immediately.  The security officer is responsible for seeing that all new members of the City’s
               workforce receive the notices regarding privacy and security within 30 days of hire.




               Physical Safeguards/Computer Access/Workstation Control

                       In general, the City has a number of other key security resources in place including but
               not limited to a password protection program which requires passwords to be changed every 90
               days and which will lock out prospective users who fail to enter the correct password three times
               in a row.  The City has also installed virus protection software and firewalls at every point where
               the computer system is connected to other networks, including the Internet.  Conversations
               regarding PHI are conducted in a manner that attempts to insure confidentiality.  Computer
               screens at the affected workstations have been positioned so that only authorized users can read
               the display.  The security officer is responsible for routine verifications of electronic data.  The
               security officer can request a periodic system audit report to review for unauthorized access and
               potential weaknesses in the system.

               Violations

                       All violations of the City’s HIPAA policies, including the security policy, will be treated
               seriously.  Disciplinary action, up to and including a suspension pending termination, will be
               rendered for said violation(s) in accordance with the City’s policies regarding conduct.  There
               are also HIPAA established penalties for a knowing misuse of unique health identifiers and
               individually identifiable health information, including a fine of not more than $50,000 and/or
               imprisonment of not more than one year.  If the misuse is “under false pretenses”, a fine of not
               more than $100,000 and/or imprisonment of not more than five years; and if misuse is with
               intent to sell, transfer or use individually identifiable health information for commercial
               advantage, personal gain, or malicious harm, a fine of not more than $250,000 and/or
               imprisonment of not more than 10 years.  These penalties do not affect penalties that other
               federal programs and/or the state may impose.  The sentence for a HIPAA violation varies
               depending on the violator’s intent.

                       The City, has addressed the technical security services and mechanisms set forth in the
               security rules.


                       O.  Basic Life/Accidental Death and Personal Loss Insurance

                       Automatic coverage under the City's group insurance program is provided to all full-time
               employees on the first day of the month following one month of continuous service.

                       The City pays the entire cost for the following coverage:

                         Life Insurance:  Amount equal to annual base salary rounded to highest $1,000 (up to
                          a maximum of $150,000.)


                                    City of Winston-Salem Employee Handbook November 2014 Revision         46