Policy Manual sample

MDT Home Health Care Agency, Inc. not have any personal privacy rights by utilizing Agency’s IT system. 4.6 Staff shall implement and maintain appropriate safeguards to prevent the Use or Disclosure of PHI in any manner other than as permitted by this Policy. These shall include administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI that it receives, maintains, or transmits from the Agency and as required by law. 4.7 Staff shall protect the Agency IT system from viruses and similar program threats and manage logging and other data collection mechanisms. 5. Reporting Unauthorized Use or Disclosure. 5.1 Staff shall report to the Agency each unauthorized Use or Disclosure of PHI that is made by the Staff that is not specifically permitted by this Policy. 5.2 Staff shall report to the Agency any security incident of which it becomes aware. “Security Incident” means the attempted or successful unauthorized access, use or disclosure, modification, or destruction of information, or interference with the system operations in the Agency IT system. 5.3 The initial report shall be made by in-person or telephone call to the Agency’s Administrator, within two hours from the time the Staff becomes aware of an actual or apparent non-permitted Use or Disclosure, followed by a full written report to the Agency’s Administrator no later than one business day from the date the Staff becomes aware of the actual or apparent non-permitted Use or Disclosure of PHI. 5.4 Staff shall provide in such notice the remedial or other actions undertaken to correct the unauthorized Use or Disclosure of PHI. 5.5 Staff shall mitigate, to the extent practicable, any harmful effect that is known to the Staff of a Use or Disclosure of PHI by the Staff in violation of this Policy. 5.6 Staff shall work cooperatively with the Agency in mitigating and preventing any further unauthorized Use or Disclosure of PHI. 6. Violations 6.1 Staff is responsible for ensuring compliance with the terms and conditions of this Policy. 6.2 Agency’s and User’s unauthorized distribution of individual password, or information accessed from the Agency’s IT system shall result in immediate termination of the User’s and potentially the Agency’s access to the Agency’s IT system, and may subject the Staff to loss of privileges with the Agency and any other action and remedies available to the Agency under law or equity. 6.3 Staff will be responsible for any damages, including monetary damages, for the inappropriate use and/or disclosure of EHR, even if the inappropriate use and/or disclosure was made by Agency’s employee or another individual using the Agency’s User’s passwords or IDs. 6.4 If a Staff User suspects that his/her password or ID has been obtained by another individual, they will immediately change the password for the account and inform the Agency’s Administrator so that appropriate action may be taken. Home Health Agency Policies A-174