Policies & Forms Directory

University Equipment

POL - U1020

Employees who use University equipment are responsible for its care and security, while under their control. Employees are not permitted to use University equipment for personal reasons or take University equipment home unless authorized by their supervisor. Unauthorized use or removal of University property is cause for immediate dismissal.

Jun. 1, 2018

Change of Information Policy

POL - U1021

It is the responsibility of staff members to update relevant information such as address, telephone number or tax status, in applicable systems and if unable, the staff member shall notify the Human Resource Office of changes.

Jun. 1, 2018

Keys Policy

POL - U1022

The appropriate administrative head may authorize a key or keys to an employee for her/his office, classroom and building. The administrative head authorizing the keys is also responsible to make sure the keys are returned upon termination of the employee.

Key authorization forms are available from Facilities Management and on their website. The employee assumes responsibility for the security of the various keys he/she will need. Each key is for personal use in discharge of assigned duties. Under no circumstances will an individual have keys duplicated or permit them to be duplicated unless written permission has been granted by the Facilities Department.

Jun. 1, 2018

Thefts and Damage

POL - U1023

All thefts or damage to University property and all other thefts, which come to the attention of the University employees, are to be reported promptly to Campus Public Safety.

A form for such reports is available in the Office of Campus Public Safety.

Jun. 1, 2018

Animal Control Policy

POL - U1024

Pacific University campus animal policies shall be in conformity with state, county, and city ordinances and regulations. In conformity with Oregon Health regulations relative to food services, no animals are allowed in the University Center.

The President, or her/his designee, shall duly assign administrative responsibility to implement these policies. Violations of this animal policy may result in calling the appropriate authority requesting removal of the animal.

See other applicable Pet/Animal Policies: Service and Companion Animal Policy

Jun. 1, 2018

Identification Cards

POL - U1025

Identification (ID) cards (Boxer Cards) are issued to Pacific University employees. An ID card may be required for admission to or participation in University programs.

The University ID card also serves as a library card. ID cards are issued by Campus Public Safety.

Jun. 1, 2018

Use of University Vehicles

POL - U1026

The University maintains a fleet of vehicles for use by employees for official school functions. A mileage rate is charged back to the appropriate budget unit using the vehicles.

A copy of the complete Motor Pool Policy and Procedures can be obtained through the Facilities Office. All requests for vehicle use should be scheduled through the Facilities Office.  No personal use of University vehicles is allowed.

Jun. 1, 2018

Parking Policy

POL U-1027

Faculty, staff and students are expected to comply with campus parking rules and regulations. Parking permits and a copy of current parking regulations may be obtained from the Office of Campus Public Safety.

Parking Assessment Memo

Jun. 1, 2018

Office Space and Furnishings

POL - U1028

The assigning of office space and furnishings for academic personnel is a function of the dean of the appropriate college or school in consultation with the Vice President for Finance and Administration.

Office space and furnishings for non-academic administrators and staff are assigned by the appropriate department head in consultation with the Vice President for Finance and administration.

Jun. 1, 2018

Personnel Records

POL - U1030

Human Resources maintains the official personnel files for all current staff members and past employees to document benefits and employment related decisions and comply with federal and state record keeping requirements. Supervisors are discouraged from keeping informal files on employees, however it may be necessary for a supervisor to keep records concerning ongoing employee performance.

Staff members may have access to their personnel files. A staff member who wishes to review their personnel file should contact Human Resources to schedule a mutually convenient time when the file can be reviewed. The personnel file cannot be removed from the Human Resources Department. However, staff members may request copies of documents in the file. A reasonable charge will be made for copies requested by employees. The personnel file is the property of the University.

To ensure the confidentiality of personnel information, access to an employee’s personnel file is limited to the employee and authorized administrators and supervisors.

Jun. 1, 2018

Employment Verification Policy

POL - U1031

Pacific University will verify employment and respond to reference requests regarding current and former faculty and staff to outside organizations who request such information for credit or employment purposes.

