Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
THIS IS A SAMPLE, MEANT TO GIVE GUIDANCE ONLY. SEEK ADVICE OF LEGAL COUNSEL OR OTHER COMPLIANCE PROFESSIONAL BEFORE IMPLEMENTING (Insert Practice Identifying Information) Sample Policy for: Employee Sanction Policy All practice team members must comply with all security policies and procedures for disciplinary action will be taken as shown below. As an employee of our practice, you must understand that the examples below are given as examples only and that there are other violations of HIPAA law that will be followed by disciplinary action. Disciplinary action is also dependent upon many variables; sanctions will be commensurate with the severity of noncompliance with our security policies and procedures on a case-by-case basis. The identification and definition of such sanctions will occur with the appropriate involvement as our compliance officer, office management and possibly legal counsel. All actions will be documented. All employees must report suspected or known practice team members who are noncompliant with policies and procedures. Our office will not intimidate or retaliate against any individual report acts or practices that are unlawful, provided the individual in good faith believes that the practice is unlawful and reporting such a case is reasonable and does not disclose PHI in violation of HIPAA law. In addition, sanctions will not be applied against whistleblowers were practice team member crime victims or disclosing PHI to further their own case. Incident Level 1: Accidental Breach Possible Scenarios: Employee does not log off the computer after use Employee faxes the wrong PHI to another practice Employee forgets to get a signed acknowledgement of receipt of the Notice of Privacy Practices Employee emails PHI to the wrong email address Level 2: Intentional Breach Without Harmful or Dishonest Intention Possible Scenarios: Employee views patient records out of curiosity, not necessity Employee shares PHI because the information is interesting or gossipworthy, but not for treatment Employee shares computer password Employee discusses confidential patient information in an unsecure area Level 3: Willful or Intentional Breach with Harmful or Dishonest Intentions Possible Scenarios: Using PHI for personal gain, such as marketing without an authorization Using PHI to cause harm, such as exposing information to unauthorized individuals out of spite or dislike of the owner of the PHI. Gives access to a restricted area to an unauthorized individual Gives access to PHI to an unauthorized individual Sanction Warning and Re-Education A verbal warning will be documented in the employee’s file on the disciplinary action form. Mandatory re-education and training will occur for the first offense. Continued offensives will lead to progressive disciplinary action up to and including suspension and termination. Written Warning, Re-Education, and Possible Suspension A written warning will be documented in the employee’s file on the disciplinary action form. Mandatory re-education and training will occur for the first offense. Continued offensives will lead to progressive disciplinary action up to and including suspension termination. Termination A disciplinary action form will be completed, termination will occur, along with possible referral to law enforcement. ©2014 KMC University All Rights Reserved THIS IS A SAMPLE, MEANT TO GIVE GUIDANCE ONLY. SEEK ADVICE OF LEGAL COUNSEL OR OTHER COMPLIANCE PROFESSIONAL BEFORE IMPLEMENTING ©2014 KMC University All Rights Reserved