Employee Handbook v.2025

CODAC may, in its discretion, review communications to and from a personal account, subject to state laws regarding attorney-client communications. If an employee wants to communicate with an attorney or send an otherwise confidential piece of communication that they do not want CODAC to monitor, the employee should consider using a personal email address and personal computer equipment. If an employee does use CODAC equipment, they consent to any monitoring by CODAC and should understand that they have no right to privacy with respect to such communications, to the extent permissible under applicable law. VIRUS PROTECTION To prevent computer viruses from being transmitted through the system, employees are not authorized to download any software from the internet onto their computer or any drive in that computer. Additionally, to this end, foreign media such as USB Flash Drives or external Hard Drives are not permissible and should not be plugged into any computer. The only exception to this rule is when a patient/member requests a copy of their medical records. Although records may be delivered via the patient portal, it is permissible to provide said records as long as CODAC’s Medical Records Department uses a brand new, out of the package, USB flash drive to prevent the infection from viruses. CODAC maintains virus protection software on all network servers and filters all inbound and outbound email for virus attachments. Email containing a virus will be quarantined and both the sender and recipient will be informed. If the virus can be removed, the message will be forwarded to the recipient. MOBILE DEVICE USERS CODAC recognizes that employees benefit from increased convenience and productivity when accessing CODAC's information systems using a dual-use device. But, a dual-use device can pose certain risks for CODAC. Employees may use a dual-use device to conduct CODAC business and access CODAC's information systems PROVIDED THAT the user complies fully with policy Admin-344 Bring Your Own Device., violation could result in loss of the privilege to use a dual-use device as well as disciplinary action, up to and including termination of employment. A dual-use device means any portable electronic storage device owned by CODAC or an employee and approved by CODAC for use by the employee to conduct CODAC business and/or access CODAC's information systems. Approved dual-use devices include iOS devices like iPhone or iPad, or other mobile devices like laptops. The purpose of Admin policy 344 is to establish requirements for employees who wish to enjoy the benefits of a mobile device while reducing the risks to CODAC. In particular, this policy is intended to (a) protect CODAC's information systems against malicious software and code; (b) prevent unauthorized access to, and use, disclosure, or acquisition of, CODAC's confidential and proprietary information; and (c) ensure that CODAC can, at any time, obtain access to, and exercise control over, CODAC's information. Since these devices are accessing CODAC information like emails and documents of any type, CODAC requires that Mobile Device Management (MDM) software be installed on the device regardless of who owns the device. The purpose of the MDM is to ensure that CODAC data is protected by enforcing CODAC security policies and can be “wiped” clean should the device be lost or stolen. The MDM will not interfere or monitor any

Employee Handbook v. 05.2025

Page 44|50