Jun. 1, 2018

General Guidelines to Safeguard Protected Health Information - Policy

POL-COM4812

The purpose of this policy is to provide practical steps that workforce members can take to achieve the general limitations on the use and disclosure of protected health information (PHI) as required by the Health Insurance Portability and Accountability Act, HIPAA. 

The following guidelines are in accordance with the final Security Rule and consistent with the HIPAA privacy requirement to safeguard protected health information (PHI).  See 45 CFR § 164.530(c).  Use of these guidelines will improve the security of protected health information, and will also increase workforce awareness of the importance of keeping protected health information private.

Pacific University will use reasonable administrative, physical, and technical safeguards to protect the privacy of protected health information and limit incidental uses or disclosures of protected health information. All members of the Pacific University workforce will follow these guidelines in handling protected health information (PHI) in order to protect the privacy of protected health information and limit incidental uses and disclosures.

PUNet ID Required to review

Confidentiality Statement for Fax with PHI Template

Nov. 1, 2017

Healthcare Clinic Operations Workforce Training Policy

POL-COM4813

The purpose of this policy is to establish a standard for training for all new and existing members of the Pacific University Healthcare Clinic workforce. This policy will cover initial, as well as periodic re-training standards. All workforce members of Pacific University receive training on current Federal, State and other applicable healthcare regulations. 

The scope of this policy is all workforce members of Pacific University’s Healthcare Clinics. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University Healthcare Clinics” shall be construed to refer only to the health care component of Pacific University.

PUNet ID Required to review

Nov. 6, 2018

HIPAA Breach Notification Policy and Procedure

POL-COM4814

The purpose of this Policy is to set forth Pacific University’s process for addressing potential breaches of unsecured protected health information from incident discovery to investigation / risk assessment and potential notification. Pacific University has established a comprehensive HIPAA privacy and security program to prevent unauthorized access to protected health information (PHI). This policy sets forth Pacific's approach to investigating and responding to incidents that may involve unauthorized use or disclosure of PHI. 

It is the policy of Pacific University to be prepared for, to prevent and to respond to information security incidents. Once a security incident is suspected and reported to the privacy officer, he/she will analyze the available information in order to determine if the security incident constitutes a data breach as defined by the HIPAA Omnibus Rule. If it is determined that a breach has occurred, procedures to mitigate the harmful effects of the incidents including containing and eradicating the incident, will be put into place. Security incidents and their outcomes will be documented and stored electronically in a secure location.

PUNet ID Required to review

Nov. 6, 2018

Business Associate Agreements (BAAs) Policy

POL-COM4808

The HIPAA rules generally require that covered entities enter into contracts with their business associates to ensure that each party will appropriately safeguard protected health information. The business associate contract also serves to clarify and limit, as appropriate, the permissible uses and disclosures of protected health information by the business associate, based on the relationship between the parties and the activities or services being performed by the business associate.  A business associate may use or disclose protected health information only as permitted or required by its business associate contract or as required by law.

The scope of this policy is all workforce members of Pacific University’s health care component. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care component of Pacific University.

Business associate agreements must be in writing and must include terms authorized and approved by the Privacy Office and Legal Affairs, in order to maintain compliance with federal and state privacy regulations. When Pacific University enter into agreements with outside vendors involving the vendor’s access or exposure to information considered to be protected health information (PHI), pursuant to the Health Information Privacy and Portability Act (HIPAA), a BAA is required. 

PUNet ID Required to review

Supplemental Documents:

Business Associate Decision Tree
Business Associate FAQ
Business Associates Procedure Outline
Business Associate Agreement Template

Nov. 7, 2018

Clinical Observers, Visitors, and Volunteers Policy

POL-COM4809

The purpose of this policy is to describe the policy and procedure for requesting and approving access for authorizing short-term access to patient care areas or to view patient care.

Pacific University has established a comprehensive HIPAA privacy and security program to prevent unauthorized access to protected health information (PHI). This policy sets forth Pacific's approach for any person, invited or otherwise authorized to enter Pacific University patient-care areas or to view patient care in any Pacific University Healthcare clinical location, who is not formally associated with the Pacific University Healthcare clinical workforce.

Any person, invited or otherwise authorized to enter Pacific University Healthcare Clinic patient-care areas or to view patient care in any Pacific University Healthcare clinical location, who is not formally associated with the Pacific University Healthcare clinical workforce, must be accounted for, either by a formal registration process, or a more informal approval process for short-term access to patient care areas. Such visitors must be accompanied and/or supervised by a Pacific University representative from the patient care area or location at all times. The Pacific University Healthcare Clinic representative is responsible for the actions of the visitor, including any direct or indirect access to protected health information (PHI).

PUNet ID Required to review

Form - Request to Observe Patient Care

Feb. 1, 2018

Job Shadow Agreement for Minor - Form

FRM-COM4822

Required document for providing a Job Shadow opportunity as a learning experience to a minor student. Form must be signed.

PUNet ID required to review

Nov. 7, 2018

Minimum Necessary Policy

POL-COM4823

The purpose of this policy is to establish Pacific University's compliance with federal HIPAA regulations 45 CFR §§ 164.502(b) and 164.514(d), which require covered entities to make reasonable efforts to limit the use and disclosure of PHI to the minimum necessary. Information systems, including electronic health records contain more protected health information (PHI) than may be needed for a given purpose or disclosure. This policy governs the use and disclosure of PHI so that only the minimum amount of PHI is used when needed.

The scope of this policy is all workforce members of Pacific University’s health care component. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care component of Pacific University.

PUNet ID required to review

Nov. 7, 2018

Patient Complaints About Privacy Practices - Policy and Procedure

POL-COM4825

In accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pacific University patients may complain about how Pacific University uses and discloses their Protected Health Information (PHI). All patient complaints will be submitted to the HIPAA Privacy Officer for investigation and resolution. (See the policy document for procedures on submitting a complaint.)

Pacific University has established a comprehensive HIPAA privacy and security program to prevent unauthorized access to protected health information (PHI). This policy sets forth Pacific's approach to investigating and responding to patient complaints about privacy practices. This policy applies to the workforce members of Pacific University’s Healthcare Clinics.  Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care components of Pacific University.

 

Nov. 1, 2017

Policy Governing Identity Theft Prevention Program and Red Flag Guidelines

POL-FA4001

The purpose of this policy is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide for continued administration of the Program. Further, the efforts and resources committed must be appropriate to the size and complexity of the organization and the nature and scope of its activities. The Program shall include reasonable policies and procedures to:

  1. Identify relevant red flags to ensure the detection of possible risk of identity theft to customers and incorporate those red flags into the Program;
  2. Detect red flags that have been incorporated into the Program;
  3. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
  4. Ensure the Program is updated periodically to reflect changes in risks to customers and to the safety and soundness of the creditor from identity theft

Administration of the Program is with the Vice President of Finance and Administration in development, implementation and oversight. This includes ongoing staff training and oversight of service provider arrangements to ensure compliance.

Pacific University developed this identity Theft Prevention Program (“Program”) pursuant to the Federal Trade Commission’s Red Flags Rule, which implements Section 114 of the Fair and Accurate Credit Transactions Act (FACT ACT) of 2003. This program was received and reviewed by the Executive Committee of the Board of Trustees on April 13th, 2009. The program was then sent to the Finance Committee to review on May 22, 2009. The Finance Committee forwarded the policy to the Audit Committee for approval. After consideration of the size of the University’s operations and accounting systems, and the nature and scope of the University’s activities, the Audit Committee determined that this Program was appropriate for Pacific University, and therefore approved this Program on June 10, 2009.

Policy requires PUNet ID to review.

Jun. 10, 2009

Pages