Operational
INTRODUCTION
Bethany Christian Services has adopted this Sanction Policy to comply with our duties under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Department of Health and Human Services (DHHS) security and privacy regulations, the Council on Accreditation (COA) standards, as well as our duty to protect the confidentiality and integrity of verbal, electronic, or printed client information as required by law and professional ethics.
POLICY
It is the policy of Bethany Christian Services to ensure that confidential client information or other sensitive information is safeguarded by employees and contractors, and that when integrity, security or confidentiality is breached, whether due to willful or negligent behavior, the violation will not be tolerated. Examples of such breaches can be caused by verbal, written, electronic communications or other actions that fail to protect confidentiality. Such breaches can include, but are not limited to, negligent violation of HIPAA, use or destruction of computer equipment or data, violation of security regulations, or any other federal or state law or standards that protects the integrity and confidentiality of client information.
Sanctions for the breach will result in Bethany Christian Services management imposing appropriate disciplinary actions for employees from verbal reprimand up to and including termination, professional discipline, and criminal prosecution.
Bethany Christian Services will seek to include such violations by contractors as grounds for termination of the contract and/or imposition of contract penalties.
Because violations may constitute a criminal offense under HIPAA, other federal laws such as the Federal Computer Fraud and Abuse Act of 1986, or state laws Bethany Christian services will cooperate with any law enforcement investigation or prosecution.
Because violations may also violate professional ethics guidelines, Bethany Christian Services will report such violations to appropriate licensure or accreditation agencies and will cooperate with any investigation or proceedings.
All personnel will comply with this policy, and all administrative and management Directors and Supervisors are responsible for enforcing this policy.
Nothing in this policy shall be construed as a contract between Bethany Christian Services and an employee, as conditions of employment, or as changing anemployee’s status from “at-will employee”. Bethany Christian Services retains the absolute right to terminate any employee at any time with or without good cause.
PROCEDURE
When a situation is suspected to breach the integrity or security of confidential client information or other sensitive information, the employee who identifies the situation is to immediately make a report to their Supervisor. (See Whistleblower Policy).
The Supervisor receiving the report will ensure a Bethany Christian Services Incident Report is completed. (See Incident Reporting Policy). Incident Reports are reviewed quarterly by Bethany Performance and Quality Improvement Committee (PQIC).
The Director of Human Resources will notify the HIPAA Security Officer and Privacy Officer if an investigation is required. These three staff members will complete a thorough and confidential investigation. A written report will be delivered to the employee’s Supervisor, Branch Director and Regional Director of Operations. It will include if notification must be reported to law enforcement, licensure or accreditation agencies for investigation.
The Supervisor will discuss the situation with the Branch Director, and the Director of Human Resources to carry out disciplinary actions by referencing Bethany Christian Services Employee Handbook. Progressive disciplinary actions for individual infractions or repeated infractions could include:
- Verbal or written warning;
- Verbal or written reprimand;
- Loss of access;
- Suspension without pay;
- Demotion or;
- Termination of employment.
COA:RPM6,CR2,ETH5,HR5.02(a) (c) (d)
Approved: 6/8/09byLeadershipTeam
Approved: 5/12/2014 by the Senior Executive Team
Sanction Policy and ProcedurePage 1 of 2