1 / 7

New Sanctions Guidelines

New Sanctions Guidelines. Stephanie Argoitia, MSW, JD, CIPP Information Security & Privacy Champion Meeting November 17, 2010. Policy 1-10, “Violations, Sanctions, and Mitigation”. Consistent with 45 CFR 164.530(e)(1) Part of required “complaint procedures” Ability to receive complaints

chalsie
Download Presentation

New Sanctions Guidelines

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New Sanctions Guidelines Stephanie Argoitia, MSW, JD, CIPP Information Security & Privacy Champion Meeting November 17, 2010

  2. Policy 1-10, “Violations, Sanctions, and Mitigation” • Consistent with 45 CFR 164.530(e)(1) • Part of required “complaint procedures” • Ability to receive complaints • Investigate • Impose sanctions for substantiated violations

  3. Complaint, Investigation, Sanctions Process • Suspected violation reported or identified during routine audits • Privacy/Security Officer conducts investigation • Privacy/Security Officer conducts interview with subject of the investigation in the presence of their supervisor • Substantiated violation reported in writing to supervisor and HR representative. **Sanctions are not determined by Information Security & Privacy Officers** • Supervisor and HR representative determine appropriate sanction based on employees performance over course of work history

  4. Evolution of Required Sanctions • Consequence not always consistent – varied from verbal warning to summary dismissal (2003) • Standardized consequence (2004) • Final written warning minimum • Beyond final written warning, HR & supervisor determined • Other options not available to supervisors & HR

  5. Today’s Model • Considerable research into other national/ institutional models • Approved by… • Sherri Hollingsworth, VP of HR • Tom Loverage, Director, HR • Office of General Counsel • Dr. Richard Sperry, Asso. VP of Hlth Sciences • Dr. Richard Botkin, VP of Research • John Stillman, Director, IRB

  6. Today’s Model (cont’d) • 3-Tiered • Sanction fits the level of severity of the violation • Tier 1 – inadvertent/careless • Tier 2 – knowingly violated policy • Tier 3 – personal gain/financial gain; egregious harm to the patient

  7. Today’s Model (cont’d) • Guidelines only • “Menu” of options so supervisor and HR representative can choose appropriate measure(s) • NOTE: **Sanctions are not determined by Information Security & Privacy Officers** • Consistent for Staff, Faculty, & Students

More Related