Ohio Revised Code

• Chapter 3707: Board Of Health

• Chapter 3709: Health District

Equal Employment Opportunity Policy
 

2.02 Equal Employment Opportunity

The PCHD is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, age, national origin, disability, military status, genetic testing, sexual orientation, gender identity, gender expression or other unlawful bias except when such a factor constitutes a bona fide occupational qualification. All personnel decisions and practices including, but not limited to, hiring, suspensions, terminations, layoffs, demotions, promotions, transfers, and evaluations, shall be made without regard to the above listed categories. The PCHD intends for all of its policies to comply with federal and state equal employment opportunity principles and other related laws.

The PCHD condemns and will not tolerate any conduct that intimidates, harasses, or otherwise discriminates against any employee or applicant for employment on the grounds listed above. Anyone who feels that their rights have been violated under this policy should submit a written complaint of discrimination to the Health Commissioner and Personnel Officer within PCHD, each of who shall have the authority and responsibility to work directly with the Portage County Human Relations Office to investigate and take appropriate action concerning the complaint.

Adopted: 11/17/2015

Notice of Privacy Practices
 

2.25 Confidentiality (HIPAA)

All employees are expected to respect the confidential nature of professional records and conferences. Information pertaining to the health status of individuals and families should only be released at the written approval of the recipient patient.

PCHD adheres to regulations outlined in the Health Insurance Portability & Accountability Act of 1996 (HIPAA). The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes. 

The Privacy Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information. 

Public Records and Confidentiality:

E-Mail

This policy advises staff and management of their responsibilities and provides guidance in managing information communicated by e-mail.

Access to E-mail Services

E-mail services are provided to all employees as resources allow.

Use of E-mail

E-mail services, like other means of communication, are to be used to support agency business. Staff may use e-mail to communicate informally with others in the agency so long as the communication meets professional standards of conduct. Staff may use e-mail to communicate outside the agency when such communications are related to legitimate business activities and are within their job assignments or responsibilities. Limited personal use of e-mail on an employee’s own time are acceptable; however, if this use becomes excessive, it may be restricted. Staff will not use e-mail for illegal, disruptive, unethical or unprofessional activities, or for personal gain, or for any purpose that would jeopardize the legitimate interests of the agency.

Privacy and Access

The information communicated over agency e-mail systems is subject to the same laws, regulations, policies, and other requirements as information communicated in other written forms and formats.

E-mail messages should not be considered private and employees do not have an expectation of privacy with respect to received or transmitted email messages. E-mail system administrators will not routinely monitor individual staff member’s e-mail. However, managers and network administrators/technical staff may be authorized to access an employee’s e-mail:

a. For a legitimate business purpose (e.g., the need to access information when an employee is absent for an extended period of time;

b. To diagnose and resolve technical problems involving system hardware, software, or communications;

c. And/or investigate possible misuse of e-mail when a reasonable suspicion of abuse exists or in conjunction with an approved investigation.

A staff member is prohibited from accessing another user’s e-mail without his or her permission.

Email messages sent or received in conjunction with agency business could be released to the public under the terms of the Freedom of Information statute. E-mail messages including personal communications may be subject to discovery proceedings in legal actions.

Security

E-mail security is a joint responsibility of computer technical staff and e-mail users. Users must take all reasonable precautions to prevent the use of the account by unauthorized individuals by changing their passwords when prompted to do so by computer technical staff. Users can reduce the risk and damage from virus attacks by not opening e-mail attachments with an unknown file type or unusual name, or sent by someone unknown to the user.

Confidential Client Information and E-mail

E-mail transmitted over the Internet (as opposed to within the agency’s e-mail system) is not considered secure. Confidential client information should not be transmitted via the Internet without using an encryption method that has been approved by the relevant state or federal agency that may have jurisdiction over the record.

No electronic or paper records shall be released to comply with an Ohio Public Records request or a Federal Freedom of Information request or other discovery action without prior review by the agency to determine if they include information that is protected by law from being released. The County Prosecutor can provide guidance to clarify what information cannot be leased and review agency decisions about information that is being withheld.

Management and Retention of E-mail Communications

E-mail created in the normal course of official business and retained as evidence of official policies, actions, decisions or transactions are records subject to records management requirements of Ohio law and specific program requirements.

Records communicated using e-mail need to be identified, managed, protected, and retained as long as they are needed to meet operational, legal, audit, research or other requirements. Records needed to support program functions should be retained, managed, and accessible in a separate filing system outside the e-mail system in accordance with the program’s standard practices.

Transient messages that would not normally be considered public records, similar to phone messages, announcements of social events, personal messages, and copies of documents distributed for convenience can and generally should be deleted from the e-mail system when they are no longer needed.

Roles and Responsibilities

Division Directors will maintain proper record keeping practices in their area of responsibility in accordance with the agency’s approved records retention schedule with respect to e-mail. They will train staff in appropriate use and be responsible for ensuring the security of physical devices, passwords, and proper usage.

The Portage County network administrator is responsible for backup and disaster recovery for active e-mail messages in the department’s post office but does not cover those deleted files by the user. The user is able to set the time frame when deleted files are to be permanently deleted from the system. Therefore, these files are not the network administrator’s responsibility should those files not be available on backup.

All e-mail users shall:

1. Be courteous and follow accepted standards of etiquette, including e-mail etiquette as outlined in the employee handbook.

2. Avoid messages or jokes that could be construed as harassment or offensive.

3. Refrain from using e-mail for operating any privately-owned business or commercial enterprise.

4. Protect other’s privacy and confidentiality.

5. Consider organizational access before sending, filing, or destroying e-mail messages.

6. Protect their passwords.

7. Comply with agency, and program policies, procedures, and standards.

8. Comply with all state and federal laws and regulations.

Employees accessing the agency’s e-mail system, network, or the Internet are representatives of the PCHD, and are expected to behave accordingly. Employees who are unsure of what constitutes appropriate behavior should ask themselves the question: “Will my actions reflect well on the PCHD?”

Adopted: 11/17/2015