01 Apr 2015

Stay in Compliance – Use Separate Email Accounts for Each Staff Member

0 Comment

Stay in Compliance – Use Separate Email Accounts for Each Staff Member

EMail-SecurityPassword management can be a hassle, especially for smaller practices, where time is at a premium and resources are often shared. It’s important to understand, though, that compliance with the Chapter 7 handbook requires that passwords not be shared, and that includes email account passwords too.

The Sample Rules of Behavior Governing Computer Use describe the minimum responsibilities of Trustees and their employees when using computer systems. The rules are clear, stating: “Do not share passwords with anyone” (Rule 10).

Beyond this simple rule, password sharing and sharing of email accounts puts the Trustee at risk of inadvertently sharing personally identifiable information (PII). Rule 4 of the Sample Rules of Behavior Governing Computer Use instructs:

Protect and safeguard all trustee information, including personally identifiable information (PII), per the sensitivity and value of the data at risk, from unauthorized access, unauthorized or inadvertent modification, disclosure, destruction, denial of service, improper sanitization or use, in accordance with applicable policy, practices, and procedures.

While sharing a password or email account may seem convenient, because the practice is not compliant, it exposes a Trustee to risk levels and consequences that outweigh the convenience factor.

Another potential issue with sharing passwords and email accounts is the security risks involved when employees are given an all-access pass to Trustee accounts. You may think you know your employees—famous last words—but in today’s volatile employment environment, it’s safer to act as if you don’t.

What would happen to your practice if an employee disappeared one day, with your case data in hand? By using separate passwords and email accounts, you give yourself the fine-grained access control to information that can protect your practice from security breaches and data and reputation loss.

Set Up Email Accounts For Free

It’s easy to set up additional email accounts for your staff. Free email accounts are available through Google, Microsoft, or your Internet service provider.

Create Rules to Automatically Forward Certain Emails to Staff Members

Once you have separate email accounts created for each staff member, you can set up forwarding rules so that, based on certain words in subject lines or specific sender email addresses, messages can be automatically routed to the email account for one (or more) of your staff members.

Contact BMS Hardware Technicians For Assistance

If you need assistance with setting up separate email accounts for your staff members, please contact the Hardware Support Technicians at the BMS Support Center for assistance.