EpicCare Link New Site Request
Northwestern Memorial HealthCare (NMHC)'s computer network and applications are an essential part of patient care, payment and operations (TPO). I understand that my staff will be using NMHC's network as their job relates to TPO. Access to and use of information systems are covered under appropriate NMHC security and privacy policies.
As a covered entity under HIPAA I agree to the following when requesting my staff to have access to NMHC's protected health information (PHI):
- I agree to provide periodic security and privacy training for my staff that use NMHC’s Information Systems.
- I agree to require each user to complete a background check pursuant to NMHC’s policies. I will provide the results to NMHC upon their request.
- I agree to take all reasonable precautions to assure that the PHI entrusted to my staff will be accessed only on a "need to know" and "minimum necessary" basis, that it will not be disclosed to unauthorized persons, and will not be used for personal purposes.
- I agree to request individual access for each staff member that needs to access NMHC network resulting in each staff member having their own individual logon and password.
- I agree that my staff will not share passwords.
- I understand that my staff's access will be disabled when their account has not been used in 90 days and my staff will have to contact Information Security to have their access reinstated. I also understand that their access will be terminated after 6 months of non-use.
- I agree to notify or have my designee notify the NMHC Information Security Department by contacting the NMHC Service Desk 312.926.4357 within one week of departure, when my staff with system access terminates from my employment. I will not re-use ID and passwords from terminated individuals on existing or new employees.
- I acknowledge that I retain the legal responsibility to identify my staff if there are any questionable incidents needing investigation and agree to cooperate fully with any investigation that may occur.
- My organization will be accountable for any inappropriate activity regarding privacy and\or security breaches by my staff. This may include removal of access privileges and notification of the appropriate authorities as deemed necessary.
- I agree to promptly report all known or suspected violations to the CISO, Northwestern Medicine's Chief Information Security Officer, at ITSOC@nm.org.