User Access Agreement

TREND User Access Agreement

Agreement & Terms

This User Access Agreement (“Agreement”) is required to be read, signed, and complied with by all third-party users as a condition of accessing the information system(s) and/or environment(s) owned and/or managed by TREND Health Partners, LLC (“TREND”). The following information explains and governs your use and exposure to Confidential Information as a user of the information system (“System”).

For the purpose of this Agreement, phrases such as “you” and “your” shall apply to (a) you as an individual, (b) the company or organization on behalf of which you are exercising rights and incurring obligations pursuant to this Agreement, and (c) employees, agents and contractors authorized by you or your company or organization, in each case as the context demands. Phrases such as “we,” “us,” “our,” and “Company” shall refer to TREND.

You, your employer, or your affiliated organization may have a separate written agreement with TREND. If a conflict or inconsistency between this Agreement and another agreement exists, the relevant provision(s) established by the other agreement will supersede this Agreement.

TREND is dedicated to safeguarding and maintaining the confidentiality, integrity, and availability of client, provider, proprietary, and vendor information (collectively “Confidential Information”) regardless of whether the information is written, electronic, or verbal. Confidential Information includes, but is not limited to:

Patient Information or Protected Health Information (“PHI”) or any information relating to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for provision of health care to an individual. PHI includes demographic information, e.g. address, telephone number, employer, date of birth, next of kin, and identification numbers.

Personnel Information or details relating to a person’s status as a member of TREND’s workforce, including but not limited to compensation, employment records, accommodations, and disciplinary action.

Proprietary Information or any private (not publicly available) information about TREND’s operations, associates, plans, strategies, development, financial information, statistical records, source code, proprietary technologies, purchasing information, pricing, marketing, contacts, and vendors.

Individuals signing this Agreement may only access, use, and disclose Confidential Information as needed to perform their job responsibilities, and only as permitted by TREND’s policies and applicable law. Any compromise of Confidential Information or login details of which the individual becomes aware shall be immediately reported to TREND’s privacy office at privacy@trendhealthpartners.com or (888) 272-4224.

Usage and Access Rights

Users of TREND information and information systems shall read, acknowledge, and adhere to the following rules prior to receiving management’s authorization to access the information system and its resident information:

Monitoring

TREND information systems will be monitored for all lawful purposes. All information (including personal or confidential information) placed on or sent over these systems may be examined, recorded, copied, used, or disclosed for authorized purposes. All information collected during monitoring may be used for purposes of any administrative, civil, or criminal action or proceeding. By accessing the information system, the user acknowledges they do not and should not expect the right to privacy while using the systems.

Information Systems

Always act in accordance with TREND’s information security policies. A copy of the latest version has been provided alongside this Agreement.

Any user who violates TREND security policies or interferes with federal or state investigations through willful misrepresentation or omission of facts or using threats or harassment against any person may be subject to penalties including but not limited to loss of access, termination of contract, and/or legal sanctions.

Access for all accounts, including those for network and security devices, requires multi-factor authentication and must be obtained through a centralized point of authentication such as Active Directory.

Access to systems and data is dependent upon job requirements or “need to know”. Users will be limited to only the minimum amount of access required to perform assigned duties.

Never use another person’s account, identity, password/passcode/PIN, or allow others to use information resources provided to you to perform your official work duties and tasks.

A User-ID or Username is considered equivalent to a user signature. To this end, individuals are responsible for all actions made under their User-ID and/or Username. Shared accounts or passwords are strictly prohibited.

Users who perform privileged functions (e.g., system administration) will use separate accounts when performing those privileged functions.

Password security to all systems is to be maintained by not revealing passwords to anyone, including supervisors and IT staff. Passwords must not be written down or stored in plain sight. Passwords must be stored in an encrypted format.

Promptly change passwords when required by policy and when you suspect a password has been compromised.

Security safeguards, policies, systems configurations, or access control measures must not be circumvented or bypassed without explicit authorization.

Internet and Email

Users are encouraged to use the Internet and TREND intranet to assist in the performance of their jobs.

Authorized uses include, but are not limited to the following:

Client services, human resources, education, and research

Electronic communication

Professional purposes and procurement of information from external sources

Unacceptable Use of Internet and E-mail:

Visiting Internet sites that contain obscene, hateful, or other objectionable materials; sending or receiving any material, whether by e-mail, voice mail, memoranda, or oral conversation, which is obscene, defamatory, harassing, intimidating, offensive, discriminatory, or which is intended to annoy, harass, or intimidate another person.

Using personal email and/or storage/service accounts to store/transmit TREND data and/or conduct TREND business.

Using the Internet or E-mail for any unlawful activity or for personal gain.

Connecting to unsecured Wi-Fi networks (e.g., airports, hotels, restaurants, etc.)

Clicking on links or opening attachments sent via email or text message from unexpected or untrusted sources without validation.

Uploading, downloading, or otherwise transmitting commercial software or any copyrighted materials belonging to external parties without explicit authorization.

Revealing or publicizing sensitive information which includes, but is not limited to protected health information, financial information, confidential client information, marketing strategies and plans, databases and any information contained therein, client lists, computer software source code, business relationships, computer security, or incident activity.

Reproducing, distributing, or displaying copyrighted materials without prior permission of the copyright owner. This includes text, images, photographs, sound files, and other legally protected works.

Representing personal opinions as those of the organization or purporting to represent the organization when not authorized to do so.

