The Adobe file I'm attaching is an easy and interesting read about the various ways a computer can be compromised by web sites.  The Word document is Dr. Crawford's original memorandum about the setup of the proxy server.

I'm in the process of crafting - or trying to craft - a policy statement similar to the time clock policy to apply specifically to computers that access PHI.  We've already started doing some restriction in the clinics, and we need to apply similar restrictions to the billing computers.  That's why I suggested adding Cina to our group.  We've got the same problems there that I've observed in some of the computers downstairs.  We need to discuss with Cina how the various members of her staff use the internet.  It may be that these folks - or some of them - need to be restricted like team leaders; that is, restricted from known problem sites but not as tightly restricted as most of the clinic machines.  I really don't know the answer to that at this point.  But, like team leaders, we need to put in the policy a defensible statement that warns them about obvious personal surfing on a computer that accesses PHI.

Barbara, I can't remember if we ever managed to nail down a date and time to meet to discuss internet access restrictions.  Can you refresh our memory?

Thanks

Jim