Employees Policy

Next Health Choice is committed to ensuring all workforce members actively address security and compliance in their roles at Next Health Choice. As such, training is imperative to assuring an understanding of current best practices, the different types and sensitivities of data, and the sanctions associated with non-compliance.

Applicable Standards from the HITRUST Common Security Framework

  • 02.e - Information Security Awareness, Education, and Training
  • 06.e - Prevention of Misuse of Information Assets
  • 07.c - Acceptable Use of Assets
  • 08.j - Controls Against Malicious Code
  • 01.y - Teleworking

Applicable Standards from the HIPAA Security Rule

  • 164.308(a)(5)(i) - Security Awareness and Training

Employment Policies

  1. All new workforce members, including contractors, are given training on security policies and procedures, including operations security, within 30 days of employment.
    • Records of training are kept for all workforce members.
    • Upon completion of training, workforce members complete this form.
    • Ongoing security training is conducted monthly.
    • Current Next Health Choice training is hosted here.
  2. All workforce members are granted access to formal organizational policies, which include the sanction policy for security violations.
  3. The Next Health Choice Employee Handbook clearly states the responsibilities and acceptable behavior regarding information system usage, including rules for email, Internet, mobile devices and social media usage.
  4. All workforce members are educated about the approved set of tools to be installed on workstations.
  5. All new workforce members are given HIPAA training within 60 days of beginning employment. Training includes HIPAA reporting requirements, including the ability to anonymously report security incidents, and the levels of compliance and obligations for Next Health Choice and its Customers and Partners.
  6. All remote (teleworking) workforce members are trained on the risks, the controls implemented, their responsibilities, and sanctions associated with violation of policies. Additionally, remote security is maintained through the use of VPN tunnels for all access to production systems with access to ePHI data.
  7. All Next Health Choice-purchased and -owned computers are to display this message at login and when the computer is unlocked: This computer is owned by Next Health Choice, LLC. By logging in, unlocking, and/or using this computer you acknowledge you have seen, and follow, these policies (https://catalyze.io/policy/) and have completed this training (https://training.catalyze.io/). Please contact us if you have problems with this - support@nexthealthchoice.com.
  8. Request for modifications of access for any Next Health Choice employee can be made using this form.

More patient time, less office work

Get in touch with Next Health Choice today to learn more.


Next Health Choice is HIPAA and HITECH compliant. Our policies are available online for you to review.