Scribd Logo
Upload

Welcome to Scribd!

  • CT PHI Access Declaration Form

    Uploaded by

    Shaikh Rizwan
    25 views1 page
    This document outlines controls for accessing protected health information (PHI) as an annex to a non-disclosure agreement for CitiusTech users. It requires users to complete HIPAA training, only access PHI on designated desktops at CitiusTech premises, not download, print, or transmit PHI without approval, and immediately report any violations of PHI protocols. Users must agree to abide by all terms of CitiusTech's PHI security operations procedure and understand non-compliance can result in disciplinary action or legal consequences.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines controls for accessing protected health information (PHI) as an annex to a non-disclosure agreement for CitiusTech users. It requires users to complete HIPAA training, only access PHI on designated desktops at CitiusTech premises, not download, print, or transmit PHI without approval, and immediately report any violations of PHI protocols. Users must agree to abide by all terms of CitiusTech's PHI security operations procedure and understand non-compliance can result in disciplinary action or legal consequences.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    25 views1 page

    CT PHI Access Declaration Form

    Uploaded by

    Shaikh Rizwan
    This document outlines controls for accessing protected health information (PHI) as an annex to a non-disclosure agreement for CitiusTech users. It requires users to complete HIPAA training, only access PHI on designated desktops at CitiusTech premises, not download, print, or transmit PHI without approval, and immediately report any violations of PHI protocols. Users must agree to abide by all terms of CitiusTech's PHI security operations procedure and understand non-compliance can result in disciplinary action or legal consequences.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    CitiusTech PHI Access Declaration Form

    This is an annexure to the “Non-Disclosure and Non-Solicitation Agreement” for CitiusTech users having
    access to PHI data.
    In order to maintain the security and confidentiality of Protected Health Information (PHI) accessed, following
    controls shall be strictly adhered for accessing PHI i.e., to view, copy, analyze, transmit, delete and store PHI.
     User shall complete training on HIPAA, including PHI handling processes and any client specific security
    training within a week of joining the team and a refresher training provided by CitiusTech Information
    Security team every 6 months
     PHI data shall not be accessed from anywhere outside of the CitiusTech premises.
     PHI data shall only be accessed from the designated desktops located in project secure rooms.
     PHI data shall not be downloaded or stored on local machines.
     PHI data shall be stored on CitiusTech network only after approval for PHI data storage from the client. PHI
    data shall not be stored anywhere else except the PHI Vault.
     PHI data shall not be printed, unless strictly required. Documents with PHI shall be deleted immediately
    after its use.
     PHI data/ files shall not be shared over e-mails or on any removable media like USB, hard disk, CD, etc.
     PHI data shall not be transmitted in any form without the written consent of the client, i.e. provider of the
    original PHI.
     PHI data shall not be discussed with/disclosed to any unauthorized personnel (including friends or family).
    Also, PHI shall not be used or disclosed in any other unauthorized, improper, or illegal manner, including
    selling any PHI.
     Users shall not access or view PHI, other than what is absolutely necessary to perform their job.
     PHI data shall not be posted on any public forum (e.g. Technology support groups, internet forums, etc.).
     PHI data, if received by emails, shall be deleted immediately from the mailbox. In case, retention of the
    email is required for further references, it shall be stored in the PHI vault. In addition, any response to
    emails containing PHI shall not include the PHI file or snapshot or PHI data reference.
     Users shall immediately report any incidental or intentional violation of the CT PHI+ SOP, as identified by
    the users, including those as committed by the users themselves.
     Users shall continue to abide by these requirements during and after completion of their employment
    with CitiusTech.

    Declaration
    I have read all the terms and conditions as mentioned above and have gone through the PHI+ SOP. I agree to
    abide by ALL the terms of the CitiusTech PHI+ SOP.
    I understand that any non-compliance will result in grave damages to CitiusTech and our clients. Non-
    compliance will also result in disciplinary actions including termination from services and legal consequences.

    Project Name HED HealthEdge Product

    User Name Mohmmed Rizwan Salim CitiusTech Project


    Shaikh Lead Name

    Signature Signature

    Date 25/02/2022 Date

    CitiusTech Internal Page 1 of 1


    Template Version 1.2/ 30 Jan 2022

    You might also like