Employee Handbook

14.30 Discipline Policy

14.30.1 Policy Statement

HIPAA requires that the Health Plan discipline individuals subject to, but who fail to, comply with HIPAA's requirements as reflected in the Health Plan's privacy policies and procedures. The purpose of this Discipline Policy is to establish guidelines for the disciplinary processes.

14.30.2 Policy Interpretation and Implementation

Discipline Policy

A failure to comply by an individual subject to the Health Plan's policies and procedures, or with the provisions of HIPAA, will be addressed in a timely manner. Specific disciplinary actions to be taken will be determined by the severity of the infraction.

 

 

Discipline Procedure

Complaints or allegations against an individual will be discussed with the individual in question by the Privacy Officer and, if deemed appropriate, will be investigated by the Privacy Officer.

In general, a known or intentional infraction of the Health Plan's policies and procedures, or of HIPAA's provisions, will result in:

  • First offense: Oral counseling by the Privacy Officer, and written documentation in the individual's file.
  • Second offense: Oral counseling by the Privacy Officer, and a written warning.
  • Third offense: Discipline up to and including probation, suspension or termination of employment.

 

 

Intentional Misuse

In general, intentional misuse or abuse of PHI will result in:

  • First offense: Oral counseling by the Privacy Officer, and written documentation in the individual's file.
  • Second offense: Oral counseling by Privacy Officer, and a written warning.
  • Third offense: Discipline up to and including probation, suspension or termination of employment.

Notwithstanding items 3 and 4, the Privacy Officer retains discretion to deviate based on the particular facts and circumstances. Each infraction will be handled on an individual basis to ensure that disciplinary actions are appropriate.

 

 

Record Retention

A copy of all HIPAA covered information and any revisions shall be maintained for a period of at least six (6) years. Such retention may be in printed or electronic format, or both.

 

 

Privacy Officer

The Privacy Officer is responsible for the development and implementation of the HIPAA policies and procedures. The Privacy Officer is also the contact person for any questions or complaints regarding HIPAA. Questions or concerns about HIPAA rights should be directed to the Privacy Officer during regular business office hours Monday through Friday, except holidays, at (651) 696-6280.