Use of University Vehicles
POL - U1026
The University maintains a fleet of vehicles for use by employees for official school functions. A mileage rate is charged back to the appropriate budget unit using the vehicles.
A copy of the complete Motor Pool Policy and Procedures can be obtained through the Facilities Office. All requests for vehicle use should be scheduled through the Facilities Office. No personal use of University vehicles is allowed.
|
Parking Policy
POL U-1027
Faculty, staff and students are expected to comply with campus parking rules and regulations. Parking permits and a copy of current parking regulations may be obtained from the Office of Campus Public Safety.
Parking Assessment Memo
|
Office Space and Furnishings
POL - U1028
The assigning of office space and furnishings for academic personnel is a function of the dean of the appropriate college or school in consultation with the Vice President for Finance and Administration.
Office space and furnishings for non-academic administrators and staff are assigned by the appropriate department head in consultation with the Vice President for Finance and administration.
|
Personnel Records
POL - U1030
Human Resources maintains the official personnel files for all current staff members and past employees to document benefits and employment related decisions and comply with federal and state record keeping requirements. Supervisors are discouraged from keeping informal files on employees, however it may be necessary for a supervisor to keep records concerning ongoing employee performance.
Staff members may have access to their personnel files. A staff member who wishes to review their personnel file should contact Human Resources to schedule a mutually convenient time when the file can be reviewed. The personnel file cannot be removed from the Human Resources Department. However, staff members may request copies of documents in the file. A reasonable charge will be made for copies requested by employees. The personnel file is the property of the University.
To ensure the confidentiality of personnel information, access to an employee’s personnel file is limited to the employee and authorized administrators and supervisors.
|
Employment Verification Policy
POL - U1031
Pacific University will verify employment and respond to reference requests regarding current and former faculty and staff to outside organizations who request such information for credit or employment purposes.
|
General Guidelines to Safeguard Protected Health Information - Policy
POL-COM4812
The purpose of this policy is to provide practical steps that workforce members can take to achieve the general limitations on the use and disclosure of protected health information (PHI) as required by the Health Insurance Portability and Accountability Act, HIPAA.
The following guidelines are in accordance with the final Security Rule and consistent with the HIPAA privacy requirement to safeguard protected health information (PHI). See 45 CFR § 164.530(c). Use of these guidelines will improve the security of protected health information, and will also increase workforce awareness of the importance of keeping protected health information private.
Pacific University will use reasonable administrative, physical, and technical safeguards to protect the privacy of protected health information and limit incidental uses or disclosures of protected health information. All members of the Pacific University workforce will follow these guidelines in handling protected health information (PHI) in order to protect the privacy of protected health information and limit incidental uses and disclosures.
PUNet ID Required to review
Updated May 2023
Confidentiality Statement for Fax with PHI Template (Updated April 2023)
|
Healthcare Clinic Operations Workforce Training Policy
POL-COM4813
The purpose of this policy is to establish a standard for training for all new and existing members of the Pacific University Healthcare Clinic workforce. This policy will cover initial, as well as periodic re-training standards. All workforce members of Pacific University receive training on current Federal, State and other applicable healthcare regulations.
The scope of this policy is all workforce members of Pacific University’s Healthcare Clinics. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University Healthcare Clinics” shall be construed to refer only to the health care component of Pacific University.
PUNet ID Required to review
Updated August 2023
|
HIPAA Incident Reporting and Breach Notification Policy and Procedure
POL-COM4814
The purpose of this policy is to set forth Pacific University’s process for addressing potential breaches of unsecured protected health information from incident discovery to investigation / risk assessment and potential notification. Pacific University has established a comprehensive HIPAA privacy and security program to prevent unauthorized access to protected health information (PHI). This policy sets forth Pacific's approach to investigating and responding to incidents that may involve unauthorized use or disclosure of PHI.
It is the policy of Pacific University to be prepared for, to prevent and to respond to information security incidents. Once a security incident is suspected and reported to the privacy officer, he/she will analyze the available information in order to determine if the security incident constitutes a data breach as defined by the HIPAA Omnibus Rule. If it is determined that a breach has occurred, procedures to mitigate the harmful effects of the incidents including containing and eradicating the incident, will be put into place. Security incidents and their outcomes will be documented and stored electronically in a secure location.
