Title: Protected Health Information: Destruction and Disposal
Subject: Office of Compliance & Corporate Integrity (OCCI)
Policy No: OCCI:2013:P11
Issuing Authority: President
Responsible Officer: Chief Audit, Compliance & Privacy Officer; Director of Information Security
Date Adopted: 07/01/2013
Last Revision: 101/2026/20202021
Last Reviewed: 101/2126/20202021
To establish a policy that ensures compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and Omnibus Privacy Final Rule of 2013 in the destruction and disposal of documentation containing Protected Health Information (PHI).
- Attachment 1 - Procedures for the Destruction/Disposal of All Protected Health Information (PHI)
VIII. NON-COMPLIANCE AND SANCTIONS
Any individual who violates this policy shall be subject to discipline up to and including dismissal from the University in accordance with their union and University rules. Civil and criminal penalties may be applied accordingly. Violations of this policy may require retraining and be reviewed with employee during the annual appraisal process. The Deans of each College, Vice Presidents, and University President, with the assistance of the Department of Human Resources, will enforce the sanctions appropriately and consistently to all violators regardless of job titles or level within the University and in accordance with bargaining agreements for represented employees. Any sanction costs or fines will be borne by the Department and the Department Chair or VP will determine how these funds will be assigned.
By Direction of the President: