLGateway Data Breach Policy
1 PTLGateway Data Breach Policy Last Updated Date: 02 March 2018 Data Breach Policy This page informs you of our policy which is to establish the goals and the vision for the breach response process. This
More informationLesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)
Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA) Introduction: Welcome to Honesty and Confidentiality Lesson Three: The False Claims Act is an important part
More informationHIPAA Compliance & Privacy What You Need to Know Now
HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry
More informationHIPAA FOR BROKERS. revised 10/17
HIPAA FOR BROKERS revised 10/17 COURSE PURPOSE The purpose of this information is to help ensure that all Optima Health Brokers are prepared to protect the privacy and security of our members health information.
More informationAGREEMENT FOR RECEIPT AND USE OF MARKET DATA: ADDITIONAL PROVISIONS
EXHIBIT C AGREEMENT FOR RECEIPT AND USE OF MARKET DATA: ADDITIONAL PROVISIONS 21. NYSE DATA PRODUCTS (a) SCOPE This Exhibit C applies insofar as Customer receives, uses and redistributes NYSE Data Products
More informationTERMS OF USE Terms You Your CMT Underlying Agreement CMT Network Subscribers Services Workforce User Authorization to Access and Use Services.
TERMS OF USE A. PLEASE READ THESE TERMS CAREFULLY. YOUR ACCESS TO AND USE OF THE SERVICES ARE SUBJECT TO THESE TERMS. IF YOU DISAGREE OR CANNOT FULLY COMPLY WITH THESE TERMS, DO NOT ATTEMPT TO ACCESS AND/OR
More informationCOMPUTER & INFORMATION TECHNOLOGY CENTER. Information Transfer Policy
COMPUTER & INFORMATION TECHNOLOGY CENTER Information Transfer Policy Document Controls This document is reviewed every six months Document Reference Document Title Document Owner ISO 27001:2013 reference
More informationElectronic Network Acceptable Use Policy
Electronic Network Acceptable Use Policy 2016-2017 www.timothychristian.com ELECTRONIC NETWORK ACCEPTABLE USE POLICY Electronic Network This Policy is intended to serve as a guide to the scope of TCS s
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationEffective security is a team effort involving the participation and support of everyone who handles Company information and information systems.
BACKED BY REFERENCE GUIDE Acceptable Use Policy GENERAL GUIDANCE NOTE: This sample policy is not legal advice or a substitute for consultation with qualified legal counsel. Laws vary from country to country.
More informationRequest for Proposal HIPAA Security Risk and Vulnerability Assessment. May 1, First Choice Community Healthcare
Request for Proposal HIPAA Security Risk and Vulnerability Assessment May 1, 2016 First Choice Community Healthcare Timeline The following Timeline has been defined to efficiently solicit multiple competitive
More informationUNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017
UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017 I. Introduction Institutional information, research data, and information technology (IT) resources are critical assets
More informationHMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING. Created By:
HMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING Created By: Overview The purpose of this presentation is to emphasize the importance of security when using HMIS. Client information
More informationHIPAA AND SECURITY. For Healthcare Organizations
HIPAA AND EMAIL SECURITY For Healthcare Organizations Table of content Protecting patient information 03 Who is affected by HIPAA? 06 Why should healthcare 07 providers care? Email security & HIPPA 08
More informationIT ACCEPTABLE USE POLICY
CIO Signature Approval & Date: IT ACCEPTABLE USE POLICY 1.0 PURPOSE The purpose of this policy is to define the acceptable and appropriate use of ModusLink s computing resources. This policy exists to
More informationTable of Contents. PCI Information Security Policy
PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology
More informationACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010
INFORMATION SECURITY POLICY EMAIL ACCEPTABLE USE ISO 27002 7.1.3 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-7.1.3 No: 1.0 Date: 10 th January 2010 Copyright Ruskwig
More informationBeam Technologies Inc. Privacy Policy
Beam Technologies Inc. Privacy Policy Introduction Beam Technologies Inc., Beam Dental Insurance Services LLC, Beam Insurance Administrators LLC, Beam Perks LLC, and Beam Insurance Services LLC, (collectively,
More informationLOYOLA UNIVERSITY MARYLAND. Policy and Guidelines for Messaging to Groups
LOYOLA UNIVERSITY MARYLAND Policy and Guidelines for Messaging to Groups October 29, 2013 LOYOLA UNIVERSITY MARYLAND Policy and Guidelines on Messaging to Groups Transmission of messages to groups of recipients
More informationCommonwealth of Pennsylvania Governor's Office
Commonwealth of Pennsylvania Governor's Office Subject: Commonwealth of Pennsylvania Information Technology Acceptable Use Policy Number: 205.34 Amended Date: July 20, 2010 By Direction of: Naomi Wyatt,
More informationSHS Annual Information Privacy and Security Training
SHS Annual Information Privacy and Security Training Purpose for Training Samaritan Health Services has created the following training to meet the annual regulatory requirements for education related to
More informationUNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017
UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017 I. Introduction Institutional information, research data, and information technology (IT) resources are critical assets
More informationIs your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner
Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial
More information2017_Privacy and Information Security_English_Content
2017_Privacy and Information Security_English_Content 2.3 Staff includes all permanent or temporary, full-time, part-time, casual or contract employees, trainees and volunteers, including but not limited
More informationData Backup and Contingency Planning Procedure
HIPAA Security Procedure HIPAA made Easy Data Backup and Contingency Planning Procedure Please fill in date implemented and updates for your facility: Goal: This document will serve as our back-up storage
More informationColumbine Knolls South/Estates Policy
Columbine Knolls South/Estates E-mail Policy The purpose of this policy is to define how the Columbine Knolls South/Estates (CKS/E) Homeowners Association (HOA) e-mail account shall be used and to make
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationCleveland State University General Policy for University Information and Technology Resources
Cleveland State University General Policy for University Information and Technology Resources 08/13/2007 1 Introduction As an institution of higher learning, Cleveland State University both uses information
More informationIBM Managed Security Services for Security
Service Description 1. Scope of Services IBM Managed Security Services for E-mail Security IBM Managed Security Services for E-mail Security (called MSS for E-mail Security ) may include: a. E-mail Antivirus
More informationViolations of any portion of this policy may be subject to disciplinary action up to and including termination of employment.
