• No results found

II-105 Acceptable Use of Information Resources

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "II-105 Acceptable Use of Information Resources"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Children's Hospital Medical Center Online Policies

II-105 Acceptable Use of Information

Resources

Original Date: 4/20/2005 Last Review Date: 5/12/2008

Purpose

Users must not misuse corporate systems in such a way that they intentionally or

unintentionally have a negative impact on CCHMC or place CCHMC’s reputation at risk.

Policy

CCHMC’s information technology resources have been assembled to facilitate the pursuit of excellence in CCHMC's missions of treatment, research and education. The opportunity to use computing systems and software, as well as internal and external data networks, is important to all CCHMC Personnel. To preserve that opportunity, all CCHMC Personnel must comply with institutional and external standards for acceptable use of these shared resources.

Although modest personal use of CCHMC-supplied technology resources may improve the skills of individual users and otherwise contribute indirectly to CCHMC's mission, these resources should be used primarily for CCHMC work-related purposes.

Process

Primary Guidelines

1) CCHMC Personnel are expected to act in a responsible and professional

manner when they use the Internet, intranet, email system and all other CCHMC computer and network services.

2) Personal use of the Internet and email should be very limited.

3) Activities and communications that may reflect unfavorably on CCHMC are

strictly forbidden.

Individual Responsibilities

(2)

Uses that interfere with the proper functioning of CCHMC's information technology resources are prohibited. Such inappropriate uses would include, but are not limited to, insertions of viruses into computer systems, tapping a network or running a "sniffer" program, sending email “spam,” or chain letters, destruction of another's files, use of software tools that attack IT resources, or other violations of security standards.

2) Prohibited activities

a) The use of CCHMC computer resources to knowingly commit, or conceal

the commission of, any of the following is expressly prohibited under all circumstances:

i) Violations of local, state or federal law;

ii) Regulatory violations; and

iii) Fraud, waste, or abuse of any CCHMC resource.

b) Except when performed in an official, CCHMC-sanctioned capacity, use of

CCHMC computer resources to view, download, store, transmit or otherwise distribute documents, images or programs related to the following is expressly prohibited:

i) Pornographic materials;

ii) Materials encouraging the commission of criminal acts, including

“How-to” guides;

iii) Defamatory, offensive, or inflammatory language; and

iv) Statements that disparage any person or group based on race,

gender, age, religion, national origin, disability or sexual orientation. 3) Respect the rights of others

a) Interference with the ability of other users to make appropriate use of the

resources is prohibited.

b) Such inappropriate uses include, without limitation, invading the privacy of

another's files or otherwise gaining unauthorized access to the files of another. Such uses include but are not limited to denial of service attacks, misrepresentation, forgery and use of software tools that attack IT

resources.

(3)

a) Access, use or disclosure of restricted or confidential data (e.g. EPHI -

Electronic Protected Health Information) without authorization or need-to-know for treatment, payment or operations purposes is prohibited.

b) Where access to restricted data is permitted, use of such data shall be

limited to the purpose for which access was authorized. 5) Adhere to software use guidelines

a) Only properly licensed, obtained and approved software may be installed

on CCHMC computers.

b) Non-standard software that interferes with the proper and reliable

operation of standard CCHMC business applications, computers,

networks, or other CCHMC computing resources is expressly prohibited. c) Except where expressly permitted by CCHMC site licenses, duplication or

distribution of CCHMC-licensed software for personal use shall be deemed a violation of this policy.

6) Avoid excessive personal use

a) Personal use of computer resources should be kept to a minimum.

b) Personal use may be excessive if it takes place during regularly scheduled

work time, if it overburdens a network, if it results in substantial use of system capacity, or if it otherwise subjects CCHMC to increased operating costs.

c) Personal computer use that affects quantity or quality of work, or becomes

a distraction to patients or coworkers, shall be deemed excessive. 7) Refrain from prohibited personal use

a) Information technology resources shall not be used for personal

commercial gain, for charitable solicitations unless these are authorized by the appropriate CCHMC senior management, or for personal political activities such as campaigning for candidates for public office.

b) Faculty and staff consulting consistent with CCHMC guidelines is

permissible.

