Employee Privacy Policy

HomeWhite arrow pointing rightEmployee Privacy Policy

EMPOLOYEE PRIVACY POLICY

The following computer and network security procedures are coordinated and integrated with other system configuration management practices in order to create and manage network security.

  1. An authorized user is any person or entity that has been authorized to access, create, read, update and delete information created or held by this organization.  In addition to this policy, practitioner and business partner users are expected to conform to our organizations’ and their own business entity’s policies on identifiable health information (PHI) disclosure and technical security procedures that apply.
  2. All users will be granted access privileges to PHI in the organization’s computer systems according to their role within the organization, their relationship with the individual whose health information they wish to access and the purpose for which information will be used.  Our organization will maintain a system for identifying and determining access privileges and handling exceptions and reviews for individual cases.  Responsibility for maintaining this program resides with the Privacy Officer.  Access privileges will be reviewed and revised on a periodic basis and as needed to implement changes in limitations to data access, strengthen protections against unauthorized access or other reasons as indicated.  Practitioners and contracted business partners will be held to the above organizational standards for assigning privileges.
  3. Employees are accountable and responsible for all activities that occur under their user identification and password.  Employees must not share or reveal any identifying information chosen or assigned to them for use in gaining access to the organization’s system or any of the computer programs owned and used by our organization.  Employees must not print their password, store it online, and use a browser to save it, or reveal it to anyone.
  4. Employees must log off or lock their workstation when they leave the workstation for longer than fifteen (15) minutes for clinic sites and twenty (20) minutes at non-clinical sites.
  5. The following uses of the Organization’s computers is prohibited:
    1. Employees must not seek, access, view, copy, destroy, or transmit any information, including individually identifiable health or demographic information, unless the employee is authorized to perform these jobs during the course of employment for the purpose of business operations.
    2. Employees must not use the computer system to “snoop” or pry into the affairs of patients or users by unnecessarily reviewing files or e-mail.  The ability to read, alter or copy of file belongings to another user does not imply permission to read, alter or copy that file.
    3. Employees must not violate any applicable laws or regulations, state or federal, including health information privacy and confidentiality laws under the Health Insurance Portability and Accountability Act (HIPAA).
    4. Employees may not create a false identity for the purpose of misleading others.
    5. Employees may not use the organization’s computing resources in any manner that could damage, disable, overburden, or impair any resource, network, or interfere with any other party’s use of the resource.
    6. Employees may not gain unauthorized access to any computing resource of the organization through hacking, password cracking, and IP spoofing or any other means.  Employees must not obtain or attempt to obtain any materials or information through any means not intentionally made available through their employment.  Any ability to connect to other computer systems through the network or by modem does not imply a right to connect to those systems and to make use of those systems unless specifically authorized by the systems administrators of those systems.
    7. Employees must not attempt to tamper with, disable or bypass computer security measures including pre-loaded anti-virus and encryption software.  All OSS computers have local anti-virus software and encryption technologies enabled.
    8. Employees must not upload or distribute files from the Internet, home computer, or other external systems because they may contain viruses; worms, or corrupted files that may damage the organization’s computer resources.
    9. Employees must not restrict or inhibit any other user from using the organization’s computing resources except as outlined in this policy.
    10. Employees must not use the organization’s computer resources in connection with personal commercial use.
  6. Confidentiality and security training prior to authorization of user access to the organization’s information assets.  Training includes review of relevant policies and technical security practices.  Organizational policies for confidentiality, patient authorization and access, etc. are examples.  Procedures for remote access log oversight and sanctions for security breaches are included in training.
    1. All authorized internal users will receive basic confidentiality and security awareness training.
    2. Authorized internal users may receive additional training related to their job function.
  7. All consumers have the expectation of privacy and confidential handling of their health information.  Our organization maintains confidentiality of individually identifiable health information, including information maintained in manual or electronic records.  Assessment of practitioner and business partner confidentiality policies is required to establish a reasonable basis for expected practices according to comparative privacy principles and confidentiality policies relating to individually identifiable health information.
  8. Employee and business partner users of the organization’s computer systems who are found to be in violation of any part of this policy are subject to disciplinary action up to and including loss of access privileges to the system and sanctions.

  9. The organization will maintain a program that identifies and disables virus programs, code fragments, worms or any other device designed to either alter or destroy data or disable systems.

The Privacy Officer will review security incidents as soon as possible after alerted to the incident and will maintain records of security incident reviews, including source of problems, actions taken, and results obtained.

Business Office
‍6050 Tacoma Mall Blvd, Suite 300
Tacoma, WA 98409

Telephone icon

253-581-5200

Email Icon

information@osstherapy.com

Company
About For ProvidersFor PatientsCareersStudent ProgramResidency & FellowshipMichael Tollan Clinical Excellence SeriesMichael Tollan ScholarshipDry Needling EducationFree Walk-In AssessmentsTelehealthContact
Locations
Auburn
Bonney Lake
Covington
Federal Way
Frederickson
Gig Harbor Olympic Dr
Gig Harbor YMCA
Graham
Kent
Lakewood
Parkland
Puyallup 112th Street
Puyallup East Main
South Hill
Spanaway
Sumner YMCA
Tacoma Allenmore
Tacoma Mall Blvd
Tacoma Pearl Street
University Place
Business Office
Services
Physical Therapy
Occupational Therapy
Massage Therapy
Baseline Concussion Testing
Aquatic Therapy
Athletic Training
Bloodflow Restriction Therapy
Cancer Rehabilitation
Concussion
Custom Foot Orthotics
Dry Needling
Fall Prevention
Hand Therapy
Headache
Industrial Rehab
Lymphedema
Pelvic Health
Temporomandibular
Vestibular Rehab
Wheelchair Assessments
Other Stuff
Bill PayPatient DashboardNotice of Privacy PracticesTerms of UsePrivacy PolicySMS Terms and Privacy Policy
Copyright ©2023 Olympic Sports & SpineAll rights reserved.
X