Scribd Logo
Upload

Welcome to Scribd!

  • 25 views

    SP-Sample Employee Sanction Policy

    Uploaded by

    Tsunee

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    SP-Sample Employee Sanction Policy

    Uploaded by

    Tsunee
    25 views2 pages

    Original Title

    SP-Sample_Employee_Sanction_Policy.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    25 views2 pages

    SP-Sample Employee Sanction Policy

    Uploaded by

    Tsunee

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 2

    THIS IS A SAMPLE, MEANT TO GIVE GUIDANCE ONLY.

    SEEK ADVICE OF LEGAL COUNSEL OR OTHER COMPLIANCE


    PROFESSIONAL BEFORE IMPLEMENTING
    (Insert Practice Identifying Information)

    Sample Policy for:

    Employee Sanction Policy


    All practice team members must comply with all security policies and procedures for disciplinary action will be taken as
    shown below.

    As an employee of our practice, you must understand that the examples below are given as examples only and that
    there are other violations of HIPAA law that will be followed by disciplinary action. Disciplinary action is also dependent
    upon many variables; sanctions will be commensurate with the severity of noncompliance with our security policies and
    procedures on a case-by-case basis. The identification and definition of such sanctions will occur with the appropriate
    involvement as our compliance officer, office management and possibly legal counsel. All actions will be documented.

    All employees must report suspected or known practice team members who are noncompliant with policies and
    procedures. Our office will not intimidate or retaliate against any individual report acts or practices that are unlawful,
    provided the individual in good faith believes that the practice is unlawful and reporting such a case is reasonable and
    does not disclose PHI in violation of HIPAA law. In addition, sanctions will not be applied against whistleblowers were
    practice team member crime victims or disclosing PHI to further their own case.

    Incident Sanction
    Level 1: Accidental Breach Warning and Re-Education
    Possible Scenarios: A verbal warning will be documented
     Employee does not log off the computer after use in the employee’s file on the
     Employee faxes the wrong PHI to another practice disciplinary action form. Mandatory
     Employee forgets to get a signed acknowledgement of receipt of the re-education and training will occur
    Notice of Privacy Practices for the first offense. Continued
     Employee emails PHI to the wrong email address offensives will lead to progressive
    disciplinary action up to and
    including suspension and
    termination.
    Written Warning, Re-Education, and
    Level 2: Intentional Breach Without Harmful or Dishonest Intention
    Possible Suspension
    Possible Scenarios: A written warning will be
     Employee views patient records out of curiosity, not necessity documented in the employee’s file
     Employee shares PHI because the information is interesting or gossip- on the disciplinary action form.
    worthy, but not for treatment Mandatory re-education and training
     Employee shares computer password will occur for the first offense.
     Employee discusses confidential patient information in an unsecure area Continued offensives will lead to
    progressive disciplinary action up to
    and including suspension
    termination.
    Level 3: Willful or Intentional Breach with Harmful or Dishonest Intentions Termination
    Possible Scenarios:
     Using PHI for personal gain, such as marketing without an authorization A disciplinary action form will be
     Using PHI to cause harm, such as exposing information to unauthorized completed, termination will occur,
    individuals out of spite or dislike of the owner of the PHI. along with possible referral to law
     Gives access to a restricted area to an unauthorized individual enforcement.
     Gives access to PHI to an unauthorized individual

    ©2014 KMC University All Rights Reserved


    THIS IS A SAMPLE, MEANT TO GIVE GUIDANCE ONLY. SEEK ADVICE OF LEGAL COUNSEL OR OTHER COMPLIANCE
    PROFESSIONAL BEFORE IMPLEMENTING

    ©2014 KMC University All Rights Reserved

    You might also like