1.05.01 Electronic Systems & Corporate Accounts
1.05.01 Electronic Systems and Corporate Accounts (Revised 03/2022)
Company electronic systems and corporate accounts are the infrastructure of every administrative and operational process. Protecting the integrity of both must be the highest priority of every Amerimed associate.
Company owned electronic systems and networks include but are not limited to: computers, tablets, fax machines, cell phones, 2-way radios, telephone systems, GPS and WIFI devices, access points, hotspots, etc, and all other forms of Internet/intranet access, remote access, server access, and VPN’s, storage mechanisms such as internal and external hard drives, portable storage devices such as USB drives and media cards including those inserted into company owned cell phones, and cloud storage such as OneDrive, Dropbox, iCloud, etc. Unless specifically granted in this policy, or permission granted by senior management or the Compliance Officer, any non-business use of the company’s electronic systems is expressly forbidden.
Corporate accounts include but are not limited to: accounts used to set up, monitor, communicate through, and/or allow access to applications, software, data files, electronic patient care reports, employment systems, email systems, remote access, vendor accounts, computers, tablets, cell phones, and any other electronic system wherein the user must log into the account to use the application, software, access data, files, cloud storage, etc. and/or use the device.
Brief and occasional personal use of the electronic systems and/or accounts is acceptable as long as it is not excessive or inappropriate, occurs during personal time (lunch or other breaks), and does not result in expense or harm to the company or otherwise violate this policy. (See “No Expectation of Privacy” below) Electronic communication should not be used to solicit or sell products or services that are unrelated to the company’s business; distract, intimidate, or harass coworkers or third parties; or disrupt the workplace. [Medcomm has a more stringent policy due to privacy concerns]
Use of company owned electronic systems and accounts as defined above is a privilege granted by management and may be revoked at any time for inappropriate conduct carried out on such systems, including, but not limited to:
- Sending chain letters or participating in any way in the creation or transmission of unsolicited commercial e-mail (“spam”) that is unrelated to legitimate company purposes;
- Engaging in private or personal activities, including excessive use of personal email, instant messaging, chat rooms, social media, etc.
- Accessing networks, servers, drives, folders, or files to which the employee has not been granted access or authorization from someone with the right to make such a grant;
- Making unauthorized copies of company files or other company data;
- Destroying, deleting, erasing, or concealing company files or other company data, or otherwise making such files or data unavailable or inaccessible to the company or to other authorized users of company systems;
- Misrepresenting oneself or the company;
- Violating the laws and regulations of the United States or any other nation or any state, city, province, or other local jurisdiction in any way;
- Engaging in unlawful or malicious activities;
- Deliberately propagating any virus, worm, Trojan horse, trap-door program code, or other code or file designed to disrupt, disable, impair, or otherwise harm either the company’s networks or systems or those of any other individual or entity;
- Using abusive, profane, threatening, racist, sexist, or otherwise objectionable language in either public or private messages;
- Sending, receiving, or accessing pornographic materials;
- Becoming involved in partisan politics;
- Causing congestion, disruption, disablement, alteration, or impairment of company networks or systems;
- Maintaining, organizing, or participating in non-work-related Web logs (“blogs”), Web journals, “chat rooms”, or private/personal/instant messaging;
- Failing to log off any secure, controlled-access computer or other form of electronic data system to which you are assigned, if you leave such computer or system unattended;
- Using recreational games;
- Defeating or attempting to defeat security restrictions on company systems and applications.
Using company electronic systems or accounts to access, create, view, transmit, or receive racist, sexist, threatening, or otherwise objectionable or illegal material, defined as any visual, textual, or auditory entity, file, or data, is strictly prohibited. Such material violates the company antiharassment policies and subjects the responsible employee to disciplinary action.
The company’s electronic mail system, internet access, and computer systems must not be used to harm others or to violate the laws and regulations of the United States or any other nation or any state, city, province, or other local jurisdiction in any way. Use of company resources for illegal activity can lead to disciplinary action, up to and including dismissal and criminal prosecution. The company will comply with reasonable requests from law enforcement and regulatory agencies for logs, diaries, archives, or files on individual Internet activities, e-mail use, and/or computer use.
No Expectation Of Privacy
The company owns the rights to all data and files in any computer, network, corporate account or other information system used in the company and to all data and files sent or received using any company system, account, cloud storage or using the company’s access, including remote access, to any computer network, to the extent that such rights are not superseded by applicable laws relating to intellectual property.
The company also reserves the right to monitor electronic mail messages (including personal/private/instant messaging systems) and their content, as well as any and all use by employees of the Internet and of computer equipment or accounts used to create, view, or access email and Internet content.
Employees must be aware that the electronic mail messages sent and received using company equipment corporate accounts, company-provided Internet access, and/or corporate accounts, including web-based messaging systems used with such systems or access, are not private and are subject to viewing, downloading, inspection, release, and archiving by company officials at all times.
Only authorized personnel* have the right to inspect any and all files stored in private areas of the network or on individual computers or storage media in order to assure compliance with company policies and state and federal laws. No employee may access another employee’s computer, computer files, or electronic mail messages without prior authorization from either the Compliance Officer or CEO. The company may use software in its electronic information systems that allows monitoring by authorized personnel and that creates and stores copies of any messages, files, or other information that is entered into, received by, sent, or viewed on such systems. There is no expectation of privacy in any information or activity conducted, sent, performed, or viewed on or with company electronic systems or corporate accounts.
Accordingly, employees should assume that whatever they do, type, enter, send, receive, and view on company electronic systems or corporate accounts is electronically stored and subject to inspection, monitoring, evaluation, and company use at any time. Further, employees who use company electronic systems or corporate account to send or receive files or other data that would otherwise be subject to any kind of confidentiality or disclosure privilege thereby waive whatever right they may have to assert such confidentiality or privilege from disclosure.
Employees who wish to maintain their right to confidentiality or a disclosure privilege must send or receive such information using some means other than company electronic systems or the corporate accounts.
The company has licensed the use of certain commercial software application programs for business purposes. Third parties retain the ownership and distribution rights to such software. No employee may create, use, or distribute copies of such software that are not in compliance with the license agreements for the software. Violation of this policy can lead to disciplinary action, up to and including dismissal.
Confidentiality Of Electronic Mail
As noted above, electronic mail is subject at all times to monitoring, and the release of specific information is subject to applicable state and federal laws and company rules, policies, and procedures on confidentiality. Existing rules, policies, and procedures governing the sharing of confidential information also apply to the sharing of information via commercial software. Since there is the possibility that any message could be shared with or without your permission or knowledge, the best rule to follow in the use of electronic mail for non-work-related information is to decide if you would post the information on the office bulletin board with your signature.
Internet & Intranet
Employees are individually liable for any and all damages incurred as a result of violating company security policy, copyright, and licensing agreements.
All Company policies and procedures apply to employees’ conduct on the Internet, especially, but not exclusively, relating to: intellectual property, confidentiality, company information dissemination, standards of conduct, misuse of company resources, anti-harassment, and information and data security.
Authorized Personnel Defined
The following are authorized to access or to grant access to all systems as defined above:
- Compliance Officer
- Internal Tech Support
- Contracted External Tech Support
Violating any of these policies may result in disciplinary action, up to and including dismissal.