Healthcare Billing and Compliance Standards

POL-COM4834

Pacific University Healthcare Clinic workforce members are committed to quality, honesty and integrity in our handling of billing and coding activities within the healthcare clinics.  We are committed to operate within the laws, rules, regulations, and policies set by the federal and state governments, insurance programs and Medicare/Medicaid carriers, fiscal intermediaries, and others.

All clinical billing and coding will be done in compliance with all applicable state and federal laws and regulations.  Pacific University follows the standards set forth by the Office of Inspector General (OIG) to identify areas of billing and coding at risk for non-compliance.  Pacific University workforce members will ensure their billing and coding is compliant with these standards.

Policy last updated in April 2024.
PUNID required to view policy.

Tuesday, Nov. 13, 2018

Healthcare Clinic Code of Conduct

POL-COM4802

The Code of Conduct provides guidance for professional conduct. The success and reputation of the university in fulfilling its mission depends on the ethical behavior, honesty, integrity and good judgment of each member of the community.

The Code of Conduct outlines principles, policies and some of the laws that govern the activities of the University and to which our employees who represent the University must adhere. Those acting on behalf of Pacific University Healthcare Clinic Operations have a general duty to conduct themselves in a manner that will maintain and strengthen the public’s trust and confidence in the integrity of the University and take no actions incompatible with their obligations to the University.

Those acting on behalf of the University in a capacity related to Health Care Clinics must practice and annually attest to and sign the Code of Conduct, Confidentiality of Records Agreement and Acknowledgement of Pacific University Healthcare Clinic Policies and Procedures.

PUNet ID Required to review
The form & policy were updated June 2024.

Healthcare Code of Conduct Form for Signature (6/2024)

Tuesday, Feb. 9, 2021

Healthcare Clinic Operations Workforce Training Policy

POL-COM4813

The purpose of this policy is to establish a standard for training for all new and existing members of the Pacific University Healthcare Clinic workforce. This policy will cover initial, as well as periodic re-training standards. All workforce members of Pacific University receive training on current Federal, State and other applicable healthcare regulations. 

The scope of this policy is all workforce members of Pacific University’s Healthcare Clinics. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University Healthcare Clinics” shall be construed to refer only to the health care component of Pacific University.

PUNet ID Required to review
Updated August 2023

Tuesday, Nov. 6, 2018

Healthy Meeting Policy

POL – U1006

The purpose of this policy is to provide an environment conducive to and supportive of health and well being for all Pacific University Faculty, Staff, Students, and guests.  The strong relationship between diet and health and the increasing rates of weight problems make supporting healthy food choices at Pacific part of our commitment to health. Pacific University is committed to providing an environment that encourages healthy lifestyles among its employees, students, and partners.  As meetings are a central aspect of the workplace, the University asks individuals who organize meetings and events to include healthy food and beverage options when refreshments are served, and dedicated opportunities for physical activity. 

Monday, March 10, 2014

Higher Education Opportunity Act (HEOA) Notification

This document informs students that the illegal distribution of copyrighted materials may subject them to criminal and civil penalties and describes the steps that Pacific will take to detect and punish illegal distribution of copyrighted materials. Distribution of this information to students is required by the Higher Education Opportunity Act (HEOA).

Pacific University Compliance with the Higher Education Opportunity Act Peer-to-Peer File Sharing Requirements

Friday, Nov. 7, 2014

HIPAA Incident Reporting and Breach Notification Policy and Procedure

POL-COM4814

The purpose of this policy is to set forth Pacific University’s process for addressing potential breaches of unsecured protected health information from incident discovery to investigation / risk assessment and potential notification. Pacific University has established a comprehensive HIPAA privacy and security program to prevent unauthorized access to protected health information (PHI). This policy sets forth Pacific's approach to investigating and responding to incidents that may involve unauthorized use or disclosure of PHI. 

It is the policy of Pacific University to be prepared for, to prevent and to respond to information security incidents. Once a security incident is suspected and reported to the privacy officer, he/she will analyze the available information in order to determine if the security incident constitutes a data breach as defined by the HIPAA Omnibus Rule. If it is determined that a breach has occurred, procedures to mitigate the harmful effects of the incidents including containing and eradicating the incident, will be put into place. Security incidents and their outcomes will be documented and stored electronically in a secure location.

PUNet ID Required to review
Updated March 2023

Tuesday, Nov. 6, 2018

HIPAA Privacy Sanctions Policy

POL-COM4815

The purpose of this Policy is to set forth Pacific University’s process for applying sanctions for violations of Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security policies. Pacific University has established a comprehensive HIPAA privacy and security program to prevent unauthorized access to protected health information (PHI). This policy sets forth Pacific's approach to applying consistent sanctions upon completion of investigations. 

