Skip to main content
Skip table of contents

AI Usage Policy at HealthLink Dimensions

Overview

The intentions for publishing an Artificial Intelligence Acceptable Use Policy are to ensure employees leverage Artificial Intelligence programs that align with HealthLink Dimensions’ established culture of compliance, innovation, and integrity. HealthLink Dimensions is committed to protecting its employees, partners, and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.
Artificial Intelligence programs are to be used for business purposes in serving the interests of the company, and of our clients and customers in the course of normal operations.
This policy is vital for ensuring that employees not only benefit from the enhanced efficiency, innovation, and informed decision-making that AI offers, but also operate in a secure environment safeguarded against risks like data breaches and intellectual property damage, while maintaining compliance with company standards and legal regulations.

Purpose

The purpose of this policy is to outline the acceptable use of Artificial Intelligence at HealthLink Dimensions. These rules are in place to protect the employees, partners, and HealthLink Dimensions. Inappropriate use exposes HealthLink Dimensions to risks including data breaches, damage to HealthLink Dimensions’ intellectual properties, information leak, brand damage, and compliance risks.

Scope

This policy governs the utilization of various tools, including but not limited to Generative AI, AI Image Generator, Presentation AI, AI Data Visualization, Scheduling AI, and Meeting AI, in the execution of HealthLink Dimensions' daily operations and business assignments. All employees, contractors, consultants, temporary, and other workers at HealthLink Dimensions and its subsidiaries are responsible for exercising good judgment regarding appropriate use of Artificial Intelligence in accordance with HealthLink Dimensions policies and standards, and local laws and regulation. Exceptions to this policy are documented in section 5.2.

Policy

General Use and Ownership

  • HealthLink Dimensions proprietary information generated by Artificial Intelligence whether generated by HealthLink Dimensions, the employee or a third party, remains the sole property of HealthLink Dimensions. You must ensure through legal or technical means that proprietary information is protected in accordance with the Data Protection Standard.

  • All employees at HealthLink Dimensions must promptly report potential risk of data leaks and non-compliance of proprietary information.

  • You may access, use or share HealthLink Dimensions proprietary information only to the extent it is authorized and necessary to fulfill your assigned job duties.

  • Employees are restricted from utilizing company-licensed Artificial Intelligence programs for any personal purposes.

  • For security and network maintenance purposes, authorized individuals within HealthLink Dimensions may monitor user activities and usage at any time, per Audit Policy.

Security Compliance

  • All Artificial Intelligence user accounts must comply with the Password Policy. Providing access to another individual, either deliberately or through failure to secure its access, is prohibited.

  • All Artificial Intelligence users need to go through 30 minutes AI ethics, safety, and policy training provided by HealthLink Dimensions.

  • The use of any unauthorized Artificial Intelligence programs is strictly prohibited, and obtaining appropriate approval through the designated process is mandatory for authorization.

  • It is mandatory for all HealthLink Dimensions' employees utilizing AI programs to explicitly acknowledge the use of AI in any content that is prepared for or presented to internal HLD staff, clients, vendors, or any external audiences. Below is the standard footer all staff should use:

    • “This content has been developed with the assistance of artificial intelligence (AI) to ensure high quality and efficiency. Each output is subsequently reviewed and edited by a human for accuracy and relevance. HealthLink Dimensions is committed to transparent and responsible use of AI, complemented by human oversight, in enhancing our services and communications.”

Acceptable Use

  • HealthLink Dimensions employees are responsible for exercising sound judgement regarding use of Artificial Intelligence for daily business operations.

  • Employees are permitted to use Artificial Intelligence programs for general information and knowledge searches, allowing them to retrieve relevant insights and enhance their understanding of various subjects within the scope of their responsibilities. HealthLink Dimensions supports efficient knowledge exploration and information retrieval.

  • Employees are permitted to utilize Artificial Intelligence programs for various content generation tasks, including the creation of emails, reports, image generation, and data analysis. This authorization aims to enhance efficiency and streamline processes in these specific areas through the responsible use of AI technologies.

  • Employees are permitted to leverage AI for writing assistance, encompassing support in areas such as grammar, spelling, usage, context, and addressing wordiness. This authorization aims to enhance the overall quality of written communication by utilizing AI tools for refining language and ensuring clarity in written content.

  • Employees are granted the use of AI for meeting assistance, encompassing activities such as summarizing meeting notes, generating agendas, and performing other meeting-related functions. This authorization aims to streamline and improve the efficiency of meeting preparations and post-meeting tasks through the capabilities of AI.

  • Employees are encouraged to utilize AI for learning and training purposes, fostering continuous growth and development. This endorsement aims to empower employees by leveraging AI tools to enhance their knowledge and skills, contributing to ongoing professional development.

  • Employees are permitted to utilize AI for code assistance while maintaining strict adherence to confidentiality standards, ensuring that no company intellectual property or source code is inadvertently disclosed. This authorization seeks to enhance coding efficiency while emphasizing the importance of safeguarding proprietary information and maintaining a secure coding environment.

  • Employees are authorized to employ AI for customer support, addressing inquiries from customers and assisting with interactions, including those with dissatisfied clients. This usage is intended to enhance customer service responsiveness, manage challenging situations, and contribute to building positive client relationships through efficient support mechanisms.

  • Employees are empowered to utilize AI for project management tasks, including formatting plans, scheduling, and ensuring clarity of project scopes. This endorsement aims to enhance project efficiency and organization by leveraging AI capabilities for various aspects of project planning and execution.

