Add to collection(s) Add to saved
  1. No category

Standard Security #0001c - Workforce Sanctions

East Carolina University
HIPAA Security Standards
Subject: Workforce Sanctions
Standard #: Security-0001c
Supersedes:
Effective Date: April 21, 2005
Coverage: ECU Health Care Components
Page: 1 of 2
Approved:
Revised: December 9, 2010,
March 30, 2012, May 30, 2013
Review Date: May 30, 2013
HIPAA Security
Rule Language:
“Apply appropriate sanctions against workforce members who fail to
comply with the security policies and procedures of the covered entity.”
Regulatory
Reference:
45 CFR 164.308(a)(1)(ii)(C)
I.
PURPOSE
This standard reflects East Carolina University’s commitment to apply appropriate
sanctions against workforce members who fail to comply with its security policies and
procedures.
II.
AUTHORIZATION AND ENFORCEMENT
Health Care component management and/or administrator(s) are responsible for
monitoring and enforcing this policy, in consultation with the ECU IT Security Officer,
ECU HIPAA Security Officer, and ECU HIPAA Privacy Officer.
III. STANDARD
East Carolina University’s workforce members must comply with all applicable security
policies and procedures. ECU must have a formal, documented process for applying
appropriate sanctions to workforce members who do not comply with its security policies
and procedures. Sanctions must be commensurate with the severity of the noncompliance with university security polices and procedures.
IV. APPLICABILITY
This standard is applicable to all workforce members, departments, and health care
components that use or disclose electronic protected health information for any purposes.
This standard’s scope includes all protected health information in electronic form.
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only. All other rights reserved
Page 1 of 2
HIPAA Security Standard # 0001c: Workforce Sanctions
V.
PROCEDURE
1. ECU must have a formal, documented process for applying appropriate sanctions
against workforce members who do not comply with its security policies and procedures.
2. The identification and definition of such sanctions are defined in the applicable
ECU’s policies to include but are not limited to the ECU Academic Computer Use Policy
and University Student and Employee Computer Use Policy.
3. Sanctions can include but are not limited to:
a.
b.
c.
d.
Suspension
Required retraining
Letter of reprimand
Termination
VI. COORDINATING INSTRUCTIONS
1. All section policies, standards and procedures will be reviewed annually. Every
section policy, standards and procedure revision/replacement will be maintained for a
minimum of six years from the date of its creation or when it was last in effect,
whichever is later. Other East Carolina University, University of North Carolina
system, or state of North Carolina requirements may stipulate a longer retention.
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only. All other rights reserved
Page 2 of 2
Related documents
EAST CAROLINA UNIVERSITY HEALTH CARE COMPONENTS Request for Alternate Communication NOTICE TO PATIENT:
EAST CAROLINA UNIVERSITY HEALTH CARE COMPONENTS Request for Alternate Communication NOTICE TO PATIENT:
Form App-111 - South Carolina Department of Employment and
Form App-111 - South Carolina Department of Employment and
Document15457473 15457473
Document15457473 15457473
Student Financial Assistance Form
Student Financial Assistance Form
ECU/Operation LINK Privacy Statement
ECU/Operation LINK Privacy Statement
Download