Policy Analysis
Autor: khrisbone1 • April 12, 2016 • Essay • 1,759 Words (8 Pages) • 917 Views
1001 SECURE EMPLOYEE COMMUNICATIONS
- Applicability
This policy, which applies to all DHS employees and workforce members, serves to regulate the correct use of communication to securely deliver confidential information handled by DHS employees for the purpose of conducting agency business. This policy ensures that DHS staff uses electronic communications (email, faxes, etc.,) in a manner that conforms to all applicable state and federal rules and regulations.
II. Report Incidents
Failing to comply with this policy, even if unintentional, must be reported as a privacy or security incident to the DHS Privacy Office or IT Security Office. The report can be made on DHS Share by clicking on the “DHS Incident Reporting” logo. The DHS Privacy Office or IT Security Office can be contacted for more guidance.
- Policy
(a) Each employee is responsible for ensuring the privacy and security of confidential information, such as Protected Health Information of Medicaid patients or the personal information of DHS clients or foster children.
(b) All employees who need access to any DHS information systems (even just to use email) must complete DHS Privacy and Security training promptly upon hire, prior to accessing any confidential information, and annually.
(c) DHS reserves the right to monitor all aspects of email, internet, and all DHS network usage with or without notice. Employees have no reasonable expectation of privacy in the use of email, internet, or any DHS network.
(d) Only use DHS issued equipment, including wireless devices, for transmitting confidential information. Do not use personal computers, personal wireless devices, or personal accounts for emailing, text messaging, storing, or transmitting confidential information. Employees who fail to comply with this rule will face disciplinary action based on DHS Policy 4002, “Privacy and Security Sanctions.” Repeated violations will result in termination.
(e) The transfer of Federal Tax Information (FTI), such as federal tax returns or return information received directly from the IRS or a secondary source, such as SSA, Federal Office of Child Support Enforcement, or Bureau of Fiscal Service, through email, fax, or a multi-function device is prohibited.
IV. Email
(a) Emails containing confidential information (personal identifying information or protected health information) that will be sent to an email address other than @dhs.arkansas.gov must be encrypted before being sent. Employees encrypt confidential emails by typing the word “SENSITIVE” in the subject of the e-mail. Failure to do this must be reported as a privacy/security incident.
(b) Employees or workforce members must never email confidential information to their personal email addresses. All DHS or work-related business must be conducted on DHS email (for contractors, DHS business must be conducted on their secure work email addresses).
...