PUNet ID Required to review
Updated March 2023
|
Business Associate Agreements (BAAs) Policy
POL-COM4808
The HIPAA rules generally require that covered entities enter into contracts with their business associates to ensure that each party will appropriately safeguard protected health information. The business associate contract also serves to clarify and limit, as appropriate, the permissible uses and disclosures of protected health information by the business associate, based on the relationship between the parties and the activities or services being performed by the business associate. A business associate may use or disclose protected health information only as permitted or required by its business associate contract or as required by law.
The scope of this policy is all workforce members of Pacific University’s health care component. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care component of Pacific University.
Business associate agreements must be in writing and must include terms authorized and approved by the Privacy Office and Legal Affairs, in order to maintain compliance with federal and state privacy regulations. When Pacific University enter into agreements with outside vendors involving the vendor’s access or exposure to information considered to be protected health information (PHI), pursuant to the Health Information Privacy and Portability Act (HIPAA), a BAA is required.
PUNet ID Required to review.
Updated June 2022.
Supplemental Documents:
Business Associate Decision Tree Business Associate FAQ Business Associates Procedure Outline Business Associate Agreement Template
|
Clinical Observers, Visitors, and Volunteers Policy
POL-COM4809
The purpose of this policy is to describe the policy and procedure for requesting and approving access for authorizing short-term access to patient care areas or to view patient care.
Pacific University has established a comprehensive HIPAA privacy and security program to prevent unauthorized access to protected health information (PHI). This policy sets forth Pacific's approach for any person, invited or otherwise authorized to enter Pacific University patient-care areas or to view patient care in any Pacific University Healthcare clinical location, who is not formally associated with the Pacific University Healthcare clinical workforce.
Any person, invited or otherwise authorized to enter Pacific University Healthcare Clinic patient-care areas or to view patient care in any Pacific University Healthcare clinical location, who is not formally associated with the Pacific University Healthcare clinical workforce, must be accounted for, either by a formal registration process, or a more informal approval process for short-term access to patient care areas. Such visitors must be accompanied and/or supervised by a Pacific University representative from the patient care area or location at all times. The Pacific University Healthcare Clinic representative is responsible for the actions of the visitor, including any direct or indirect access to protected health information (PHI).
PUNet ID Required to review.
Updated February 2023.
Form - Request to Observe Patient Care
Form - Request to Volunteer
Form - Pacific University Healthcare Clinic HIPAA Information Guide
|
Job Shadow Agreement for Minor - Form
FRM-COM4822
Required document for providing a Job Shadow opportunity as a learning experience to a minor student. Form must be signed.
Updated 3-8-2022
PUNet ID required to review
|
Minimum Necessary Policy
POL-COM4823
The purpose of this policy is to establish Pacific University's compliance with federal HIPAA regulations 45 CFR §§ 164.502(b) and 164.514(d), which require covered entities to make reasonable efforts to limit the use and disclosure of PHI to the minimum necessary. Information systems, including electronic health records contain more protected health information (PHI) than may be needed for a given purpose or disclosure. This policy governs the use and disclosure of PHI so that only the minimum amount of PHI is used when needed.
The scope of this policy is all workforce members of Pacific University’s health care component. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care component of Pacific University.
PUNet ID required to review
Updated April 2023
|
Patient Complaints About Privacy Practices - Policy and Procedure
POL-COM4825
In accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pacific University patients may complain about how Pacific University uses and discloses their Protected Health Information (PHI). All patient complaints will be submitted to the HIPAA Privacy Officer for investigation and resolution. (See the policy document for procedures on submitting a complaint.)
Pacific University has established a comprehensive HIPAA privacy and security program to prevent unauthorized access to protected health information (PHI). This policy sets forth Pacific's approach to investigating and responding to patient complaints about privacy practices. This policy applies to the workforce members of Pacific University’s Healthcare Clinics. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care components of Pacific University.
