Acceptable Use Policy

Last modified: 2021-07-05 Effective date: 2021-07-05.

1.1 Summary

This Acceptable Use Policy establishes the acceptable use requirements for Sentry Health information technology products and services, primarily the technology infrastructure used to provide such products and services. Sentry Health may revise this policy from time-to-time in its sole discretion, any revisions will be posted at www.sentryhealth.ca/acceptable-use-policy. Notice of any revision will be made in accordance with the agreement under which Sentry Health provides you with such products and services.

1.2 Scope and Application

The policy applies to all users. Any person who accesses or uses the technology infrastructure made available by Sentry Health, including any product or service, is a “user”. A “person” includes any individual, person, estate, trust, firm, partnership or corporation, government or any agency or ministry of any government, and includes any successors to any of the foregoing. Where the word “including” or “includes” are used it means including but not limited to or including without limitation.

1.3 Acceptable Use

1.3.1 General Use and Ownership.

Users are permitted to use the products, services and technology infrastructure of Sentry Health solely for the purposes authorized in the applicable agreement under which Sentry Health provides each user.

a. Users should be aware that the data they create on Sentry Health’s technology infrastructure systems remains the property of Sentry Health.

b. Sentry Health reserves the right to audit equipment, software, network accounts, storage media, operating systems and browser history that interacts with any Sentry Health Information Resources (including data/internet use/email usage etc.) on a periodic basis to ensure compliance with this policy in accordance with the Sentry Health’s Auditing Policy.

c. All users who use the Sentry Health’s systems have an obligation to use the systems in a manner that is appropriate, effective and efficient for official business only use. Personnel must be aware that Sentry Health systems and devices display sensitive and confidential information for the purpose of patient healthcare and transacting business. Therefore all personnel must use discretion and apply security measures while performing day to day activities.

d. Upon termination/resignation of any Sentry Health user, the information technology (IT) department will terminate all applications, systems and access to Sentry Health resources.

1.4 Inappropriate and Unacceptable Uses

1.4.1 Communications Activities and Email

a. Sentry Health’s equipment, applications and email systems shall not be used for the creation or distribution of any disruptive or offensive messages, including offensive comments about race, gender, hair colour, disabilities, age, sexual orientation, pornography, religious beliefs and practice, political belifes, national origin or that maybe in violtion of sexual harassment or hostile workplace laws. Employees who receive any emails or website links with this content from any Sentry Health employee or external entity should report the matter to their supervisor immediately.

b. Using Sentry Health’s information resources or email system or person and/or non-work related purposes is not an acceptable practice and is prohibited. Sending chain letters, jokes or over frivolous misuse of email from a Sentry Health email account is prohibited.

c. Broadcasting of email to multiple distribution lists or more than 10 employees is prohibited without prior approval. If an employee requires information to be disseminated throughout a department they must receive prior approval from their supervisor

d. For email distribution to multiple departments, or to distribution lists such as “Physicians, Providers, Alert Broadcast or any other organization wide email Distribution Lists, explicit permission is required. Authorization of these types of emails requires employees to send a draft to their supervisor. If the content is approved, it will be emailed by designated individuals with the appropriate authority.

e. Making fraudulent offers of products, items, or services originating from any Sentry Health email account.

f. Sending unsolicited messages, including the sending of “junk mail” or other advertising material to individuals on the Sentry Health messaging systems (email spam).

1.4.2 Strictly Prohibited Uses, with no exceptions:

1.4.1 Communications Activities and Email

a. Violations of the rights of any person or company protected by copyright, trade secret, patent or intellectual property, or similar laws or regulations, including, but not limited to, the installation of distribution of “pirated” or other software products that are not appropriately licensed for use by Sentry Health on Sentry Health devices. (e.g. Instant messaging, MP3 Rippers, USB jump drives, Digital Music, Music Streaming etc).

b. Under no circumstances is an employee of Sentry Health authorized to engage in any activity that is illegal under provincial, federal or international law while accessing Sentry Health Information Resources.

c. Defaming other persons (e.g. spreading false allegations or rumors about others)

d. Promoting hatred against any identifiable group or individual by communicating such statements in violations of applicable laws.

