This section contains AccuCode AI’s policies related to email and messaging systems. All employees and contractors must adhere to these policies to ensure the security and proper use of company email and messaging.
Key policies:
Questions or concerns? Contact the InfoSec Team at security@accucodeai.com.
Version1.0.4 Last Updated2024-02-22 APPROVED
This policy outlines the guidelines and restrictions regarding automatically forwarding emails from AccuCode AI Inc. email accounts to external email addresses. The purpose is to prevent unauthorized or inadvertent disclosure of sensitive company information.
The purpose of this policy is to ensure the protection of sensitive information processed by AccuCode AI Inc., including protected health information (PHI) from hospitals and clinics, and to prevent unauthorized disclosure of such information through automatically forwarded emails.
This policy applies to all employees, contractors, vendors, and agents operating on behalf of AccuCode AI Inc. It covers the automatic forwarding of emails from company email accounts to external email addresses.
Employees are prohibited from setting up automatic email forwarding from their AccuCode AI Inc. email accounts to any external email address without prior approval from their manager and the Information Security (InfoSec) team.
Sensitive information, as defined in the AccuCode AI Inc. Data Classification and Protection Policy, must not be forwarded via email to any external party unless it is critical to business operations and the email is encrypted in accordance with the AccuCode AI Inc. Acceptable Encryption Policy.
Employees must exercise extreme caution when sending any email from an AccuCode AI Inc. email account to an external recipient, ensuring that no sensitive information is inadvertently disclosed.
The InfoSec team reserves the right to monitor and audit email forwarding settings and to revoke any unauthorized email forwarding configurations.
The InfoSec team will verify compliance to this policy through various methods, including but not limited to:
Any exception to this policy must be approved by the InfoSec team in advance.
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Version1.0.2 Last Updated2023-12-18 APPROVED
Electronic email is often the primary communication and awareness method in an organization. At the same time, misuse of email can pose many legal, privacy, and security risks, thus it’s important for users to understand the appropriate use of electronic communications. This is especially critical for AccuCode AI Inc., as we process sensitive healthcare documents and patient information.
The purpose of this email policy is to ensure the proper use of AccuCode AI Inc.’s email system and make users aware of what is deemed as acceptable and unacceptable use of its email system. This policy outlines the minimum requirements for use of email within AccuCode AI Inc.’s network, with a strong emphasis on protecting sensitive healthcare data.
This policy covers appropriate use of any email sent from an AccuCode AI Inc. email address and applies to all employees, vendors, and agents operating on behalf of AccuCode AI Inc.
4.1 All use of email must be consistent with AccuCode AI Inc.’s policies and procedures of ethical conduct, safety, compliance with applicable laws (including HIPAA and other healthcare regulations), and proper business practices.
4.2 AccuCode AI Inc. email accounts should be used primarily for business-related purposes; personal communication is permitted on a limited basis, but non-AccuCode AI Inc. related commercial uses are prohibited.
4.3 All data contained within an email message or an attachment must be secured according to the Data Protection Standard. Special attention must be given to Protected Health Information (PHI) and healthcare records.
4.4 Any email containing PHI and/or healthcare records must be encrypted using public key cryptography. The ciphers used for encryption must be compliant with FIPS-140-3 standards.
4.5 Email should be retained only if it qualifies as a business record. Email is a business record if there exists a legitimate and ongoing business reason to preserve the information contained in the email.
4.6 Email that is identified as a business record shall be retained according to AccuCode AI Inc.’s Record Retention Schedule.
4.7 Users are prohibited from automatically forwarding email to a third party email system (noted in 4.9 below). Individual messages which are forwarded by the user must not contain confidential or above information, especially PHI.
4.8 Users are prohibited from using third-party email systems and storage servers such as Google, Yahoo, and MSN Hotmail etc. to conduct business, to create or memorialize any binding transactions, or to store or retain email on behalf of AccuCode AI Inc. Such communications and transactions should be conducted through proper channels using AccuCode AI Inc.-approved documentation.
4.9 Using a reasonable amount of AccuCode AI Inc. resources for personal emails is acceptable, but non work related email shall be saved in a separate folder from work related email. Sending chain letters or joke emails from an AccuCode AI Inc. email account is prohibited.
4.10 AccuCode AI Inc. employees shall have no expectation of privacy in anything they store, send or receive on the company’s email system.
4.11 AccuCode AI Inc. may monitor messages without prior notice. AccuCode AI Inc. is not obliged to monitor email messages.
5.1 Compliance Measurement The InfoSec team will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.
5.2 Exceptions Any exception to the policy must be approved by the InfoSec team in advance.
5.3 Non-Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.