Download Sample Employee Sanctions Policy

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts

Information privacy law wikipedia , lookup

Medical privacy wikipedia , lookup

Transcript 
THIS IS A SAMPLE, MEANT TO GIVE GUIDANCE ONLY. SEEK ADVICE OF LEGAL COUNSEL OR OTHER COMPLIANCE
PROFESSIONAL BEFORE IMPLEMENTING
(Insert Practice Identifying Information)
Sample Policy for:
Employee Sanction Policy
All practice team members must comply with all security policies and procedures for disciplinary action will be taken as
shown below.
As an employee of our practice, you must understand that the examples below are given as examples only and that
there are other violations of HIPAA law that will be followed by disciplinary action. Disciplinary action is also dependent
upon many variables; sanctions will be commensurate with the severity of noncompliance with our security policies and
procedures on a case-by-case basis. The identification and definition of such sanctions will occur with the appropriate
involvement as our compliance officer, office management and possibly legal counsel. All actions will be documented.
All employees must report suspected or known practice team members who are noncompliant with policies and
procedures. Our office will not intimidate or retaliate against any individual report acts or practices that are unlawful,
provided the individual in good faith believes that the practice is unlawful and reporting such a case is reasonable and
does not disclose PHI in violation of HIPAA law. In addition, sanctions will not be applied against whistleblowers were
practice team member crime victims or disclosing PHI to further their own case.
Incident
Level 1: Accidental Breach
Possible Scenarios:
 Employee does not log off the computer after use
 Employee faxes the wrong PHI to another practice
 Employee forgets to get a signed acknowledgement of receipt of the
Notice of Privacy Practices
 Employee emails PHI to the wrong email address
Level 2: Intentional Breach Without Harmful or Dishonest Intention
Possible Scenarios:
 Employee views patient records out of curiosity, not necessity
 Employee shares PHI because the information is interesting or gossipworthy, but not for treatment
 Employee shares computer password
 Employee discusses confidential patient information in an unsecure area
Level 3: Willful or Intentional Breach with Harmful or Dishonest Intentions
Possible Scenarios:
 Using PHI for personal gain, such as marketing without an authorization
 Using PHI to cause harm, such as exposing information to unauthorized
individuals out of spite or dislike of the owner of the PHI.
 Gives access to a restricted area to an unauthorized individual
 Gives access to PHI to an unauthorized individual
Sanction
Warning and Re-Education
A verbal warning will be documented
in the employee’s file on the
disciplinary action form. Mandatory
re-education and training will occur
for the first offense. Continued
offensives will lead to progressive
disciplinary action up to and
including suspension and
termination.
Written Warning, Re-Education, and
Possible Suspension
A written warning will be
documented in the employee’s file
on the disciplinary action form.
Mandatory re-education and training
will occur for the first offense.
Continued offensives will lead to
progressive disciplinary action up to
and including suspension
termination.
Termination
A disciplinary action form will be
completed, termination will occur,
along with possible referral to law
enforcement.
©2014 KMC University All Rights Reserved
THIS IS A SAMPLE, MEANT TO GIVE GUIDANCE ONLY. SEEK ADVICE OF LEGAL COUNSEL OR OTHER COMPLIANCE
PROFESSIONAL BEFORE IMPLEMENTING
©2014 KMC University All Rights Reserved
Related documents
STUDENT COMPUTER USE
STUDENT COMPUTER USE
Rubrics for Statements of Teaching Philosophy
Rubrics for Statements of Teaching Philosophy
Potential Sanctions for Privacy and Security
Potential Sanctions for Privacy and Security
Phi, Fibonacci, and 666
Phi, Fibonacci, and 666
here - Phi Beta Psi Sorority
here - Phi Beta Psi Sorority
MATCHING GAME FOR STANDARDS AND DEFINITION TERMS
MATCHING GAME FOR STANDARDS AND DEFINITION TERMS
Phi - Business AllStars
Phi - Business AllStars
The Golden Mean (Part 1)
The Golden Mean (Part 1)
Alyeska Physical Therapy Wasilla, Alaska providing quality physical
Alyeska Physical Therapy Wasilla, Alaska providing quality physical
barbara winter, ph
barbara winter, ph
Finally, the Final HIPAA/HITECH Regulations are Here!
Finally, the Final HIPAA/HITECH Regulations are Here!
Privacy Policy - Breathe Again Counseling
Privacy Policy - Breathe Again Counseling
GYN Forms - Delisa Skeete Henry
GYN Forms - Delisa Skeete Henry
Cytosolic pH and the inflammatory
Cytosolic pH and the inflammatory