Security Policy

Independent Healthcare Management and its affiliated clinics (IHM) and subsidiaries view all information residing in its various systems as a company asset. Information includes, but is not limited to: clinical/patient, technical, financial, staffing, payroll, computer systems, marketing, advertising, merchandising, product, benefits, customer data, trade secrets, branding or other information similar to the aforementioned on paper, voice, electronic or any form.

Information security policies and related documents are created, developed and published as a means to implement IHM’s management intent, direction, and support for information security in accordance with IHM’s business requirements, operational and administrative functions, and relevant laws, regulations, and contractual agreements.

It is the intent of these documents, labeled as IHM Information Security Policies, Standards, and Procedure, to supersede all other policies, guidelines, standards, and procedures.

It is vitally important to IHM’s reputation, operation and financial well-being that information assets contain mechanisms to ensure the confidentiality, integrity and availability of resources owned and controlled by IHM. These controls must protect enterprise information assets, and the business processes they support, against unauthorized use, disclosure, transfer, modifications or destruction, whether accidental or intentional, or the denial of availability of these assets or business processes to authorized users. In addition, legislative requirements governing the misuse of computers and the protection of personal data require a commitment to ensuring the security of those resources. Violations of these policies should be dealt with by Executive Leadership. Failure to comply with these policies may result in disciplinary action, up to and including termination of employment as well as civil and/or criminal actions.

This document establishes the basis of information security policies, related documents that establish criteria for access to, through or from IHM’s communication networks. The information security policy is intended to establish the information security criteria, means, methods, and measures to protect the confidentiality, integrity, and availability of IHM’s information assets and communication networks. The policy will establish the rules for the access and use of data, information and the network infrastructure; and to mitigate the risks and losses associated with security threats to the networks, data assets, and information resources.

IHM’s approach to information security is a process. This process begins with strategic information security policies from IHM’s management. With the understanding that certain procedures may not be currently in place to fully comply with these policies, it is intended that all reasonable efforts be made to bring such procedures into compliance with these documents.