| |
Security Rule - User Responsibilities
Background
Administrative Safeguards
Physical Safeguards
Technical Safeguards
User Responsibilities
Acceptable Uses of Electronic Resources
Specific Rules on NON-Acceptable Use of Electronic Resources
The VCUHS systems and data are for use only by the individual granted access. Access must not be shared, since shared use often leads to abuse. User accounts must be protected with passwords. Login scripts must not include scripted passwords.
The user must ensure that any restricted information stored on his/her personal computer is safeguarded through physical security (locked offices, or keyboards), access control software, or encryption.
When a computer is left signed on, it is easy for someone to gain unauthorized access. Users must either sign off before they leave their computer, or restrict access by some other means (locked office/keyboard, desktop access control, or a password-protected screen saver). Note, however, that many access control packages and screen savers can be easily bypassed.
As an individual whose position requires interaction with the VCU Health System’s information systems, you may be provided with direct access to confidential and valuable data and/or use of data/voice systems. In the interest of maintaining the integrity of these systems and of ensuring the security and proper use of Health System resources, you must:
• Maintain the confidentiality of your password for all systems to which you have access.
• Maintain in strictest confidence the data to which you have access. Any confidential information must not be shared in any manner with others who are unauthorized to view such data.
• Use your computer access for the sole purpose of conducting official business of the Health System. Understand that the use of these systems and their data for personal purposes is prohibited.
• Understand that any abuse of access to the VCU systems and their data, any illegal use or copying of software, any misuse of the Health System’s equipment may result in disciplinary action, loss of access to the computer systems, and possible termination of employment.
|
|
