PRIVACY SANCTION POLICY
The purpose of this policy is to protect patient's and Center faculty, staff and students rights to confidentiality and privacy, and to insure uniform enforcement of this policy.
Patient and staff information will be regarded as
confidential and will be available
only to authorized users for approved purposes. Access to confidential
information is only permitted for direct patient care, approved administrative/
supervisory functions, or with Institutional Review Board approval.
Confidential information obtained either during assigned duties or by accident
shall not be released to any person or
institution except in accordance with
Center for Eye Care policy. No
Center faculty, staff, student, volunteer, vendor, or contractor shall seek
access to confidential information out of curiosity, for malicious purposes, or
for financial gain. Discussion or consultation involving a patient's care or a
staff member's confidential information should be conducted in private.
Individuals not directly involved in the patient's care should not be present
without the patient's consent.
POLICY:
Breaches in patient confidentiality have
been divided into the following three levels with the corresponding
disciplinary action for each level of breach:
Level 3 breach. Carelessness - This level of breach occurs when a Center staff member unintentionally or
carelessly accesses, reviews or reveals patient information to him/herself or
others without a legitimate need to know the patient information. Examples
include, but are not limited to: staff discussing patient information in a
public area; staff leaving a copy of patient medical information in a public
area; staff leaving a computer unattended in an accessible area with medical
record information unsecured.
Disciplinary Sanctions:
Depending upon the facts, disciplinary sanctions may include: counseling, oral
warning, written warning, final written warning or suspension, documented in
writing and maintained in the staff's personnel record, or termination. Except
in the case of termination, the staff shall be required to repeat the
confidentiality training module on his/her own time.
Level 3 disciplinary sanctions shall be administered in a
progressive manner. Disciplinary sanctions shall be reported to the applicable
professional licensing board as appropriate.
Level 2 breach. Curiosity or Concern (no personal gain)
- This level of breach occurs when a staff
member intentionally accesses or discusses patient information for purposes
other than the care of the patient or other authorized purposes but for reasons
unrelated to personal gain. Examples include, but are not limited to: a staff
member looks up birth dates, address of friends or relatives; a staff member
accesses and reviews a record of a patient out of concern or curiosity; a staff
member reviews a public personality's record.
Disciplinary Sanctions:
First offense: Depending upon the facts, oral or written warning documented and
maintained in the staff member's personnel record.
Second offense: Depending upon the facts, a final written warning and
suspension for 3-
30 days without pay, documented and maintained in the staff' member's personnel record, or termination.
Third Offense: Termination.
Except in the case of termination, the employee shall be
required to repeat the confidentiality training module on his/her own time.
Level 1 breach:
Personal gain or malice- This level
of breach occurs when a staff member accesses, reviews or discusses patient
information for personal gain or with malicious intent. Examples include but are not limited
to: a staff member reviews a patient record to use information in a personal
relationship; a staff member compiles a mailing list for personal use or to be
sold.
Disciplinary Sanctions:
Termination.
The following process must be followed
when a staff member breaches, or is suspected of breaching, patient confidentiality:
1. Initial
reporting
• An individual who
observes or is aware of a breach reports it to his/her immediate supervisor.
• Supervisor reports to
the Center Supervisor who notifies the Assistant Dean for Clinical Programs
• Failure to report a
breach of which one has knowledge will result in appropriate disciplinary
action. Reporting of a breach in bad faith or for malicious reasons will result
in appropriate disciplinary action.
2. Unambiguous Level 3 breaches
For a breach involving any staff that is clearly only a
Level 3 breach, the Center Supervisor shall, in conjunction with the Human
Resources Department and/or Legal Department as necessary, identify and
implement an appropriate action plan as required under this policy and shall
communicate such action to the Assistant Dean for Clinical Programs in a timely
manner.
3. Breaches other than unambiguous Level 3 breaches
4. Reporting
For all levels of breach, after final resolution, the initial report and all written documentation relating to it shall be filed in a confidential file in the Assistant Dean for Clinical Program's Office. The disciplinary action and appropriate documentation shall also be placed in the staff member's personnel file.
C. Appeal Process
The following appeal processes apply when
an employee is subject to a disciplinary action pursuant to this policy:
1. For
staff members the appeal will begin by following the Board of Curators Collected
Rules and Regulations.