Written Policies & Accountability — §11.10(j)

Written Policies Holding Individuals Accountable. The organization shall establish and maintain written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification, in accordance with §11.10(j). These policies shall include: (a) a clear statement that electronic signatures are the legally binding equivalent of handwritten signatures and that signing an electronic record carries the same legal weight and accountability as signing a paper record; (b) a prohibition against the falsification, alteration, or misuse of electronic records and electronic signatures, and a statement that such actions may constitute violations of federal law subject to criminal penalties under 18 U.S.C. § 1001 and other applicable statutes; (c) a prohibition against sharing, lending, or allowing another individual to use one's electronic signature credentials (user identification code and password or other authentication mechanism); (d) a requirement that each individual safeguard their electronic signature credentials and immediately report any suspected compromise to the system administrator and the Quality Unit; (e) a description of the disciplinary actions that may be imposed for violations of these policies, up to and including termination of employment and referral for criminal prosecution; (f) a requirement that each individual who uses electronic signatures sign a written acknowledgment confirming that they understand the legal significance and binding nature of electronic signatures, and that they agree to abide by the organization's policies; and (g) these policies shall be communicated to all affected personnel, and compliance shall be verified through periodic audits and management review.