Access to patient, employee and business information is a privilege granted on a need-to know (role based) basis. Every user must sign the BRONSON HEALTHCARE CONFIDENTIALITY
AND NETWORK ACCESS AGREEMENT before access to any computer system will be granted – this includes medical students, resident physicians, faculty members and members of
the medical staff, volunteers, employees and associates, consultants, business partners and vendors who access our data
The following rules for Confidentiality and Network Access apply to all patient and business information (Confidential Information) of Bronson Healthcare and
related organizations. The rules also apply to the business information of joint ventures, or of other entities and persons collaborating with Bronson Healthcare,
to which the user has access. As a condition of being permitted to have access to Confidential Information relevant to my job function or role,
I agree to the following rules:
Permitted and required access, use and disclosure:
I will access, use or disclose Confidential Patient Information (PHI) only for legitimate purposes of diagnosis, treatment,
obtaining payment for patient care, or performing other health care operations functions permitted by HIPAA.
- I will only access, use or disclose the minimum necessary amount of information needed to carry out my job responsibilities.
- I will access, use or disclose Confidential Business Information only for legitimate business purposes of Bronson Healthcare group.
I will protect all Confidential Information to which I have access, or which I otherwise acquire, from loss, misuse, alteration or
unauthorized disclosure, modification or access, including:
- Protecting my password. Not sharing my password with others.
- Making sure that paper records are not left unattended in areas where unauthorized people may view them.
Using password protection, screensavers, automatic time-outs or other appropriate security measures to ensure that
no unauthorized person may access Confidential Information from my workstation or other device
Appropriately disposing of Confidential Information in a manner that will prevent a breach of confidentiality and never discarding paper
documents or other materials containing Confidential Information in the trash unless they have been shredded.
- Safeguarding and protecting portable electronic devices containing Confidential Information including laptops, smartphones, PDAs, CDs and USB thumb drives.
- I will disclose Confidential Information only to individuals who have a need to know to fulfill their job responsibilities and business obligations.
- I agree to carefully read the messages displayed upon successful log in and agree to the terms or directions.
- I will call the Bronson HelpDesk with any immediate concerns, 269-341-6330.
I will comply with Bronson Healthcare’s access and security procedures, and any other policies and procedures that reasonably apply to
my use of the computer systems and/or my access to information on or related to the computer systems including off-site (remote) access using
portable electronic devices.
Prohibited access, use or disclosure:
I will not access, use or disclose Confidential Information
in electronic, paper, or oral forms for personal reasons, or for any purpose not permitted by Bronson Healthcare policy,
including information about
co-workers, family members, friends, neighbors, celebrities or myself
I will follow the required procedures at Bronson Methodist Hospital,
and any Bronson owned entity or my provider’s office to gain access to my own PHI in medical and other records.
I will not use another person’s login ID, password, other security device or other information that enables access to Bronson Healthcare’s
computer systems, networks, or applications, nor will I share my own with any other person.
If my employment or association with Bronson Healthcare ends, I will not subsequently access, use or disclose any Bronson
Healthcare Confidential Information and will promptly return any security devices and other Bronson Healthcare property.
I will not engage in any personal use of Bronson Healthcare’s computer systems that inhibits or interferes with the productivity of
employees or others associated with Bronson Healthcare’s operations or business, or that is intended for personal gain.
I will not engage in the transmission of information which is disparaging to others based on race, national origin, sex, sexual
orientation, age, disability or religion, or which is otherwise offensive, inappropriate or in violation of the mission, values,
policies or procedures of Bronson Healthcare Group.
I will not utilize the Bronson Healthcare network to access Internet sites that contain content that is
inconsistent with the mission, values, and policies of Bronson Healthcare.
Some examples of prohibited use of Bronson computer resources:
- Impersonating another person by sending forged messages.
- Soliciting non-hospital business.
Intentionally interfering with the normal operation of the network, including introducing and propagating
computer viruses and sustained high volume network traffic such as chain letters.
- Using the email system for illegal or unethical purposes.
- Revealing or publicizing any proprietary or confidential information such as patient information, financial information, or system or network access codes.
- Sending, receiving or storing any messages or files that are discriminatory, offensive, obscene, defamatory, pornographic or harassing.
- The intentional installation of any unauthorized or unapproved software on Bronson-owned devices.
Accountability and Sanctions:
I will immediately notify the Bronson Healthcare Group Security Officer (269-341-8818) or Privacy Officer (269-341-8590)
if I believe that there has been improper/unauthorized access to the Bronson Healthcare network or improper use or disclosure of
confidential information in electronic, paper, or oral forms.
I understand that Bronson Healthcare will monitor my access to, and my activity within, Bronson Healthcare’s computer system, and I have
no rightful expectation of privacy regarding such access or activity.
Specific to the Bronson E-mail system, I understand that
E-mails, sent, received or stored on Bronson’s system are treated as business records and Bronson reserves the right to access, review copy
and delete any messages. An E-mail message should be treated as if it is being sent under Bronson letterhead with the understanding that it may
be printed, forwarded, duplicated and subpoenaed in legal proceedings.
Payment Card Industry (PCI) Compliance - Permitted and required access, use and disclosure:
I may have physical and logical access to Bronson’s cardholder environment. This includes systems, applications, equipment, individuals, locations, and connections used for the transmission, processing, and/or storage of cardholder data. I understand my role in protecting Bronson from threats to help safeguard Bronson’s finances, operation and brand name. If applicable, my manager and I will discuss the PCI DSS Bronson Payment Processing policy.