Updated August 2023
|
Request for Restrictions of Use and Disclosure of Protected Health Information Policy
POL-COM4827
The purpose of this policy is to describe the patient right to request a restriction of use and disclosure of protected health information (PHI). HIPAA permits a patient to request that the covered entity restrict uses or disclosures of protected health information (PHI) about the patient to carry out treatment, payment, or health care operations.
The scope of this policy is all workforce members of Pacific University’s health care component. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care component of Pacific University.
PUNet ID required to review
Updated March 2023
Form - Request for Restriction Not to Bill Health Plan or Insurance (Updated August 2023)
Form - Request for Restrictions of Use and Disclosure of Protected Health Information (Updated September 2023)
|
Request to Amend Protected Health Information (PHI) Policy
POL-COM4828
The purpose of this policy is to describe a patient’s right to request an amendment of protected health information contained in the designated record set (DRS), and the process and timeline for replying to the request. HIPAA provides patients and their representatives certain rights. This policy describes a patient’s right to request an amendment of protected health information (PHI).
The scope of this policy is all workforce members of Pacific University’s health care component. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care component of Pacific University.
PUNet ID required to review
Updated August 2023
Form - Request to Amend PHI (Updated August 2023)
|
Information Technology Standard - HIPAA File Storage in Box - Policy
POL-COM4819
The purpose of this standard is to define approved methods for using box.com to ensure the integrity and confidentiality of protected health information (PHI) and other Pacific University confidential information while at rest and during transmission. This standard applies to all data that is considered Pacific University confidential information, including PHI, and is being stored in Box, regardless of its storage duration.
Business and instructional needs may require the storage of PHI in the box.com file storage and sharing service (Box). Box provides tools to ensure that PHI remains private and secure. This standard is designed to provide guidelines to Box users who are storing, sharing or accessing PHI in Box, to make best use of those tools to ensure the integrity, privacy and security of that information.
PUNet ID required to review
Updated September 2023
|
Information Technology Standard - Encryption Policy
POL-COM4820
The purpose of this standard is to define approved methods for using encryption technology to ensure the integrity and confidentiality of electronic protected health information (ePHI) and other Pacific University confidential information while at rest and during transmission. This standard applies to all data that is considered Pacific University confidential information, including ePHI when it is at rest, being processed, or transmitted between information technology resources.
Data encryption technology and mechanisms exist to help ensure the confidentiality and integrity of data. This standard is designed to help Pacific University’s UIS Department determine when it is necessary to utilize encryption, and what type and/or level of encryption to employ. Pacific University security standards for Encryption Technology are based upon industry standards, HIPAA, National Institute of Standards & Technologies (NIST) security guidelines, and existing Pacific University policies on Information Security.
PUNet ID required to review
Revised 2/8/2022
|
Information Technology Standard – Workstation Configuration Policy
POL-COM4821
This standard establishes a consistent set of minimum security measures required for computer workstations used within Pacific University. This standard also addresses standards for vendor and personally owned workstations when they are connected to Pacific University’s systems and networks.The elements of this standard include requirements for installation and configuration, access control, physical security, document storage, logging and monitoring, and change management. Pacific University security standards are based upon industry standards, HIPAA, National Institute of Standards & Technologies (NIST) security guidelines, and existing Pacific University policies on Information Security.
This standard applies to all Clinical workstation connected to the Pacific University network. All clinical workstations deployed run Windows and will be configured to policy requirements.
Updated 3-08-2022
PUNet ID required to review
|
HIPAA Privacy Sanctions Policy
POL-COM4815
The purpose of this Policy is to set forth Pacific University’s process for applying sanctions for violations of Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security policies. Pacific University has established a comprehensive HIPAA privacy and security program to prevent unauthorized access to protected health information (PHI). This policy sets forth Pacific's approach to applying consistent sanctions upon completion of investigations.
This policy applies to the workforce members of Pacific University’s Healthcare Clinics. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care components of Pacific University.
PUNet ID required to review.
Updated March 2023
Pacific University Sanctions MATRIX
|
Posthumous Degree Policy
POL-AA2002
The Posthumous Degree Policy articulates the criteria by which a posthumous degree can be awarded.
A PUNet ID is required to review this policy.
|