General Overview

  • All employees must read and attest to their understanding of all security policies and procedures on The Guard by May 31, 2019
  • Paper copies of the security policies may be found in the Policies and Procedures binder behind Vicki's desk


Assigned Responsibility

  • There is one Security Officer for the Eye Center, Diane Vaughn, who is responsible for the oversight of the Security Rule implementation, and ensuring HIPAA Security Rule policies are implemented and followed.  The Security Officer will act as a spokesperson for the Eye Center on all issues related to HIPAA Security.
  • The Compliance Officers for the Eye Center are Dr. Spencer Maddox and Diane Vaughn.


Access to Systems

  • Only management can grant access to ePHI systems.  If you need a change in your level of access, you must speak with your supervisor and fill out the appropriate forms to get your access changed.
  • Your access to ePHI may be revoked or suspended if there is evidence that you are misusing information or resources; if there is reason to believe your password may have been compromised; or if your job description changes and access is no longer required.
  • Only employees who require access to ePHI will be granted access, and must be trained in proper use of ePHI, the systems on which it is stored, and how to report errors or breaches.
  • Emergency access to a your account may be granted if immediate access to data on your account is necessary.  For example, if you forget to exit Compulink before leaving the office, and a doctor cannot edit a patient because the record is locked under your account.


Passwords

  • You will have both a computer/server login ID and password, and a Compulink login ID and password.  Server passwords must be changed at least every 30 days, and Compulink passwords must be changed every 90 days.  You cannot reuse the same password for at least 3 cycles of changes.
    • Your password should NOT be a word that is found in the dictionary
    • Your password should be 8 characters or longer, and contain a mixture of uppercase and lowercase letters, numbers, and special characters ($ % & etc)
    • A new password should be significantly different from your old one (i.e. not Password1, then passWord2)
    • You should NOT use the same password for work and personal use.


  • Your password should be treated as sensitive, confidential information.  DO NOT SHARE YOUR PASSWORD WITH ANYONE.  The only exception is for equipment with shared passwords, such as the Lenstar.
    • Never reveal a password over the phone.
    • Never type your password into an email message.
    • Never share your password with a coworker or supervisor.
    • Never write down your password on a questionnaire or security form.
    • NEVER WRITE YOUR PASSWORD ON A STICKY NOTE ON THE BOTTOM OF YOUR KEYBOARD.


  • If you forget your password, contact the IT Manager as soon as possible.


YOU are responsible for anything that happens while your account is logged in.  DO NOT share your login information with anyone else, and DO NOT leave your computer or Compulink logged in when you step away from your workstation.


2019 Security Training