  • Employees are encouraged to leverage AI for idea generation in, but not limited to, brainstorming ideas for marketing campaigns, corporate events, and event planning. This utilization aims to foster creativity and innovation within the team, enhancing the ideation process for various initiatives.

Unacceptable Use

The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities.

Under no circumstances is an employee of HealthLink Dimensions authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing HealthLink Dimensions-owned resources.

The lists below are by no means exhaustive but attempt to provide a framework for activities which fall into the category of unacceptable use.

The following activities are strictly prohibited, with no exceptions:

  • Artificial Intelligence should not be used to make decisions that exhibit biased behavior or discrimination against certain groups based on protected characteristics.

  • Employees are explicitly prohibited from prompting any confidential information belonging to the company, including intellectual property (e.g. source code), sensitive data, and proprietary knowledge, which could potentially jeopardize the organization's security.

  • Employees are responsible for adhering to standard Copyright policies and regulations if the content generated by Artificial Intelligence is a protected and registered intellectual property. Contents generated by AI are trained on public data that may be copyrighted.

  • Employees are prohibited from utilizing AI for generating or writing prompts that are harassing, discriminatory (based on race, gender, age, or demographics), or offensive towards colleagues, clients, groups of individuals, or the organization.

  • Employees are expressly forbidden from deploying AI for unethical decision-making or seeking justification for unethical actions based on the suggestions provided by the model.

  • Utilizing AI to generate content without providing proper attribution, thereby leading to plagiarism or the unauthorized use of copyrighted material, is strictly prohibited.

  • Engaging in inappropriate requests or utilizing AI to generate content that violates the company's code of conduct or policies is strictly prohibited.

  • Any attempt to use AI for gaining unauthorized access to systems, networks, or workplace information is strictly prohibited.

  • Engaging in activities with AI that violate Federal, State, and Local legal standards, industry regulations, or compliance requirements applicable to the organization is prohibited.

Policy Compliance

Compliance Measurement

The IT team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

Exceptions

Any exception to the policy must be approved by the IT team in advance.

  • To initiate the approval process for unapproved AI programs, a 'Tech Support' JIRA ticket must be submitted to the IT team (itsupport@healthlinkdimensions.com).
    The ticket should contain:

    • Direct link to the AI program

    • Concise description of the program

    • Specific business application

  • Upon submission, the IT Team will conduct a comprehensive security assessment to determine approval.
    Note: Please be advised that the IT Team may require up to 3 business days to reach a decision on each ticket.

  • In an emergency, the standard AI program approval process is modified to an expedited review. This review will be conducted as quickly as possible, balancing urgency with due diligence.

  • A request for an expedited review must be submitted to the IT team, clearly stating the nature of the emergency and the reasons why the standard process cannot be followed. Ensure to send an email to the IT Team for visibility.

Note: Please be advised that the IT Team is committed to making an expedited decision, ensuring a response within 36 hours.

Approved AI Programs

AI programs are subject to an approval process, and the list of permissible AI applications is subject to modification.

Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Copyright Regulations

Ownership

  • Although subject to change, OpenAI does not claim ownership of the content generated by individual users and users have the copyright and ownership of the outputs they receive from ChatGPT based on their prompts.

  • Copyright policies should be enforced onto users as the contents generated by Artificial Intelligence based on Copyrighted contents. HealthLink Dimensions employees should follow standard Copyright requirements.

  • Images generated by Artificial Intelligence, as of 01/11/24, are not copyrighted by the AI company and therefore do not need to follow standard image copyright regulations.

  • As of 01/11/24, Artificial Intelligence Users and AI company are liable for violation of Artificial Intelligence generated response’s copyright infringement.

IT Security Compliance

HealthLink Dimensions' IT Team is dedicated to ensuring compliance through a series of measures.

Compliance Controls

  • User Training and Awareness

    • HealthLink Dimensions is committed to providing comprehensive training to employees on acceptable use policies and guidelines.

  • Access Controls

    • The IT team will diligently implement access controls, ensuring that usage is restricted to authorized users and only approved AI programs are employed.

    • Robust monitoring and logging mechanisms will be established by the IT team to track and address any unusual or suspicious activities promptly.

    • Content filtering tools will be actively employed to identify and block inappropriate or sensitive content, maintaining a secure environment.

    • Security measures will be in place to prevent authorized AI programs from utilizing HealthLink Dimensions’ proprietary information for training purposes.

AI Approved Security Assessment

The following outlines the key areas of security assessment to be conducted by the IT Team:

  • Data Privacy Compliance: Ensure the AI program adheres to all relevant data privacy laws and regulations, protecting user data and respecting privacy rights. Ensure that AI program does not train on user generated prompts.

  • Vulnerability Analysis: Conduct thorough security vulnerability assessments to identify and mitigate potential weaknesses in the AI program’s infrastructure.

  • Access Control Review: Assess the program's access control mechanisms to ensure that only authorized personnel can access sensitive functionalities and data.

  • Compliance with Industry Standards: Confirm that the AI program meets recognized industry security standards and best practices.

  • Data Encryption Standards: Verify that the AI program uses robust encryption methods to protect sensitive data, both in transit and at rest.

Definitions and Terms

The following definition and terms can be found in the SANS Glossary located at: https://www.sans.org/security-resources/glossary-of-terms/

  • Proprietary Information

  • Access Control

  • Virtual Private Network (VPN)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close