Page 1 of 6 Policy: All computer resources are the property of Lee County and are intended to be used for approved County business purposes. Users are permitted access to the computer system to assist
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationAuckland District SUPPORT SERVICES Board Policy Health Board (Section 7) Manual ELECTRONIC MAIL
Auckland District SUPPORT SERVICES Board Policy Health Board (Section 7) Manual Overview Purpose Electronic mail (email) is a business communication tool within ADHB and this policy outlines use of email
More informationCanadian Anti-Spam Legislation (CASL)
Canadian Anti-Spam Legislation (CASL) FREQUENTLY ASKED QUESTIONS The purpose of this document is to assist and guide U of R employees regarding their obligations under the Canadian Anti-Spam Legislation
More informationHIPAA UPDATE. Michael L. Brody, DPM
HIPAA UPDATE Michael L. Brody, DPM Objectives: How to respond to a patient s request for a copy of their records. Understand your responsibilities after you send information out to another doctor, hospital
More informationThis Policy applies to all staff and other authorised users in St Therese School.
St. Therese School Computer and Internet Policy STAFF Policy Statement All staff and other authorised users of St Therese information and communications technology are to use the technology only in a way
More informationMobile Application Privacy Policy
Mobile Application Privacy Policy Introduction This mobile application is hosted and operated on behalf of your health plan. As such, some information collected through the mobile application may be considered
More informationAccess to personal accounts and lawful business monitoring
Access to personal email accounts and lawful business monitoring Contents Policy statement... 2 Access to personal emails... 2 Manager suspects misuse... 3 Lawful business monitoring... 4 Additional information...
More informationShaw Privacy Policy. 1- Our commitment to you
Privacy Policy last revised on: Sept 16, 2016 Shaw Privacy Policy If you have any questions regarding Shaw s Privacy Policy please contact: privacy@shaw.ca or use the contact information shown on any of
More informationElements of a Swift (and Effective) Response to a HIPAA Security Breach
Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More information1 Privacy Statement INDEX
INDEX 1 Privacy Statement Mphasis is committed to protecting the personal information of its customers, employees, suppliers, contractors and business associates. Personal information includes data related
More informationInformation Technology Standards
Information Technology Standards IT Standard Issued: 9/16/2009 Supersedes: New Standard Mobile Device Security Responsible Executive: HSC CIO Responsible Office: HSC IT Contact: For questions about this
More informationComputer Use and File Sharing Policy
Computer Use and File Sharing Policy Williamson College recognizes the value of computer and other electronic resources to improve student learning and enhance the administration and operation of its school.
More information19 Dec The forwarding and returning obligation does not concern messages containing malware or spam.
E-mail rules 1/5 E-mail rules These e-mail rules concern all users of the university's e-mail systems. The parts aimed at university staff members concern all of the University's units, their employees
More informationStaff Information System Acceptable Use Policy
Staff Information System Acceptable Use Policy Hing Shung Chan Vice President of Information Technology Information Security Officer Table of Contents I. Definitions II. Rights and Responsibilities III.
More informationUniversity of Mississippi Medical Center Data Use Agreement Protected Health Information
Data Use Agreement Protected Health Information This Data Use Agreement ( DUA ) is effective on the day of, 20, ( Effective Date ) by and between (UMMC) ( Data Custodian ), and ( Recipient ), located at
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationInformation Privacy and Security Training Authored by: Office of HIPAA Administration
Information Privacy and Security Training 2018 Authored by: Office of HIPAA Administration Objectives After you finish this Computer-Based Learning (CBL) module, you should be able to: Define privacy practices
More informationREGULATION BOARD OF EDUCATION FRANKLIN BOROUGH
R 3321/Page 1 of 6 The school district provides computer equipment, computer services, and Internet access to its pupils and staff for educational purposes only. The purpose of providing technology resources
More informationBring Your Own Device Policy
Title: Status: Effective : Last Revised: Policy Point of Contact: Synopsis: Bring Your Own Device Policy Final 2017-Jan-01 2016-Nov-16 Chief Information Officer, Information and Instructional Technology
More informationSERVICES and MICROSOFT HOSTED EXCHANGE
EMAIL SERVICES and MICROSOFT HOSTED EXCHANGE 1. Description of Service. Web.com may provide you with the capability of sending and receiving electronic mail via the Internet and through mobile phones ("Email
More informationBCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement
BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement BCN TELECOM, INC. ( BCN" or "Company") has established practices and procedures adequate to ensure compliance
More informationHIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017
HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting
More informationImplementing an Audit Program for HIPAA Compliance
Implementing an Audit Program for HIPAA Compliance Mike Lynch Fifth National HIPAA Summit November 1, 2002 Seven Guiding Principles of HIPAA Rules Quality and Availability of Care Nothing in the proposed
More information