By clicking “OK” and logging into LIMS, you are explicitly stating YES to each of these questions below:
Have you been instructed to promptly report all incidents of noncompliance with HIPAA Security Regulations policies and procedures to management, security, and privacy officers?
Have you been informed that you will be sanctioned and/or disciplined for noncompliance or violations of HIPAA Security Regulations policies and procedures?
Have you been instructed to promptly log and report all security incidents to management, security, and privacy officers?
Have you been given the guidelines for proper use and protection of passwords?
Have you been informed that you must comply with the “Emory University Code of Conduct” or the “EHC Confidentiality Statement” as it relates to the appropriate use of ePHI?
Have you been instructed within the last 12 months not to share passwords with other users and not to write down their passwords or otherwise expose their password in an insecure manner?
Have you been instructed within the last 12 months to report any suspected compromise or use of their user identifier and password by other individuals to their appropriate security officer?
If you are NOT using an Emory owned client system to access the LIMS, have you been instructed on the obligations to meet the following requirements before accessing the LIMS:
The non-Emory system must have anti-virus software installed and the software and virus signature files must be kept up-to-date
The non-Emory system and all applications on the system must be kept up-to-date with the most recent security updates and patches
The non-Emory system must run personal firewall software at all times and the firewall must be configured to block all unsolicited inbound connections. This requirement is not necessary for vendor owned systems that are always connected to the vendor network as long as the vendor network is protected by a firewall and has implemented strong security measures
EPHI must not be stored on non-Emory systems without explicit written permission from the user’s appropriate director/dean/chair/vice president or equivalent
Users must not disclose any Emory passwords to anyone, including family members
If you are a vendor, have you been instructed that you are required to notify Emory of any changes to their remote access methods?
If you are a vendor, have you been instructed that you are required to notify Emory of any change to the list of users who should have remote access to the system or their access levels?
If you are accessing the LIMS via a wireless client, does your access meet all of the following requirements?
Wireless clients must be protected by a host based firewall
Wireless clients must utilize anti-virus software that is up to date and has current anti-virus signatures
Wireless clients must be kept up to date with the latest operating system and application security patches
Wireless clients must not be connected to both wireless and wired Emory networks simultaneously
Wireless clients must be configured so they will not automatically connect to ad-hoc or unsecured wireless networks?