COMPUTER PATIENT RECORD SYSTEM (CPRS) READ ONLY
RULES OF BEHAVIOR FOR
VETERANS SERVICE ORGANIZATION (VSO)
TITLE
ORGANIZATION
NAME
PHONE NUMBER
SOCIAL SECURITY NUMBER
E-MAIL
DATE OF BIRTH
The following security policies and rules of behavior apply to accredited representatives of VSOs who have
requested access to CPRS Read Only. Because written guidance cannot cover every contingency, personnel are
asked to go beyond the stated rules, using their best judgment and highest ethical standards to guide their
actions. Personnel must understand that these rules are based on Federal laws and regulations, as well as
Department of Veterans Affairs (VA) and Veterans Health Administration (VHA) Directives. As such, there are
consequences for noncompliance with these rules. Depending on the severity of the the violation, and as
s
authorized in Title 38 Code of Federal Regulations (CFR) s14.633, consequences can include: suspension of
access privileges, termination of accreditation, and criminal and civil penalties.
As an authorized user of CPRS Read Only having access to individually-identifiable health information, I
understand that I will be given sufficient access to perform my assigned duties for this project. I will use this
access only for its intended purpose. I understand that I am personally accountable for my actions.
I agree to notify the Chief, Health Information Management upon expiration of any Power of Attorney (POA)
for which I have been granted access to a veteran's individually-identifiable health information through CPRS
Read Only.
I agree to protect sensitive information from disclosure to unauthorized individuals or groups. I am aware that
information about patients and employees is confidential and protected by law from unauthorized disclosure
and I am aware of the regulations and VA security policies designed to ensure the confidentiality of all sensitive
information. I agree to acquire and use sensitive information only in accordance with the performance of my
official duties, using established security policies and procedures. This includes: properly disposing of sensitive
information contained in hard-copy or soft-copy, as appropriate, and ensuring that sensitive information is
accurate and relevant to the purpose for which it is collected, provided, and used. I understand that my
obligation to protect sensitive information does not end with the termination of my access to CPRS Read Only,
nor with the termination of my VSO involvement.
I agree to protect informing security through effective use of security mechanisms assigned to me, and to
protect my passwords (e.g., access and/or verify codes, electronic signature codes, and other security devices)
from disclosure. I understand that I am strictly prohibited from sharing these with my family, friends, fellow
workers, superior(s), and subordinates. I understand that I may be held accountable for all entries or changes
made to any government automated information system (AIS) using my passwords.
If I am provided access to electronic mail on VHA systems, I will exercise common sense and good judgment in
its use. I understand that electronic mail is not inherently confidential and I have no expectation of privacy in
using it. I understand that technical or administrative problems may create situations that require viewing of my
messages. I also understand that VHA management officials may authorize access to my electronic mail
messages whenever there is a legitimate purpose for such access.
I agree to report computer security incidents and vulnerabilities to the VHA Information Security Officer (ISO).
I agree to comply with all copyright licenses associated with VHA AIS resources. I agree to comply with the
personal use of government equipment in accordance with my site's local policies and procedures. I understand
that management has the right, in the course of an official investigation, to monitor, intercept, read, record, and
copy all information attributable to my access to this resource.
10-0400a
VA FORM
JUL 2002
COMPUTER PATIENT RECORD SYSTEM (CPRS) READ ONLY
RULES OF BEHAVIOR FOR
VETERANS SERVICE ORGANIZATION (VSO)
TITLE
ORGANIZATION
NAME
PHONE NUMBER
SOCIAL SECURITY NUMBER
E-MAIL
DATE OF BIRTH
The following security policies and rules of behavior apply to accredited representatives of VSOs who have
requested access to CPRS Read Only. Because written guidance cannot cover every contingency, personnel are
asked to go beyond the stated rules, using their best judgment and highest ethical standards to guide their
actions. Personnel must understand that these rules are based on Federal laws and regulations, as well as
Department of Veterans Affairs (VA) and Veterans Health Administration (VHA) Directives. As such, there are
consequences for noncompliance with these rules. Depending on the severity of the the violation, and as
s
authorized in Title 38 Code of Federal Regulations (CFR) s14.633, consequences can include: suspension of
access privileges, termination of accreditation, and criminal and civil penalties.
As an authorized user of CPRS Read Only having access to individually-identifiable health information, I
understand that I will be given sufficient access to perform my assigned duties for this project. I will use this
access only for its intended purpose. I understand that I am personally accountable for my actions.
I agree to notify the Chief, Health Information Management upon expiration of any Power of Attorney (POA)
for which I have been granted access to a veteran's individually-identifiable health information through CPRS
Read Only.
I agree to protect sensitive information from disclosure to unauthorized individuals or groups. I am aware that
information about patients and employees is confidential and protected by law from unauthorized disclosure
and I am aware of the regulations and VA security policies designed to ensure the confidentiality of all sensitive
information. I agree to acquire and use sensitive information only in accordance with the performance of my
official duties, using established security policies and procedures. This includes: properly disposing of sensitive
information contained in hard-copy or soft-copy, as appropriate, and ensuring that sensitive information is
accurate and relevant to the purpose for which it is collected, provided, and used. I understand that my
obligation to protect sensitive information does not end with the termination of my access to CPRS Read Only,
nor with the termination of my VSO involvement.
I agree to protect informing security through effective use of security mechanisms assigned to me, and to
protect my passwords (e.g., access and/or verify codes, electronic signature codes, and other security devices)
from disclosure. I understand that I am strictly prohibited from sharing these with my family, friends, fellow
workers, superior(s), and subordinates. I understand that I may be held accountable for all entries or changes
made to any government automated information system (AIS) using my passwords.
If I am provided access to electronic mail on VHA systems, I will exercise common sense and good judgment in
its use. I understand that electronic mail is not inherently confidential and I have no expectation of privacy in
using it. I understand that technical or administrative problems may create situations that require viewing of my
messages. I also understand that VHA management officials may authorize access to my electronic mail
messages whenever there is a legitimate purpose for such access.
I agree to report computer security incidents and vulnerabilities to the VHA Information Security Officer (ISO).
I agree to comply with all copyright licenses associated with VHA AIS resources. I agree to comply with the
personal use of government equipment in accordance with my site's local policies and procedures. I understand
that management has the right, in the course of an official investigation, to monitor, intercept, read, record, and
copy all information attributable to my access to this resource.
10-0400a
VA FORM
JUL 2002
I understand that all conditions and obligations imposed upon me by these rules apply during the entire time I
am granted access to this system, unless and until VHA releases me from these requirements in writing. I
understand that a violation of this notice constitutes disregard of Federal law, as well as local and/or VHA
s
policy and will result in appropriate disciplinary action as authorized in 38 CFR s14.633, including potential
termination of accreditation and access privileges, as well as criminal and civil penalties.
I have completed the VA Cyber Security Awareness Course and attached a copy of the certificate of completion
(The course is available online at http://vaww.vairm.vaco.va.gov/infosec/training/SecurityAwarness/index.htm)
I affirm with my signature that I have read, understand, and agree to fulfill the provision of these Rules of
Behavior.
Signature and Title
Date
Authorizing Official's Signature and Title
Date
Expiration Date (if applicable)
PLEASE RESUBMIT THIS FORM TO:
(Enter name and contact info of local ISO)
ADVERTISEMENT