MedStack Technology Compliance Policies

Disciplinary process

Appropriate, fair and consistent sanctions can

• have a deterrent influence on workforce transgressions
• help prevent breaches of PHI
• help prevent, or reduce the severity, of compliance violations

Apply appropriate sanctions

• for significant failures to follow established policies and procedures, or commit various offenses.
• based on the nature and severity of the error or offense
• use an escalating scale of sanctions based on the highest category level of risk
• less severe sanctions applied to less severe errors and offenses
• more severe sanctions applied to more severe errors and offenses
• regardless of the employee’s position in the company

Determine sanction severity based on the following factors

• Exposure: How much external exposure to sanctions for the organization
• Number involved: How many systems, how much data, how many patients affected, etc.
• Purpose: Ignorance or lack of education; Snooping or curiosity; Malice, sale, or personal gain
• Special Protection: Does the incident involve elements with special protection under the law.

Apply sanctions in increasing order of severity

• Disciplinary process
• Made an example of
• Probation
• Suspension without pay
• Termination
• Notify appropriate law enforcement authorities for offenses involving obvious illegal activity.

Do not apply sanctions

• For investigations of disclosures by whistleblowers or victims of a crime
• For disclosures of information to an authority as required by law
• To retaliate in case of permitted investigations and disclosures

Immediate termination is justified for

• theft of company resources
• intentional lying or deception
• drug or alcohol abuse while on the job
• violence against persons or property

Incidents involving customers or suppliers

• If the incident poses a threat
  • Limit the access of those involved to protect sensitive assets.
• Customers
  • Report the incident to the customer organization.
• Vendors
  • Pursue remedies defined by the contract with the supplier.

Enforcement

• Responsible party: All managers and supervisors
• sanctions: standard

References