Information Security
Transcript: Users shall not have the expectation that their email or other electronic communications are private. CHS may capture user activity such as web sites visited. CHS reserves the right, at any time and without prior notice, to examine email, files, and other information stored on CHS information systems. Content of electronic communications should be accurate, sent to recipients with the minimum necessary information based on a need-to-know and sent or posted with appropriate security measures Every user has a responsibility to protect CHS’ public image. Users must avoid communicating anything that might appear inappropriate or misconstrued as inappropriate Do not download any non-standard/non-approved applications to CHS devices. Do not open unknown email attachments. Do not use instant messaging features Shall not copy, release, transmit, sell, loan, alter, purge or destroy any confidential information except as properly authorized Communications Content Ensuring that PHI is exchanged only with properly authorized entities, and that electronic transmissions containing PHI are properly encrypted and secured Security Policies Information Security Promptly reporting any privacy or security concerns to your Facility Security Officer Users are prohibited from installing, distributing, copying or modifying any software programs Confidential Information Single Sign On Never share or disclose user IDs or passwords, nor ask others to do so. Personal Conduct Users are prohibited from installing software from outside sources on their CHS workstations. Such software is not licensed for use by CHS, or may interfere with the operation of other company resources Must be a least 5 characters but no more than 8 long. Passwords Work Station Security Users are responsible for protecting information on their computers, and must use precautions to physically protect equipment and information Dispose of confidential information utilizing company-provided secure receptacles The following behaviors are strictly prohibited: Accessing obscene, sexually explicit, or pornographic material from company resources. Sending harassing, libelous, and disruptive, threatening, racially harassing, or sexually harassing messages, or using any language that could be construed to make the work environment a hostile workplace. Tying up computer resources by downloading music, movies, software or other applications, or using excessive amounts of storage or sending large file attachments. This could cause congestion, delay, or disruption of service to company systems, and degrades the performance of the entire network. Using company systems to advertise, provide services, or sell commercial products. Use of any company information technology resources for personal gain or profit is prohibited. Using company resources in a manner that interferes with performance of employment responsibilities; for example, tying up printers doing non-company related work. Sending messages with religious, racial, political, or sexual overtones; expressing bigotry, hatred, harassment, abuse, or threats of harm to anyone. Creating, copying, or sending frivolous or excessive messages, including chain letters, junk mail, advertising material, or spam. Must be reset every 90 days. Users are responsible for protecting information on their computers, and must use precautions to physically protect equipment and information Must begin with a letter. Case sensitive. Password history. Passwords may not be reused. Complying with use and disclosure processes as if electronic information were paper Removable Media Personal Responsibilities for Security Users should not move or relocate company-provided computing equipment. All computing equipment moves are to be scheduled through the IS Department Stay away from special characters. Do not leave programs running or data visible when computer is unattended. Lock system (press Window key + L) when leaving the computer for any length of time. Use screen savers with activated passwords, and position screens away from public view Laptops shall not be left unattended and unsecured (for example, left on the desk when not in use or overnight in the workplace); they must be locked up. Laptops must not be left in a car, exposed to weather, magnetic fields or radiation. Individually identifiable PHI (protected health information) should not be stored on mobile electronics All personnel must ensure that confidential information is being appropriately protected, in accordance with existing HIPAA federal laws and company policies and associated information security policies and standards. Adhering to all Security policies, standards, procedures, and CHS Code of Conduct No Expectation of Privacy INFORMATION SYSTEMS Non-compliance Important data should not be stored on the local hard drive (the C: drive). Local hard drives are not backed up, and in the case of a hardware failure or theft, the data would be lost. All important data should be stored
Prezi Present
Prezi Video
Prezi Design