8) Use CCHMC name only as authorized

a) Users should avoid creating the impression they are speaking on behalf of

(4)

b) Although electronic exchange of ideas is encouraged, users shall take

appropriate steps to avoid the possible inference that communication of a message via CCHMC email systems or posting to an electronic forum connotes official CCHMC authorization or endorsement of the message. 9) Adhere to other CCHMC policies

a) Inappropriate use of CCHMC computer resources may violate a number of

generally applicable CCHMC policies.

b) Users should familiarize themselves with CCHMC policies and procedures

that may be affected by use of computer resources (For examples refer to HIPAA Privacy Policy I-401 Safeguards).

Other Policies and Rules

Individual departments and units within CCHMC may define additional written policies or conditions of use for personnel under their control. Policy statements must be consistent in principle with this CCHMC policy, but may provide

additional detail, guidelines or restrictions on acceptable use of information technology resources.

Applicability

This policy applies to all CCHMC Personnel and any other party who is authorized to access the CCHMC network including Medical Staff members, remote access users, consultants, temporary employees, and vendors.

Regulatory Authority

HIPAA Regulations: 45 CFR Subtitle A, Subchapter C, Part 164 164. 308 Administrative safeguards.

¾ (a)(1)(i) Standard: Security management process.

Compliance

All CCHMC Personnel, community physicians, and business partners must comply with this policy and the associated standards and procedures. Any CCHMC Personnel found to be in violation of the privilege of CCHMC-facilitated access to business systems, or in violation with this policy, may be subject to disciplinary action, up to and including

termination of employment. Medical Staff Members may also be subject to denial or removal of their privileges as part of the disciplinary process. Federal, state, and/or local law enforcement agencies may be notified if evidence of criminal actions exists. Any business partner found to be in violation of the privilege of CCHMC-facilitated access to business systems, or in violation with this policy, may be sanctioned, which could

(5)

agreement between CCHMC and the business partner, discipline by the Medical Staff, and any other action deemed appropriate.

Refer to CCHMC Personnel Policy F-05 Employee Discipline for additional information regarding disciplinary action.

Implementation

The following parties are responsible for implementing and enforcing this policy: • Policy authority for this document resides with the Chief Information Officer and

the HIPAA Security Officer.

• All requests for exceptions to this policy or its standards must be submitted in writing, with justification to the HIPAA Security Officer.

This policy has been reviewed and approved by the following parties: • Chief Information Officer

• HIPAA Security Officer

References

Download now ( PDF - 5 Page - 71.51 KB )

Related documents

ACCEPTABLE USE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY

All users of the Eastern School Board’s information and communications technology (ICT) systems must agree to conform to specific parameters and guidelines with respect to

Acceptable Use of Information Technologies

NorthWestNet embraces the mission to promote research, education, and economic development by providing access to network communications, computing, and electronic information

Acceptable Use of Information Technology Policy

 Using VAW computing facilities for commercial gain, for work on behalf of others, or for private business use (unconnected with the legitimate activities of the member of

IT1. Acceptable Use of Information Technology Resources. Policies and Procedures

innovative use of technologies.” To that end, Information Technology Solutions (hereinafter IT Solutions) will “make a positive contribution to meet the goals of the

USE OF TECHNOLOGY RESOURCES IN INSTRUCTION

Page 8 of 9 As a means of providing safety and security in direct electronic communications and to prevent abuses to the appropriate use of electronic equipment, all

Acceptable Use of Information Technology (IT) Resources

Users must not install, attach, or download any hardware or software without prior documented approval from their Chief Information Officer, Information Security Officer,

Golden Strategy - Forex

Along the vertical line (A), all conditions for placing a long trade were met at once - the price crossed above the 55 SMMA set to High, the 55 %R crossed above the -25 level and

ACCEPTABLE USE OF INFORMATION TECHNOLOGY RESOURCES

Information technology resources, including the University's electronic address (e-mail, web), shall not be used for personal commercial gain, for charitable solicitations