Engaging in non-business activities including the use of personal social media and networking sites, games, and streaming audio or video material not beneficial to the organization.

Downloading executable files, programs, applications, and patches into TREND’s environment.

Information Handling

Confidential information should always be protected by:

Minimizing its use.

Being aware of your surroundings, shielding or positioning your screen away from others, and not discussing confidential information in public.

Limiting the printing of documents to the minimum necessary.

Masking confidential elements whenever possible.

Encrypting confidential information at all times.

Never sending unencrypted confidential information outside of the organization by end-user messaging technologies (e.g., email, instant messaging, and chat).

Never sending confidential information over facsimile (FAX), unless it cannot be sent over other, more secure channels, e.g., delivery by hand, secure email.

Never leaving documents containing covered or critical information unsecured including on printing systems (e.g., copiers, printers, and facsimile machines).

Never using cellphones or similar devices to photograph, record, or copy TREND information, or that of any client, workforce member, or stakeholder.

Only storing information in approved locations.

Properly disposing of all physical media and printed information as soon as it is no longer needed.

Always locking screens when walking away from your workstation by using a method such as ⊞ Win + L.

Approved system locations include production applications and environments that are installed and operated by TREND such as TRENDConnect, SharePoint, Outlook, OneDrive, and Citrix. Confidential data should NEVER be used in non-production locations such as test and development applications and environments, unapproved local/network locations, or unsanctioned applications and devices.

Devices

Third-party users who access protected health information on TREND’s network, other than via http://www.trendconnectme.com, may do so only via assigned mobile devices (laptop, smartphone) managed by TREND. By using a personal device to perform contracted duties for Trend Health Partners, you agree that you will not require access to protected health information in order to provide contracted services

Managed devices ensure that proper hardware and software support and maintenance are provided, and that technical controls and configuration are in place. Using a personal device to access TREND’s system(s) and information implies your acceptance of implementing equivalent precautions, including ensuring proper hardware and software support and maintenance, as well as implementing technical controls and configurations such as anti-tampering measures, antimalware, web filtering, and patching.

The use of removable media (e.g. external hard drives, USB thumb drives) to store TREND data or information, or that of our clients, is strictly prohibited.

Always keep your mobile device(s) with you or properly secured.

Physically secure your mobile device by using cable locks or locking the mobile device in a secure location (such as a locked drawer or designated area, e.g. an office) to prevent unauthorized users from accessing data through or on the device.

Never leave a mobile device or a bag containing a mobile device visible in your vehicle. Lock the mobile device or secure within a bag in a closed trunk. If that is not possible, take the device(s) or bag with you.

To avoid damage or theft, never check your equipment when traveling. Computers or other mobile devices should remain in your possession with your carry-on luggage.

Remote Access and Teleworking

System access, including remote access, is always limited by TREND to the information and resources required by users to complete job duties.

Third Party users must ensure that any self-managed device which is permitted to connect to the System is running vendor supported versions of the operating system and application software. The device must also be utilizing antimalware protection and have all applicable and available security patches and definitions applied.

Users agree to establish a dedicated workspace environment, which can accommodate:

Minimal interruptions

Ability to maintain agreed upon working hours

Protection from unauthorized use or access including family and friends

Adequate power and connectivity including a secure internet connection

Users must also do the following, at minimum, to secure their home network:

  • Change your router’s password from the default
  • Ensure router firmware updates are installed as soon as possible
  • Enable WPA2 (AES) or better encryption with a strong password when using Wi-Fi

Incident Reporting

If you become aware of or suspect fraudulent or unlawful activity or any other activity that threatens the security or confidentiality of the System, its content, operations, or any part thereof, or appears to be a misuse or unauthorized access to any Confidential Information, you are obligated to immediately report the activity to TREND. We require that you also report to us any activity on or regarding the System that comes to your attention that is inappropriate, abusive, or otherwise problematic. TREND reserves the right but not the obligation to pursue actions against any such wrongdoers.

Nothing in this Agreement shall be construed to prohibit or restrict TREND from complying with any applicable laws, law enforcement requests, subpoenas, legal requirements, and legal reporting obligations relating to your or another user’s use of the System, its information, or its user information. TREND reserves the right to report to local, national, or international law enforcement agencies abuse and violations of this Agreement, including, without limitation, those that may compromise the safety of you or users of the System or the subjects of information sent through the System.

To report any of the foregoing problematic or potentially problematic activity, please send e-mail to security@trendhealthpartners.com and/or privacy@trendhealthpartners.com as applicable. You may also reach the security and privacy teams by mail: Trend Health Partners, ATTN: Security and Compliance, 20 Wight Ave, STE 150, Hunt Valley, MD 21030.

To submit a report anonymously, you may also utilize the following incident reporting hotlines:

Contact Us

To report informational inaccuracies or to contact us regarding any other aspect of the System, please contact us at info@trendhealthpartners.com.

User Acknowledgement

By acknowledging this Agreement, I hereby attest that:

I have read and understand the information set forth herein and agree to comply with the terms of this Agreement as well as all of TREND’s information security policies and any applicable laws.

I understand that access to Protected Health Information (PHI) on TREND’s network is restricted to company-managed devices and I agree that I will not attempt to access such information from any other device.

I understand that if I violate any of the agreed upon terms, I may be subject to loss of privileges, termination of contract, legal action, and/or any other remedy available to TREND Health Partners, LLC.