User login

Close
 

Privacy and Information Security Sanction

Privacy and Information Security Sanction Policy

 

 

Effective Date: November 2018

 

 Policy Statement

 

All workforce members, including faculty, staff, and students, are expected to comply with the organization’s Privacy and Information Security policies and the HIPAA Rules. Workforce members shall be subject to sanctions up to and including termination for failure to comply with the established policies and procedures or the HIPAA Rules.

 

 Violations of Privacy or Information Security policies and procedures or the HIPAA Rules will result in an appropriate sanction to be determined on a case by case basis, depending on the severity of the violation, whether the violation was intentional or unintentional, whether the violation indicates a pattern or practice of improper use or disclosure of PHI, and other relevant considerations.

 

 Reason(s) for the Policy

 

The purposes of this policy are (1) to provide a framework of appropriate and consistent sanctions for violations of Privacy and Information Security policies and procedures and the HIPAA Rules and in line with any related Human Resource disciplinary policies and (2) to inform workforce members of CUHC’s sanction policy, which will be enforced against workforce members in violation of the organization’s Privacy and Information Security policies or the HIPAA Rules.

 

 Primary Guidance to Which This Policy Responds

 

45 C.F.R. §§ 164.308(a)(1)(ii)(C), 164.530(e)(1)

 

 Responsible University Office & Officer

 

Office of HIPAA Compliance, Chief Privacy Officer

Human Resources, Chief Human Resources Officer

Office of Faculty Affairs, Vice Dean for Faculty Affairs

CUMC Information Security Office, Chief Information Security Officer

 

Schools:

CUMC Medical, Dental, Nursing and Public Health, Student Dean(s)

 

Revision History

 

Issued: December 2003

 

Revised: October 2007, February 2010, November 2011, November 2012, November 2015, November 2018

 

 

To see the full text of this policy, please use the link on the right.