Overview
At HealthCompany, protecting patient data and internal systems is a top priority. This article outlines our core IT security principles and what staff need to do to stay compliant and secure.
Who This Applies To
All employees, contractors, and vendors who access HealthCompany systems, devices, or data.
Key Security Responsibilities
- Use Strong, Unique Passwords
- Minimum 12 characters, including uppercase, lowercase, number, and symbol
- Avoid reusing passwords from other systems
- Use the company-provided password manager if available
- Lock Your Device
- Always lock your screen when stepping away, even for a minute
- Use automatic screen locks with a timeout of 5 minutes or less
- Do Not Share Accounts
- Every user must have their own login credentials
- Shared logins are strictly prohibited
- Stay Up-to-Date
- Ensure your device is regularly updated with the latest security patches
- Install only IT-approved software
- Report Suspicious Activity
- Unexpected emails? Pop-ups asking for login info? Report them immediately via the Help Center > Report a Security Concern
Prohibited Behaviors
🚫 Installing unauthorized software
🚫 Using personal cloud services (e.g., Dropbox, Google Drive) for work files
🚫 Sharing patient data via SMS or personal email
🚫 Plugging in unverified USB devices
Resources
- Full IT Security Policy (PDF) [Download Here]
- Quick Guide: Reporting Phishing Emails
- FAQ: What Happens If I Lose My Device?
Need help or have a question about this policy?
Submit a request via Help Center > IT Security & Privacy.