It is the policy of (Company Name) to encourage the use of computers and electronic information, including any electronic services, as tools to support our business and provide service to our customers while maintaining information authenticity, privacy, and security.
Definitions
Electronic Service - Internet, intranet, messaging (e.g., e-mail and instant messaging) or any other information delivery or exchange technology hosted by (Company Name) or accessed by (Company Name) - owned computers, including portable computers (Laptops or notebooks) and handheld devices such as company-owned personal data assistants (PDAs) and smartphones or any computer applications.
Encryption - A mathematical process that converts the normal letters and words of an e-mail into a “secret code” that appears as unreadable to anyone except the person you sent the e-mail to who has the “secret key” to decipher the message.
Workstation - All company-owned computers, including portable computers (laptops or notebooks) and desktops, as well as peripherals, such as printers, routers, facsimiles, and/or wireless network access cards, provided to employees for the purpose of conducting company business. Also included are handheld devices such as company-owned personal data assistants (PDAs) and smartphones.
Standards/Guidelines
Employees and other authorized persons may be granted access to workstations in order to perform their job duties. (People granted such access are referred to in this policy as “Users”.) Such access is discretionary on the part of the company and may be revoked at any time, and is subject to the company's other information security policies.
The use of passwords by employees does not create a private communication medium. All computer passwords must be divulged to management upon request. The use of unauthorized or undisclosed passwords is strictly prohibited.
At any time, with the approval of a vice president, management can request access to any electronic user files, including e-mail messages and instant messaging logs.
The use of encryption keys and certificates (strings of characters used for encryption/decryption) must be authorized. All keys and certificates required to decrypt company-owned information must be given upon request by management.
Electronic protected health information is information that could be used to identify a patient/resident and includes but is not limited to the following: patient/resident medical and billing information, a patient's/resident's name, address, relatives' names, birth date, telephone number, fax number, e-mail address, Social Security number, medical record number, health plan number, account number, certificate/license number, vehicle or device serial number, Web or IP address, finger or voice print, photographic image or other applicable identifiers.
When sending company-private and/or employee and patient/resident protected health information electronically, encryption must be used to ensure the privacy of the message.
The unauthorized sending of company-private and/or employee and patient/resident protected health information via e-mail or Internet/intranet is prohibited. All employee and patient/resident health information will be kept confidential and used, maintained and disclosed in accordance with applicable laws.
Information shared between legal counsel and employees or others is privileged.
Electronic services are extensions of the workplace. Abuse or inappropriate use of electronic services will subject an employee to discipline under (Company Name)'s disciplinary process up to ...