The EHRI project office is responsible for ensuring an adequate level of protection and security is afforded to the eHR system.  The requisite level of protection and security is accomplished through an appropriate mix of technical, administrative, and managerial controls including written guidance.  Because written guidance cannot cover every contingency, the following Rules of Behavior are provided to further stipulate the responsibility of the users of the eHR System.


All persons must understand that these Rules of Behavior are based on Federal laws and regulation and, as such, there are consequences for violation of these rules.  Depending on the severity of the violation, at the discretion of management and with due process of law, consequences can include: reprimand; removal of access privileges; suspension, demotion, or termination from work; and criminal and civil penalties. 


Rules of Behavior


I understand that, when using the eHR System, I am personally accountable for my actions and that I must:


  1. Protect data in accordance with the Privacy Act of 1974;
  2. Protect sensitive information from disclosure to unauthorized individuals or groups;
  3. Acquire and use sensitive information only in accordance with the performance of my official government duties;
  4. Agency point-of-contact must protect information security by properly identifying Agency employees eligible as users of EHRI;
  5. Dispose of sensitive information contained in hardcopy or softcopy, as appropriate;
  6. Ensure that sensitive information is accurate and relevant for the purpose which it is collected, provided, and used;
  7. Protect my access codes from disclosure;
  8. Report security incidents and vulnerabilities to the EHRI project office;
  9. Comply with the provisions of copyrighted software by not infringing upon or compromising (copy, distribute, manipulate, etc.) software of this system.
  10. Ensure all changes to eHR System components and data are done via approved configuration control procedures;
  11. Use government equipment in accordance with my site’s/Agency’s policies and procedures;


I understand that all conditions and obligations imposed upon me by these rules apply during the time I am granted access to this system regardless of location. 


I understand that the EHRI project office reserves the right, to terminate or suspend my access and use of the eHR System, without notice, if there is a violation of these Rules of Behavior.