| Initiating body: | Office of Student Affairs |
|---|---|
| Contact: | University Privacy Officer 438-8658 |
| Revised on: | 03/01/2003 |
Patient privacy is a high priority at Illinois State University. We have written policies and procedures designed to protect patient privacy and confidentiality. Copies of those policies and procedures can be found in the policy manuals of the units within the health care component. We take unauthorized release of our patients’ personal health information seriously. If any member of the Illinois State University health care component workforce observes or has knowledge of any unauthorized release of protected health information from Illinois State University, they must immediately report this release to the University Privacy Officer. Failure to do so may result in discipline as an accomplice to the unauthorized release.
All healthcare providers and members of the ISU workforce with access to protected health information, who fail to comply with privacy policies or procedures or with the requirements of the Health Insurance Portability and Accountability Act (HIPAA), will be subject to sanctions. These sanctions may range from verbal warning, written warning, probation, or termination of employment or contract. All healthcare providers and members of the ISU workforce with access to protected health information must adhere to this policy.
If it is determined by the Privacy Sanction Committee that a healthcare provider or member of the ISU workforce with access to protected health information does not understand or refuses to abide by Illinois State University, policies and procedures for maintaining the privacy and confidentiality of protected health information, it may be necessary for members of the workforce to be disciplined for violations of the privacy policies. The Privacy Sanction Committee shall determine the severity of the punishment based on the severity of the unauthorized release and University policy. The workforce member, who violated the HIPAA Privacy Rules, can appeal the imposed sanction via the University grievance process for their employment group (i.e., Civil Service, Administrative Professional, Union, Faculty, Student, etc.). The Grievance Procedures list the various ways to file a complaint.
The Privacy Sanction Committee members are appointed by the President in order to ensure compliance with HIPAA. This committee is Chaired by the Vice-President of Student Affairs. Committee members include the University Privacy Officer, Director of Student Health Service, Civil Service Representative, Administrative Council Representative, Faculty Representative and a Student Representative. The Vice-President of Student Affairs, the Committee Chair, reports to the University President.
