BY LOGGING INTO REDCAP, YOU ARE AGREEING TO EACH OF THE STATEMENTS BELOW:
- I have read, understood and agree to follow all Children’s Health Privacy & Security policies related to the appropriate use of IT systems and assets and to the appropriate access, use and disclosure of protected health information (PHI), including but not limited to
I understand and agree to promptly report all incidents of potential non-compliance with these policies and/or potential security incidents to either the Children’s Health’s IT Security or Privacy Office.
I understand that failure to follow the relevant Children’s Health policies and procedures may result in sanctioning/disciplinary actions up to and including termination.
If NOT using an Children's Health owned client system to access the REDCap, I understand and agree to the obligations to meet the following requirements before accessing the REDCap:
- Passwords must be user specific and no group or shared accounts are allowed
- Passwords may not be written down in accessible locations or shared with anyone
- Users may never log on using someone else’s credentials
- Users may not allow anyone else to use the system after logging on
If I am a vendor, I understand and agree that I am required to notify Children's Health of any changes to my access methods.
If I am a vendor, I understand agree that I am required to notify Children's Health of any change to the list of users who should have remote access to the system or their access levels.
If I am accessing the REDCap via a wireless client, I understand and agree that my access meets all of the following requirements:
- The non-Children's Health system must have anti-virus software installed and the software and virus signature files must be kept up-to-date.
- The non-Children's Health system and all applications on the system must be kept up-to-date with the most recent security updates and patches.
- The non-Children's Health system must run personal firewall software at all times and the firewall must be configured to block all unsolicited inbound connections. This requirement is not necessary for vendor owned systems that are always connected to the vendor network as long as the vendor network is protected by a firewall and has implemented strong security measures.
- ePHI must not be stored on non-Children's Health systems without explicit written permission from the user’s appropriate director/manager or equivalent and permission of the Children’s Health Privacy Officer.
- Users must not disclose any Children's Health passwords to anyone, including family members.
- Protected by a host based firewall.
- Utilize anti-virus software that is up to date and has current anti-virus signatures.
- Kept up to date with the latest operating system and application security patches.
- Not connected to both wireless and wired Children's Health networks simultaneously.
- Configured so they will not automatically connect to ad-hoc or unsecured wireless networks.