NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.

Similar documents
Date of Next Review: May Cross References: Electronic Communication Systems- Acceptable Use policy (A.29) Highway Traffic Act

CELL PHONE POLICY Page 1 of 5 City of Manteca Administrative Policy and Procedure

Mobile Communication Devices. 1.0 Purpose. 2.0 Policy NO Virginia Polytechnic Institute and State University

Wireless Communication Device Use Policy

Cell Phone Policy. 1. Purpose: Establish a policy for cell phone use and compensation allowance.

Wireless Services Allowance Procedure

CITY OF DUBUQUE ADMINISTRATIVE POLICY REVISED OCTOBER 24, 2011 RETROACTIVE TO JANUARY 1, 2011

Privacy Policy on the Responsibilities of Third Party Service Providers

I. Policy Statement. University Provided Mobile Device Eligibility Policy Effective Date: October 12, 2018

Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015

KSU Policy Category: Information Technology Page 1 of 5

Cell Phones PROCEDURE. Procedure Section: Business and Administrative Matters - Purchasing 607-A. Respectfully submitted by:

Wireless Communication Stipend Effective Date: 9/1/2008

University of Wyoming Mobile Communication Device Policy Effective January 1, 2013

Cell and PDAs Policy

Use of Mobile Devices on Voice and Data Networks Policy

SAFE USE OF MOBILE PHONES AT WORK POLICY

BHIG - Mobile Devices Policy Version 1.0

HIPAA Privacy and Security Training Program

PRIVACY STATEMENT. Effective Date 11/01/17.

A. Facilities and critical systems employees subject to afterhours call out.

MOTT COMMUNITY COLLEGE. Procedure for Cellular Telephones

FERPA & Student Data Communication Systems

Department of Public Health O F S A N F R A N C I S C O

TELEPHONE AND MOBILE USE POLICY

Acceptable Use Policy

HIPAA Federal Security Rule H I P A A

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Wireless Communication Device Policy Policy No September 2, Standard. Practice

Cellphone Provision Policy

Excelity Privacy Statement & Terms of Use. August 2017

Policies, Procedures, Guidelines and Protocols. John Snell - Head of Workforce Planning, Systems and Contributors

WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) ITS Responsible Use of Telephone, Telecommunications, and Networking Resources ISUPP 2280

Subject: University Information Technology Resource Security Policy: OUTDATED

Freedom of Information and Protection of Privacy (FOIPOP)

Personal Communication Devices and Voic Procedure

ACCEPTABLE USE OF HCHD INTERNET AND SYSTEM

COUNTY OF EL DORADO, CALIFORNIA BOARD OF SUPERVISORS POLICY

Name of Policy: Computer Use Policy

Rowing Canada Aviron. Online Registration System - Protection of Personal Privacy. Policy Statement

Policy: Telephone and Cell Phone

PRIVACY NOTICE. 1.2 We may obtain or collect your Personal Data from various sources including but not limited to:

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Standard mobile phone a mobile device that can make and receive telephone calls, pictures, video, and text messages.

Bring Your Own Device (BYOD) Policy

The University of British Columbia Board of Governors

CELLULAR TELEPHONE EQUIPMENT AND SERVICES POLICY

FAQS Guide for Cellular and Other Mobile Computing Devices Employees and Supervisors

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Minnesota West Community and Technical College A GUIDE TO APPROVING, ORDERING, AND USING CELLULARAND OTHER MOBILE COMPUTING DEVICES AND SERVICES

UWTSD Group Data Protection Policy

ATTACHMENT A POLICES AND PROCEDURES REGARDING CELLULAR TELEPHONES AND MOBILE COMMUNICATION DEVICES

WIRELESS DEVICES: ACCEPTABLE USE AND GUIDELINES

Employee Security Awareness Training Program

Data Processing Agreement

1 Privacy Statement INDEX

Recruitment Privacy Notice

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

Privacy Policy GENERAL

Subject: Kier Group plc Data Protection Policy

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

UTAH VALLEY UNIVERSITY Policies and Procedures

Virtua Health, Inc. is a 501 (c) (3) non-profit corporation located in Marlton, New Jersey ( Virtua ).

Cleveland State University General Policy for University Information and Technology Resources

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders

St. Joseph s General Hospital LOCKDOWN EMERGENCY RESPONSE PLAN

Red Flags/Identity Theft Prevention Policy: Purpose

Beam Technologies Inc. Privacy Policy

Motorola Mobility Binding Corporate Rules (BCRs)

Barrie Baydogs Triathlon Club Inc (Baydogs) Privacy Policy

Access to University Data Policy

Our Commitment To Privacy PRIVACY POLICY. Last Modified July 26, 2018

ELECTRONIC MAIL POLICY

Department of Public Health O F S A N F R A N C I S C O

Website Privacy Policy

Shaw Privacy Policy. 1- Our commitment to you

WIRELESS DEVICES: ACCEPTABLE USE AND GUIDELINES

Presidential Guidelines Governing UCOP Mobile Devices

The Data Protection Act 1998 Clare Hall Data Protection Policy

Data Processing Agreement for Oracle Cloud Services

Policies and Procedures Date: February 28, 2012

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

INFORMATION ASSET MANAGEMENT POLICY

CELLULAR TELEPHONE USE POLICY

Mobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Wireless Network Standard

Acquisition & Use of University Supplied Mobile Devices Policy

B. Employees are expected to make personal calls on non-work time and to ensure that friends and family members are aware of the City s policy.

The General Data Protection Regulation

Mobile Device policy Frequently Asked Questions April 2016

UWC International Data Protection Policy

SUBJECT: Cellular Phone Policy Effective Date: 7/1/2010. Department: Information Technology Policy No.: IT-1002

INVESTIGATION REPORT , , ,

EXHIBIT A. - HIPAA Security Assessment Template -

DEPARTMENT OF THE NAVY UNITED STATES NAVAL ACADEMY 121 BLAKE ROAD ANNAPOLIS MARYLAND

PROCEDURE POLICY DEFINITIONS AD DATA GOVERNANCE PROCEDURE. Administration (AD) APPROVED: President and CEO

Checklist: Credit Union Information Security and Privacy Policies

Transcription:

TITLE MOBILE WIRELESS DEVICES AND SERVICES SCOPE Provincial APPROVAL AUTHORITY Alberta Health Services Executive SPONSOR Information Technology PARENT DOCUMENT TITLE, TYPE AND NUMBER Not applicable DOCUMENT # 1160 INITIAL EFFECTIVE DATE February 4, 2015 REVISION EFFECTIVE DATE October 24, 2017 SCHEDULED REVIEW DATE October 24, 2019 NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section. If you have any questions or comments regarding the information in this document, please contact the Policy & Forms Department at policy@ahs.ca. The Policy & Forms website is the official source of current approved policies, procedures, directives, standards, protocols and guidelines. OBJECTIVES To outline the allocation and acceptable use of Alberta Health Services (AHS) owned mobile devices as well as personally owned mobile devices used to access AHS resources (hereinafter collectively referred to as mobile wireless devices ) throughout AHS. To provide AHS representatives with an understanding of the criteria employed in the procurement and allocation of mobile wireless devices, and direction on their accepted use for health care delivery and business services. To protect information in the custody and control of AHS while being transmitted and/or stored on mobile wireless devices. PRINCIPLES AHS recognizes the vital role mobile wireless devices play in the access, use and transmission of information for health care delivery and business services. It is recognized that some personally owned mobile devices are currently being used by AHS representatives to conduct AHS business. All AHS owned and personal mobile wireless devices used to access AHS resources shall comply with applicable legislation, the AHS Code of Conduct, and AHS bylaws, policies, and procedures. APPLICABILITY Compliance with this document is required by all Alberta Health Services employees, members of the medical and midwifery staffs, students, volunteers, and other persons acting on behalf of Alberta Health Services (including contracted service providers as necessary). Alberta Health Services (AHS) PAGE: 1 OF 8

ELEMENTS TITLE EFFECTIVE DATE DOCUMENT # 1. Eligibility Criteria 1.1 Only AHS-owned mobile wireless devices and personally owned devices that meet AHS mobility standards shall be allowed on to the AHS network environment. Personal patient-supplied mobile wireless devices are required to connect to the AHS Public Network. 1.2 An AHS mobile wireless device may be issued to an AHS representative upon appropriate approval. a) All mobile wireless devices must be approved by the representative s supervisor (minimum, Executive Director), and requested through the IT Customer Service Portal. b) Information Technology Leadership has the ability to deny or restrict approval of new devices based on budget availability and other considerations. 1.3 Approval may be based on one or more of the following business needs: a) Member of Executive/Senior Leadership Team and their support staff that are required to be readily accessible on short notice. b) AHS representatives that are required to utilize mobile wireless device(s) as part of their job responsibilities. c) AHS representives that are frequently away from the office due to job responsibilities. d) AHS representives that are a key contact during an emergency (e.g. Business Continuity Representative). e) AHS representatives that require a mobile wireless device for safety reasons due to job responsibilities or working conditions (e.g. remote care worker, frequent traveller, work alone, perform hazardous work). f) Required by Management/Supervisor as part of a work or on-call responsibility. 1.4 Criteria for transferring or returning an AHS mobile wireless device includes: a) Should an AHS representative move to a new team within AHS, the former and current managers shall determine if/what related mobile wireless device(s) should remain with the team or follow the AHS representative in their new role. Alberta Health Services (AHS) PAGE: 2 OF 8

b) Should an AHS representative leave AHS, their mobile wireless device(s) may be transferred to a new AHS representative assuming the role, or returned to Mobility Services for reallocation. c) To transfer a mobile wireless device, the new user must contact the Service Desk to initiate reconfiguration of the mobile wireless device(s) and carrier settings by Mobility Services. d) Mobile wireless device(s) no longer required must be returned to Mobility Services at an address provided on the Mobility Services Support page on Insite. 2. International Roaming 2.1 By default, international roaming is disabled on all AHS mobile wireless devices. 2.2 Personally funded international roaming options are available to staff by contacting Mobility Services no less than seven (7) business days prior to travel. 2.3 Roaming charges incurred while on any type of personal leave may require reimbursement to AHS, with the exception of representatives who are on call during the leave. 2.4 Mobile wireless device usage for out of country business travel must be approved prior to travel taking place: a) A Vice President, or higher does not require approval for out of country business travel, but must contact Mobility Services to request an international roaming package no less than seven (7) business days prior to travel. b) Other AHS Representives must receive Vice President approval for out of country business travel, and contact Mobility Services after approval to request an international roaming package no less than seven (7) business days prior to travel. 2.5 When travelling outside of Canada with an AHS owned device, including travel to the United States, it is the AHS representative s responsibility to read and comply with the Travelling with Your AHS Mobile Device guide provided on Insite, be attentive to international data roaming charges which can be significant, and use Wi-Fi wherever available. Use of data for personal reasons when roaming internationally, and especially with bandwidth intensive applications, can result in significant data charges for which the AHS representative shall be required to reimburse AHS. 3. Mobile Wireless Device Education for Users 3.1 All AHS representatives who are authorized and assigned the use of an AHS owned mobile wireless device for business purposes are required to educate Alberta Health Services (AHS) PAGE: 3 OF 8

themselves and be fully familiar on the appropriate terms of use of their device as it pertains to AHS. 3.2 All AHS representatives are expected to be knowledable of applicable policies, documentation, suggested readings, and self-education resources listed in the Reference section of this policy, and related resources provided on the Mobility Services home page on Insite. 4. Information Security and Privacy 4.1 Health, personal, and business information in the custody and control of AHS is not to be collected, accessed, transmitted, or stored on mobile wireless devices unless the mobile wireless device meets the information security requirements outlined in the Information Technology (IT) Acceptable Use Policy and applicable Information Risk Management Standards. 4.2 Collection, access, disclosure, transmission, and storage of information in the custody and control of AHS on a mobile wireless device must be in accordance with the Health Information Act (HIA) (Alberta), the Freedom of Information and Protection of Privacy Act (FOIP) (Alberta), and applicable AHS policies. 4.3 Health, personal, and business information in the custody and control of AHS may only be transmitted by Short Message Service (SMS or Text Messaging), Multimedia Messaging Service (MMS), or any other messaging application (including email) from a mobile wireless device, if the transmission is in accordance with the requirements in the HIA, FOIPP, and applicable AHS policies. Transmission of personal, health, and business information in the custody and control of AHS must meet or exceed the encryption and information security standards in place for transmission of information by electronic mail as set out in the Transmission of Information by Facsimile and Electronic Mail Policy and the Emailing Personally Identifiable Information Procedure. 4.4 Mobile wireless device users must take reasonable precautions when making a call or viewing information on a mobile wireless device to ensure that health, personal, and business information in the custody and control of AHS cannot be overheard and/or viewed by unauthorized parties. 5. Photography, Audio, and Video Recordings 5.1 Photography, audio, or video recordings containing personal or health information are to be managed on AHS owned mobile wireless devices or other devices specifically designated for medical recordings, and treated as health information in accordance with the HIA and applicable AHS policies and procedures. 5.2 AHS Representatives must not use a personal mobile wireless device to record any photographs, audio, or videos for medical and educational purposes. These recordings must be managed in accordance with the HIA and FOIP, and have the prior written consent of all individuals being recorded, using the Consent to Collect, Use, and Disclose Photograph, Video and/or Sound Recordings Form. Alberta Health Services (AHS) PAGE: 4 OF 8

5.3 Photography, audio, or video recordings not containing health or personal information are to be managed in accordance with applicable AHS policies and procedures. Whenever possible, AHS representatives are to use AHS owned mobile wireless devices or other recording devices for recordings taken for AHS business purposes. 5.4 Patients/clients and visitors using mobile wireless devices or other recording devices to take photographs, videos, or audio recordings in an AHS facility are to be advised that they must respect the privacy of AHS representatives and other patients and visitors who do not consent to being recorded, and must not collect health or personal information of other individuals in the recording. Further guidance for representatives is provided in the Guidance for Staff Regarding Audio Video Recordings document. 6. Use of Mobile Wireless Devices in AHS Facilities 6.1 Reasonable use of personal mobile wireless device(s) is permitted in AHS facilities in accordance with the principles of the Code of Conduct and applicable policies and procedures 6.2 Representatives shall be considerate of their surroundings and ensure privacy and safety when using a mobile wireless device in AHS facilities. 7. Personal Use of AHS Mobile Wireless Devices 7.1 Personal use of mobile wireless devices includes, but is not limited to voice, texting, data usage, downloading and utilizing applications, and long distance calling. AHS reserves the right to audit, store or review all uses and data stored on AHS provisioned devices. 7.2 Mobile wireless devices provided by Mobility Services are the property of AHS. AHS representatives may use AHS issued mobile wireless devices for personal use provided that such use: a) protects the confidentiality, integrity and security of health and personal information and other assets; b) does not interfere in the performance of their employment or contractual duties; c) the services are not used to transmit or send inappropriate, improper, annoying, excessive, threatening or obscene material or to otherwise harass, offend, threaten, embarrass, distress or invade the privacy of any individual or entity, and is used in accordance with the IT Acceptable Use Policy; d) does not result in a net material cost to the organization; e) is consistent with professional conduct; Alberta Health Services (AHS) PAGE: 5 OF 8

f) is not for personal or financial gain in accordance with the Conflict of Interest Bylaw; and g) does not cause support issues from the use of non-business related applications. 7.3 Excessive charges on an AHS mobile wireless device may require reimbursement. 7.4 Mobile wireless devices should not be loaned or shared with others, including friends or family. Usage is the responsibility of the AHS representative assigned to the device. 8. Personal Liability for Mobile Wireless Device Usage Costs 8.1 While AHS representatives may use AHS mobile wireless devices for personal use, in various cases, an AHS representative may be required to reimburse AHS for the following types of personal use expense: a) Personal long distance charges. b) Minutes, text, data usage, or fees related to premium-rate telephone numbers called for online services such as chat lines, competitions or voting. 9. Lost or Stolen Mobile Wireless Device 9.1 If a mobile wireless device is lost or stolen, the AHS representive must report the incident immediately to the IT Service Desk. The IT Service Desk shall alert Information Risk Management for a follow-up investigation, and if appropriate, Information Risk Management shall notify Information & Privacy in accordance with AHS Information Security & Privacy Safeguards Policy. 10. Business Use of Personal Mobile Wireless Device 10.1 An AHS representative may be eligible to request reimbursement for business calls made on their personal mobile wireless device. Written approval from the AHS representative s direct supervisor (minimum, Executive Director) must be obtained before the expense can be incurred. A copy of the approval and documentation of the incurred charges must be included with the AHS representative s expense claim. 10.2 AHS representatives eligible to claim reimbursement for business calls made on their personal mobile wireless device must provide proper documentation indicating they incurred a charge for the business call and submit their claim for reimbursement using an expense claim. Reimbursement will not be made if the business calls were made within a period of unlimited usage included in the rate plan, or where reasonable cost-free alternatives exist. 11. Mobile Wireless Device Use While Driving a Vehicle Alberta Health Services (AHS) PAGE: 6 OF 8