This policy applies to the workforce members of Pacific University’s Healthcare Clinics. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care components of Pacific University.

PUNet ID required to review.
Updated March 2023

Pacific University Sanctions MATRIX

Tuesday, March 12, 2019

Identification Cards

POL - U1025

Identification (ID) cards (Boxer Cards) are issued to Pacific University employees. An ID card may be required for admission to or participation in University programs.

The University ID card also serves as a library card. ID cards are issued by Campus Public Safety.

Friday, June 1, 2018

Identity Theft Prevention Policy and Red Flag Guidelines

POL-BOT1301

Pacific University developed this Identity Theft Prevention Policy pursuant to the Federal Trade Commission’s Red Flags Rule, which implements Section 114 of the Fair and Accurate Credit Transaction (FACT) Act of 2003. The purpose is to establish an Identity Theft Prevention Policy designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide for continued administration of the policy.

This protection policy applies to students, employees, board members, contractors, consultants, temporary workers, and other workers at the University, service providers, including all personnel affiliated with third parties.

Pacific University shall include policies and procedures to:

  1. Identify relevant red flags to ensure the detection of possible risk of identity theft to customers and incorporate those red flags into the policy;
  2. Detect red flags that have been incorporated into the policy;
  3. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
  4. Ensure the policy is updated periodically to reflect changes in risks to customers and to the safety and soundness of the creditor from identity theft

Administration of the policy is with the Vice President of Finance and Administration in development, implementation and oversight. This includes ongoing staff training and oversight of service provider arrangements to ensure compliance.

PUNID required to see full policy document. 

Wednesday, Feb. 12, 2020

Immigration Certification I-9

POL - U1015

All employees hired by the University must present documentation establishing their identity and employment authorization in accordance with the immigration laws of the United States prior to hire and upon request of the University at any time after hire.

 

Friday, June 1, 2018

In-Library Computer/Internet Acceptable Use Policy

POL-LIB2603

The Pacific University Libraries seek to advance critical inquiry, collaborative learning, and knowledge creation through dynamic services, spaces, and collections. The Libraries’ enactment of this mission is guided by our core values, which prioritize providing opportunities to engage with diverse ideas, providing services that contribute to equitable access to information, and the use of inclusive approaches to delivering services.

Aligned with this mission and these values, the Libraries provide information technology resources — desktop and laptop computers configured to allow unfiltered access to subscribed and open Internet information resources — that are available both to Pacific University students, staff, and faculty and to external community patrons for use in Libraries facilities. The primary intended purpose of these resources is to support the teaching, learning, research, service, and administrative activities of the Pacific community; a secondary purpose is to support the personal information technology/resource needs of the Pacific community and the academic and personal needs of external community members.

Access to these information technology resources and to subscribed and open Internet resources is provided in compliance with the American Library Association’s (ALA) Library Bill of Rights and the ALA Access to Digital Resources and Services: An Interpretation of the Library Bill of Rights statement.

This Computer/Internet Use Policy is intended to elaborate on and extend the Pacific University Appropriate Use Policy for Information Technology policy; library computer users should refer to that policy as the primary source of parameters, rights, and restrictions on the use of information technology in Libraries facilities.

Tuesday, July 12, 2022

Inactivation of Courses Policy

POL-AA2003

The Inactivation of Courses Policy allows for the inactivation of courses that have not been offered in four years. Each year in early spring as part of the catalog update process, the Registrar’s Office will forward to each academic unit courses from that unit that have not been offered in 4 years, for review for inactivation.  Certain courses that may be offered infrequently, such as New/Special Topics courses, Internships and Independent Studies, will be excluded from the list.  If the program does not request that a certain course be kept active, the course will be inactivated when the catalog information is updated. If it is desired at a later date to reactivate the course, the unit will inform its curriculum approval entity, and then notify the Registrar’s Office to reactivate.

PUNet ID required to review policy document.

Tuesday, July 10, 2018

Individual Development Plan Policy

POL-OSSP3201

Grounded in the core theme of educating for student success, Individual Development Plans intend to guide graduate and postdoctoral students in their professional development and career planning.

Graduate students and post-doctoral researchers supported by funding from the National Institutes of Health (NIH) are required to develop Individual Development Plans (IDP). Required progress reports submitted to the NIH must include a copy of the University’s IDP policy, a description of whether the university uses IDPs, and how IDPs are used to assist in the career development of graduate students and postdoctoral researchers supported by NIH.  

Pacific University encourages graduate students and postdoctoral researchers to create and use IDPs to formulate academic and career goals and facilitate conversations with faculty advisors and mentors. All graduate students and postdoctoral researchers supported by NIH funding are required to have an IDP. The Office of Scholarship and Sponsored Projects offers graduate students, postdoctoral researchers, faculty advisors and mentors information on IDP resources, including templates and online resources.

