Marduk Method
  • Components
  • Pricing
  • Contact
  • Sign In
  • Search
  • Default
    • Theme
May 21, 2026

Workforce Policies, Acceptable Use & Sanctions

# Workforce Policies, Acceptable Use & Sanctions This module covers the company's acceptable use policy and the consequences of HIPAA violations. ## Acceptable use policy Company systems, credentials, and PHI access are granted for work purposes only. **Prohibited at all times:** - Using PHI for personal purposes - Sharing access credentials with anyone (including colleagues) - Bypassing security controls (e.g., disabling encryption, logging in as another user) - Storing PHI on personal cloud services (Google Drive, Dropbox, iCloud) without approval - Using public AI/LLM APIs (ChatGPT, Claude.ai, Gemini) for tasks involving PHI - Accessing PHI outside your job scope (curiosity is not a HIPAA-permitted purpose) ## HIPAA violation severity and sanctions **Level 1 — Inadvertent, corrected immediately (documented warning):** - Single wrong-email disclosure, immediately recalled - Brief unattended screen in a low-risk area **Level 2 — Negligent or repeated (formal corrective action plan):** - Repeated accidental disclosures - Accessing PHI beyond minimum necessary - Failure to report a known incident within 24 hours **Level 3 — Willful or malicious (immediate termination + regulatory referral):** - Intentional unauthorized access to PHI - Knowingly failing to report a breach - Selling, copying, or disclosing PHI for personal gain - Sharing credentials that led to unauthorized access ## Termination and offboarding When your engagement ends (employment, contract, or project): - Return all company-owned devices within 24 hours - Confirm in writing that PHI has been deleted from personal devices - Your access credentials will be revoked by IT within 4 business hours of your last day - HIPAA confidentiality obligations survive termination indefinitely ## Reporting violations If you observe a potential violation — by yourself or a colleague — report confidentially to: - Security Officer: j@chimaro.ai - Privacy Officer: j@chimaro.ai **Retaliation against good-faith reporters is strictly prohibited and is itself a Level 3 violation.** ## Attestation Completing this module confirms you understand acceptable use requirements and sanction consequences.
← Back to Academy