I am a member of a HIPAA security team, and one of our tasks is to review and revise our Email and Internet usage policy. Our goals are:
1) Restrict Email and Internet usage
2) Not restrict it so much so that we can only use it for business. We don’t want to be the email police, or by policy have to terminate someone because their Grandma sent them an email.
In summary, we want a policy that restricts usage, while still giving our employees a little leeway to visit sites like TechRepublic, CNN, MSNBC, etc…
Does anyone out there have some suggestions or policies?