PUNet ID required to review policy.

Tuesday, Dec. 18, 2018

Information Security - Incident Security Response Policy and Procedures | UIS

POL-UIS4507

Information security related incidents impact Pacific University's (Pacific) security goals and may also harm its ability to conduct business. These incidents may be malicious in nature or accidental. Pacific has selected and implemented a set of safeguards, which are based on the result of risk assessments and information security standards. In the event of a security related incident, this policy addresses the methods for identifying, responding to and, when possible, preventing security incidents. The Incident Response Team includes the Information Security Officer, the Privacy Officer, the Director of Legal Affairs and may include other department directors as needed.

PUNID required to review this policy.

 

Tuesday, Jan. 29, 2019

Information Security Sanctions Policy | UIS

POL - UIS4508

This policy sets forth Pacific's approach to applying sanctions upon completion of investigations regarding misuse of Protected Data. Attempting to obtain or use, actually obtaining or using, or assisting others to obtain or use Protected Data, when unauthorized or improper, will result in counseling and/or disciplinary action up to and including termination.

Pacific University has adopted this Information Security Sanctions Policy to ensure the confidentiality, integrity, and availability of all Protected Data we create, receive, maintain, or transmit as required by federal or state regulatory requirements, and other regional or local applicable laws and requirements.

Supplemental Document: FRM-UIS4508-1 Pacific University Sanctions Matrix

PUNID required to review this policy.

Tuesday, Jan. 29, 2019

Information Systems Access Control and Management

POL-COM4817

Appropriate management of access to protected health information is an important aspect of Pacific University's information security strategy.  Pacific University has adopted this Access Control Policy in order to recognize the requirement to comply with the Health Insurance Portability and Accountability Act (“HIPAA”).

The purpose of this policy is to establish a standard for HIPAA access control activities related to the Pacific University HIPAA Program.  Pacific is committed to take reasonable and appropriate steps to ensure that workforce members have the appropriate authorization to access ePHI.  This policy will cover initial, as well as periodic access control activities. 

PUNID required to review policy.

Information Systems Access Control and Management

Friday, May 1, 2015

Information Systems Access Control and Management Policy and Procedures | UIS

POL-UIS4510

Appropriate management of access to Protected Data is an important aspect of Pacific University's information security strategy. The policy outlines requirements and process for granting members of the workforce appropriate levels of access to electronic Protected Date based on study or work-related duties and responsibilities. Policy also outlines the documented process for granting authorization and access to Protected Data.

PUNID required to review policy.

Tuesday, Jan. 29, 2019

Information Systems Activity Review and Audit Policy

POL-COM4818

Most information systems, including electronic health records that contain ePHI have the ability to create log files, which describe the activity occurring to, or within the system. A timely review of system activity can give insight into potential issues that may negatively impact the security of protected health information.

The purpose of this policy is to establish Pacific University's compliance with federal HIPAA regulations including standard practices for reviewing system activity within information systems. These types of reviews may include the activity and access logs of Pacific University medical record systems which store ePHI.

PUNID required to review policy.

Information Systems Activity Review and Audit Policy

Tuesday, Nov. 25, 2014

Information Systems Activity Review and Audit Policy and Procedures | UIS

POL-UIS4509

The goal of Information Systems Activity Review is to prevent, detect, contain, and correct security violations and threats to Protected Data such as unauthorized access to the information systems, suspicious data use, or tampering.

Designated workforce members in each college, school or department will review any unauthorized access to the information systems, suspicious data use or tampering. They will take appropriate action regarding potential system vulnerabilities, improve safeguards as needed, and work with the Pacific University Privacy Officer and/or the Information Security Officer on appropriate action items.

PUNID required to review policy.

Implementation Guidance Worksheet:
AA Legal Policies FRM-UIS4509-1 Healthcare System Activity Review and Audit Template 04-19

Tuesday, Jan. 29, 2019

Information Technology Standard - Encryption Policy

POL-COM4820

The purpose of this standard is to define approved methods for using encryption technology to ensure the integrity and confidentiality of electronic protected health information (ePHI) and other Pacific University confidential information while at rest and during transmission. This standard applies to all data that is considered Pacific University confidential information, including ePHI when it is at rest, being processed, or transmitted between information technology resources.

Data encryption technology and mechanisms exist to help ensure the confidentiality and integrity of data.  This standard is designed to help Pacific University’s UIS Department determine when it is necessary to utilize encryption, and what type and/or level of encryption to employ. Pacific University security standards for Encryption Technology are based upon industry standards, HIPAA, National Institute of Standards & Technologies (NIST) security guidelines, and existing Pacific University policies on Information Security.

PUNet ID required to review

Revised 2/8/2022

Monday, Dec. 1, 2014

Pages