An employee or other authorized user is authorized by management to have remote access connectivity to MPHC resources if there is a clear mission-related need.

1. All remote access connections and services that connect to MPHC resources, whether furnished by MPHC or by the user, shall be used only by the individual authorized below and for authorized use only.
2. All authorized users who have been provided remote access to the MPHC network must complete HIPAA Security Training. Users are required to take the course annually.
3. All authorized users shall ensure that resources remain secure from damage and unauthorized use in accordance with all MPHC IT security policies and procedures.
4. Authorized users are also responsible for:
• Ensuring that systems are secure and that anti-virus software is installed, running, and updated regularly on all end user remote access systems prior to using them.
• Ensuring that, they utilize, maintain, and store sensitive information on MPHC servers when feasible unless the information is encrypted. The minimum acceptable level of encryption is AES-128 bit.
• Notifying their supervisor and the IT Service Desk (207-253-6200) when remote access resources and services are no longer required.
5. IT will review all remote access accounts at least annually to ensure that there is a continuing need for the remote access resources and privileges.

Any remote access user found to have violated these standards and procedures is subject to cancellation of his or her remote access service and disciplinary action.