| The purpose of this policy is to ensure:
Proper use of County information assets owned, leased, managed, operated, or maintained by, or in the custody of the Los Angeles County Department of Mental Health (DMH) by both DMH and non-DMH workforce members, through the establishment of minimum standards for the protection of County assets including data that contains Personal Identifiable Information (PII) or Protected Health Information (PHI).
Only those DMH and non-DMH workforce members, who accept and abide by the terms described in this policy are permitted and granted authorization to access County information assets and data.
DMH workforce members performing in a management or supervisory capacity, who oversee DMH and non-DMH users with access to County information assets, certify that their subordinates sign the acknowledgment prior to providing access.
|
| This policy applies to all DMH and non-DMH workforce members, including employees, volunteers, interns, contractors, sub-contractors, consultants, vendors and business associates that electronically access, process, store and/or transmit County PII and/or PHI.
The DMH Human Resources Bureau must ensure that each new DMH and non-DMH workforce member receive and sign an acknowledgment of the acceptable use for County Information Technology (IT) resources policy during the new hire orientation (or, for vendors, before work begins) and that each user re-signs this acknowledgment during the annual Performance Evaluation process. Signed acknowledgments will be filed in the user's official personnel folder (or vendor file).
It is every County Workforce Member's duty to access and use County Information Assets responsibly, professionally, ethically, and lawfully. Proper use of County IT Resources must be adhered to by both DMH and non-DMH workforce members and strictly enforced by management in accordance with DMH Policy 553.02, the County Fiscal Manual, and other County and DMH policies and procedures.
Use of passwords to gain access to County IT Resources or to encode particular files or messages does not imply any expectation of privacy in the material created or received. No expectation of privacy is conveyed to DMH and non-DMH workforce members concerning their activities related to the use of County information assets, including, without limitation, in anything they create, store, send or receive using County information assets. All users activities are subject to periodic auditing and may be monitored, logged, stored, investigated or made public by authorized personnel at any time, without notice or consent.
No person may possess a County information asset without authorization. Access to County IT Resources and accounts are privileges granted to individual users based on their job duties, and may be modified or revoked at any time. Whenever a DMH and non-DMH workforce member is granted authorization to possess or access an information asset, such authorization does not convey any implication of property right to either the physical asset or the information it may contain. As a condition of accessing or possessing any DMH-owned information asset, DMH and non-DMH workforce members consent to access of the physical asset and information pursuant to Cal. Pen. Code sec. 1546 et seq. by authorized County personnel, specifically including administration, operation, law enforcement, Countywide Computer Emergency Response Team, Auditor-Controller and Cyber Investigation Response Team personnel.
DMH workforce members who violate this policy may be subject to appropriate disciplinary action up to and including discharge as well as both civil and criminal penalties. Non-DMH workforce members, including, without limitation, contractors, may be subject to termination of contractual agreements, denial of access to County information assets, and other actions as well as both civil and criminal penalties.
|