e. Exporting software, technical information, encryption software or technology in violation of international or provincial export control laws, is illegal.

f. Personal software installation and usage unto Sentry Health equipment is prohibited. The use of USB portable storage devices to introduce or remove data from Sentry Health devices is prohibited.

g. Providing information about, or lists of Sentry Health employees to parties outside Sentry Health.

h. Only devices and equipment authorized by IT management shall be utilized on Sentry Health’s network.

i. Willfully bypassing or subverting any physical, logical or procedural safeguards Used by Sentry Health or any other person, such as firewalls, web-filtering software or other access controls

j. Vandalism, which is defined as any malicious attempt to harm or destroy the information of another user, the Internet or other networks

k. Harassment, including persistent non-work related contact with another person when such contact is unwelcome or may be deemed to create a poisoned work environment by accessing , displaying, storing, downloading or transmitting any content which is offensive

1.5 Security

1.5.1 Security and Proprietary Information

a. Employees should take all necessary precautions and steps to prevent unauthorized access to Personal Health Information (PHI) Information.

b. Keep passwords secure and do not share accounts or passwords. Authorized users responsible for the security of their passwords and accounts.

c. All PC’s laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by locking out user accounts when the system is unattended for 10 minutes.

d. Because information contained on portable computers is especially vulnerable, special care should be exercised. Protect laptops in accordance with the “Portable Device Security Tips” (See Appendix A).

e. Users must use extreme caution when opening email attachments received from unknown senders and external sources, which may contain viruses, email bombs or Trojan horse code.

1.5 Enforcement and Violations

1.5.1. Violations of this Policy

a. Users and clients must report all breaches of this policy of which they are aware of to Sentry Health. Each user must do so through hello@sentryhealth.ca.

b. Sentry Health reserves the right to investigate suspected breaches of this policy, and all users and clients will cooperate when asked to assist in any such investigation.

c. Sentry Health in its sole discretion, suspend or revoke a user’s access to the products, services or technology infrastructure of Sentry health should a user breach this policy.

d. Clients will cooperate with Sentry Health in the management of breaches of this policy. This responsibility includes assisting with the development and distribution of communications regarding breaches or incidents.

e. Breaches of this policy may result in criminal prosecution or civil liability.

f. Sentry Health reserves the right, subject to all applicable laws relating to the protection of personal information and personal health information, to investigate content posted to or transmitted over its technology infrastructure, and may block access to, refuse to post, or remove any information or material that it deems to be in breach of this policy.

g. Sentry Health may report breaches of this policy committed by any user to the client responsible for that user’s actions.

h. Sentry Health assumes no liability for enforcing or not enforcing this policy, and any failure by Sentry Health to enforce any part of this policy will not constitute as a waiver by Sentry Health to enforce any right or obligation in this policy at any time.

i. If any provision of this policy is found to be invalid or unenforceable, then that provision will be enforced to the extent permissible, and all other provisions will remain in full force and effect.

Appendix

Portable Device Security Tips

a. Do not store information such as password, pins, numbers, patient health information or any other type of sensitive information on notebook computers, PDS’s as these devices are at high risk for theft.

b. Password protect all portable devices

c. While using portable devices, if there is a need to leave the device to perform other duties, lock or enable a password protected screen saver.

d. Do not leave portable devices in a lock or unlocked car, unlock offices or desks.

e. Sentry Health’s own equipment while not in use should be stored in a secure area.

f. Use caution when utilizing public Internet Access Points or “Hot Spots” as these public services are not usually secure and are a common ground for hacker and security breaches.

g. Utilizing internet services that are in a manner deemed inappropriate by the guidelines that Sentry Health has put in place even outside the practice is strictly prohibited.

h, Failure to comply with the Sentry Health usage policies, introduces risk and potential security threats or breaches to the network infrastructure. Compliance Policies and Procedures must be followed while using Sentry Health owned equipment.

i. If personnel feel that their portable devices or password has been compromised in any way they are to immediately contact the IT department immediately.

j. Immediately report all thefts to the human resources department.