Policies, Agreements, Terms & Conditions
MedStack Technology Compliance Policies
Disciplinary process
Appropriate, fair and consistent sanctions can
- have a deterrent influence on workforce transgressions
- help prevent breaches of PHI
- help prevent, or reduce the severity, of compliance violations
Apply appropriate sanctions
- for significant failures to follow established policies and procedures, or commit various offenses.
- based on the nature and severity of the error or offense
- use an escalating scale of sanctions based on the highest category level of risk
- less severe sanctions applied to less severe errors and offenses
- more severe sanctions applied to more severe errors and offenses
- regardless of the employee’s position in the company
Determine sanction severity based on the following factors
- Exposure: How much external exposure to sanctions for the organization
- Number involved: How many systems, how much data, how many patients affected, etc.
- Purpose: Ignorance or lack of education; Snooping or curiosity; Malice, sale, or personal gain
- Special Protection: Does the incident involve elements with special protection under the law.
Apply sanctions in increasing order of severity
- Disciplinary process
- Made an example of
- Probation
- Suspension without pay
- Termination
- Notify appropriate law enforcement authorities for offenses involving obvious illegal activity.
Do not apply sanctions
- For investigations of disclosures by whistleblowers or victims of a crime
- For disclosures of information to an authority as required by law
- To retaliate in case of permitted investigations and disclosures
Immediate termination is justified for
- theft of company resources
- intentional lying or deception
- drug or alcohol abuse while on the job
- violence against persons or property
Incidents involving customers or suppliers
- If the incident poses a threat
- Limit the access of those involved to protect sensitive assets.
- Customers
- Report the incident to the customer organization.
- Vendors
- Pursue remedies defined by the contract with the supplier.
Enforcement
- Responsible party: All managers and supervisors
- sanctions: standard
References
Code | Section | Title |
---|---|---|
ISO | A.7.2.3 | Disciplinary process |
HIPAA | 164.308(a)(1)(ii)(C) | Sanction policy |
SOC2 | CC1.1 | COSO Principle 1: The entity demonstrates a commitment to integrity and ethical values. |
SOC2 | CC1.5 | COSO Principle 5: The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives. |
SOC2 | CC1.5 | COSO Principle 5: The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives. |
Life Support Mental Health Inc. @ 2023
All Rights Reserved