11.1 In accordance with the Distracted Driving Regulation (Alberta), a driver must use hands-free voice activated functions and not hold, view or manipulate an electronic communication device that can send or receive phone calls, electronic data, electronic mail or text messages while the vehicle is in motion. 11.2 Emergency Medical Services (EMS) health care providers are expected to comply with all of the required standards and expectations and outlined in the Operating Emergency Medical Services Vehicles Policy. 12. Infection Prevention and Control for Mobile Wireless Devices DEFINITIONS 12.1 AHS mobile wireless devices should be cleaned and disinfected in accordance with the Infection Prevention & Control (IPC) Best Practice Guideline: Cleaning and Disinfection of IT Equipment. AHS Representative(s) means AHS employees, members of the medical and midwifery staffs, students, volunteers, and other persons acting on behalf of AHS (including contracted service providers as necessary). Health Information means one or both of the following: a) diagnostic, treatment and care information; and b) registration information (e.g. demographics, residency, health services eligibility, or billing). Mobile Wireless Devices means smartphones, cellular phones, tablet computers (e.g. ipads) excluding laptop computers, wireless data cards (air-cards), mobile data terminals (MDT), Two- Way Radios, and pagers. Multimedia Messaging Service (MMS) means a technology which enables mobile devices to exchange messages which include a variety of media, such as photos, video, and audio. MMS can also deliver text-based messages greater than 160 characters in length. MMS operates via a Mobile Wireless Network. Personal information means recorded information, not covered by the HIA, of any kind stored in any format that identifies an individual including, but not limited to: a) address and contact information (including an identifying number or symbol assigned to an individual); b) race, ethnic origin, gender or marital status; c) educational, financial, employment or criminal history; d) opinions of others about the person; e) the image of a person on a photograph; and Alberta Health Services (AHS) PAGE: 7 OF 8

f) personal views and opinions of a person (except if these are about another person). Short Message Service (SMS) means a technology that enables mobile devices to exchange short text-based messages of 160 characters or less via a Mobile Wireless Network. User means an individual who operates an AHS owned mobile wireless device or utilizes a personally owned mobile device to access AHS resources. Wi-Fi means a technology allowing devices equipped with the required components to communicate with one another wirelessly in a particular area. REFERENCES Alberta Health Services Governance Documents: o Code of Conduct o Conflict of Interest Bylaw o Access to Information (Physical, Electronic, Remote) (#1105) o Information Security & Privacy Safeguards Policy (#1143) o Collection, Access, Use, and Disclosure of Information Policy (#1112) o Contractor Requirements for Security and Privacy of Information and Information Technology Resources Policy (#1107) o Information Classification Policy (#1142) o Information Technology Acceptable Use Policy (#1109) o Transmission of Information by Facsimile and Electronic Mail Policy (#1113) o Travel, Hospitality & Working Session Expenses Approval, Reimbursement & Disclosure Policy (#1122) o Operating Emergency Medical Services Vehicles Policy (#PS-EMS-01) Alberta Health Services Resources: o Freedom of Information and Protection of Privacty Act (FOIP) and Health Information Act (HIA) Information for AHS staff o Guidance for Staff Regarding Audio Video Recordings o Infection Prevention & Control (IPC) Best Practice Guideline: Cleaning and Disinfection of IT Equipment o Information Risk Management Standards o AHS Mobile Device Guidelines for Travelling o Self-Help Information for Users of AHS Mobile Devices Non-Alberta Health Services Documents: o Distracted Driving Regulation (Alberta) o Freedom of Information and Protection of Privacy Act (Alberta) o Health Information Act (Alberta) o Traffic Safety Act (Alberta) VERSION HISTORY Date October 24, 2017 Click here to enter a date Action Taken Revised Optional: Choose an item Alberta Health Services (AHS) PAGE: 8 OF 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback