Job Shadow Agreement for Minor - Form

FRM-COM4822

Required document for providing a Job Shadow opportunity as a learning experience to a minor student. Form must be signed.

PUNet ID required to review

Nov. 7, 2018

Minimum Necessary Policy

POL-COM4823

The purpose of this policy is to establish Pacific University's compliance with federal HIPAA regulations 45 CFR §§ 164.502(b) and 164.514(d), which require covered entities to make reasonable efforts to limit the use and disclosure of PHI to the minimum necessary. Information systems, including electronic health records contain more protected health information (PHI) than may be needed for a given purpose or disclosure. This policy governs the use and disclosure of PHI so that only the minimum amount of PHI is used when needed.

The scope of this policy is all workforce members of Pacific University’s health care component. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care component of Pacific University.

PUNet ID required to review

Nov. 7, 2018

Mobile Device Policy | UIS

POL-UIS4511

Workforce members of Pacific University are generally not issued smart phones or similar mobile devices, which have the ability to connect to the Pacific network and download data. To support mobile access for the workforce, Pacific has adopted a "bring your own device" (BYOD) approach, which permits workforce members to utilize personally owned devices to access Pacific email, calendar, contacts and other resources. This policy applies to both personally owned devices and Pacific-owned devices.

The use of personally owned mobile devices to access Pacific data remotely might inevitably lead to users storing Pacific data on their personally owned devices. While Pacific determines the financial and technical feasibility of implementing technical controls and mobile device security enhancements, the university has adopted the measures described in this policy to safeguard university Protected Data.

PUNID required to review policy.

Jan. 29, 2019

Notice of Privacy Practices

POL-COM4801

Pacific University is committed to preserving the privacy of your health information. We are required by law to keep your health information private and provide you with this Notice of Privacy Practices. We are also required to provide you with this Notice describing our legal duties and our practices concerning your health information. We reserve the right to change this Notice and to make the revised or changed Notice effective for health information we already have about you, as well as any information we receive in the future. We will have a copy of the current Notice with an effective date in clinical locations and any changes made to the Notice will be posted in the Patient Registration area, posted on our website and given to you at your next appointment. Pacific University is required to notify you if your protected health information is breached.

Notice of Privacy Practices - Spanish

Notice of Privacy Practices Acknowledgement - English

Notice of Privacy Practices Acknowledgement - Spanish

Notice of Privacy Practices Handout - English

Notice of Privacy Practices Handout - Spanish

Request to Inspect or Copy Protected Health Information Form

 

Jul. 10, 2018

Pacific University Password Policy | UIS

POL-UIS4501

The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.

Passwords are an important aspect of computer security. A poorly chosen password may result in the compromise of Pacific University's entire university network.

Jan. 29, 2019

Patient Complaints About Privacy Practices - Policy and Procedure

POL-COM4825

In accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pacific University patients may complain about how Pacific University uses and discloses their Protected Health Information (PHI). All patient complaints will be submitted to the HIPAA Privacy Officer for investigation and resolution. (See the policy document for procedures on submitting a complaint.)

Pacific University has established a comprehensive HIPAA privacy and security program to prevent unauthorized access to protected health information (PHI). This policy sets forth Pacific's approach to investigating and responding to patient complaints about privacy practices. This policy applies to the workforce members of Pacific University’s Healthcare Clinics.  Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care components of Pacific University.

 

Nov. 1, 2017

Policy Governing Identity Theft Prevention Program and Red Flag Guidelines

POL-FA4001

The purpose of this policy is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide for continued administration of the Program. Further, the efforts and resources committed must be appropriate to the size and complexity of the organization and the nature and scope of its activities. The Program shall include reasonable policies and procedures to:

  1. Identify relevant red flags to ensure the detection of possible risk of identity theft to customers and incorporate those red flags into the Program;
  2. Detect red flags that have been incorporated into the Program;
  3. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
  4. Ensure the Program is updated periodically to reflect changes in risks to customers and to the safety and soundness of the creditor from identity theft

Administration of the Program is with the Vice President of Finance and Administration in development, implementation and oversight. This includes ongoing staff training and oversight of service provider arrangements to ensure compliance.

Pacific University developed this identity Theft Prevention Program (“Program”) pursuant to the Federal Trade Commission’s Red Flags Rule, which implements Section 114 of the Fair and Accurate Credit Transactions Act (FACT ACT) of 2003. This program was received and reviewed by the Executive Committee of the Board of Trustees on April 13th, 2009. The program was then sent to the Finance Committee to review on May 22, 2009. The Finance Committee forwarded the policy to the Audit Committee for approval. After consideration of the size of the University’s operations and accounting systems, and the nature and scope of the University’s activities, the Audit Committee determined that this Program was appropriate for Pacific University, and therefore approved this Program on June 10, 2009.

Policy requires PUNet ID to review.

Jun. 10, 2009

Protected Data Communication via Conferencing and Video Services

POL-COM4833

This policy establishes the required guidelines for the use of HIPAA/FERPA protected healthcare conferencing and video services (e.g. Healthcare Zoom) by workforce members to discuss Protected Data.  Permitted uses are: case conferences, preceptor consultations, HIPAA/FERPA protected conferencing and video services, student performance measures, care coordination, student advising sessions, and administrative meetings.

PUNID required to review policy.

Mar. 12, 2019

Remote Access Policy | UIS

POL-UIS4513

This policy applies universally to all remote access, regardless of ownership of the equipment used to perform the remote access. Pacific University determines the financial and technical feasibility of implementing technical controls and remote workstation security enhancements. This policy sets the standards for assigning remote access and user responsibilities to protect data. Pacific University’s Information Security Officer or designee shall confirm all Protected Data in motion over a public network is encrypted according to current technology standards.  

PUNID required to review policy.

Jan. 29, 2019

Request for Confidential Communications

POL-COM4805

The purpose of this policy is to ensure patients the right to request Confidential Communications as required by HIPAA.

HIPAA permits a patient to request that the covered entity communicate by alternative means or to alternative locations.

The scope of this policy is all workforce members of Pacific University’s health care component. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care component of Pacific University.

Request for Confidential Communications Form

Confidential Communications Revocation Form

Nov. 1, 2017

Request for Restrictions of Use and Disclosure of Protected Health Information Policy

POL-COM4827

The purpose of this policy is to describe the patient right to request a restriction of use and disclosure of protected health information (PHI). HIPAA permits a patient to request that the covered entity restrict uses or disclosures of protected health information (PHI) about the patient to carry out treatment, payment, or health care operations.

The scope of this policy is all workforce members of Pacific University’s health care component. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care component of Pacific University.

PUNet ID required to review

Form - Request for Restriction Not to Bill Health Plan or Insurance

Form - Request for Restrictions of Use and Disclosure of Protected Health Information

Nov. 1, 2017

Request to Amend Protected Health Information (PHI) Policy

POL-COM4828

The purpose of this policy is to describe a patient’s right to request an amendment of protected health information contained in the designated record set (DRS), and the process and timeline for replying to the request. HIPAA provides patients and their representatives certain rights. This policy describes a patient’s right to request an amendment of protected health information (PHI).

The scope of this policy is all workforce members of Pacific University’s health care component. Pacific University is a hybrid entity. Only the health care component (i.e., the covered functions) of Pacific University must comply with this policy. All references in this policy to “Pacific University” shall be construed to refer only to the health care component of Pacific University.

PUNet ID required to review

Form - Request to Amend PHI

Nov. 1, 2017

Risk Analysis and Management Policy and Procedures | UIS

POL-UIS4514

Pacific University has adopted this Risk Analysis and Management Policy in order to recognize the requirement to comply with Information Security Requirements. Under the guidance of Senior Leadership, Pacific University will conduct periodic assessments of potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic Protected Data of which we have been entrusted.

Senior Leadership will be responsible for receiving, reviewing and acting upon the risk analysis, including assessing assignment of risk, prioritizing risk mitigation, and advocating for resources needed to implement a risk mitigation plan.

PUNID required to review policy.

Feb. 12, 2019

Security Evaluation Policy and Procedures | UIS

POL-UIS4515

Pacific University takes reasonable and appropriate steps to conduct periodic technical and non-technical evaluations of its security safeguards in order to demonstrate and document the extent of the university’s compliance with its security policies and applicable laws and regulations. These safeguards include policies, controls, and processes, which are updated in response to environmental or operational changes affecting the security of Protected Data. The evaluations will be completed by a team or individual designated by Pacific University's Information Security Officer.

PUNID required to review this policy.

 

Jan. 29, 2019

Workforce Security Policy and Procedures | UIS

POL-UIS4516

Pacific University has adopted this Workforce Security Policy to ensure the confidentiality, integrity, and availability of all Protected Data we create, receive, maintain, or transmit as required by federal or state regulatory requirements, including but not limited to FERPA, GLBA, HIPAA, PCI, and other regional or local applicable laws and regulations. During the course of normal operations, it will be necessary to provide Pacific University workforce members with access to electronic Protected Data. Access to sensitive materials such as this should be restricted to those individuals who have been vetted and authorized for such access and possess a need to know to perform the course of their duties. Workforce clearance procedures screen access to Protected Data and ensure that only those individuals who should possess access have access.

PUNID required to review policy.

Jan. 29, 2019

Workstation Security and Use Policy | UIS

POL-UIS4517

Policy safeguards Protected Data, which may reside on, or be accessed through Pacific University workstations. Members of the Pacific University workforce are expected to adhere to this policy whenever they are using workstations to access Protected Data.

PUNID required to review policy.

Jan. 29, 2019

Pages