�鶹Ӱ��

Appropriate management of access to protected health information is an important aspect of �鶹Ӱ��'s information security strategy. �鶹Ӱ�� has adopted this Access Control Policy in order to recognize the requirement to comply with the Health Insurance Portability and Accountability Act (“HIPAA”). The purpose of this policy is to establish a standard for HIPAA access control activities related to the �鶹Ӱ�� HIPAA Program. Pacific is committed to take reasonable...

Most information systems, including electronic health records that contain ePHI have the ability to create log files, which describe the activity occurring to, or within the system. A timely review of system activity can give insight into potential issues that may negatively impact the security of protected health information. The purpose of this policy is to establish �鶹Ӱ��'s compliance with federal HIPAA regulations including standard practices for reviewing system activity within...

The purpose of this standard is to define approved methods for using encryption technology to ensure the integrity and confidentiality of electronic protected health information (ePHI) and other �鶹Ӱ�� confidential information while at rest and during transmission. This standard applies to all data that is considered �鶹Ӱ�� confidential information, including ePHI when it is at rest, being processed, or transmitted between information technology resources. Data encryption...

The purpose of this standard is to define approved methods for using box.com to ensure the integrity and confidentiality of protected health information (PHI) and other �鶹Ӱ�� confidential information while at rest and during transmission. This standard applies to all data that is considered �鶹Ӱ�� confidential information, including PHI, and is being stored in Box, regardless of its storage duration. Business and instructional needs may require the storage of PHI in the...

This standard establishes a consistent set of minimum security measures required for computer workstations used within �鶹Ӱ��. This standard also addresses standards for vendor and personally owned workstations when they are connected to �鶹Ӱ��’s systems and networks.The elements of this standard include requirements for installation and configuration, access control, physical security, document storage, logging and monitoring, and change management. �鶹Ӱ��...

Required document for providing a Job Shadow opportunity as a learning experience to a minor student. Form must be signed. Updated 3-8-2022 PUNet ID required to review

The purpose of this policy is to establish language proficiency requirements for Providers in accordance with OHA 333.002.0250. �鶹Ӱ�� will allow Providers to interpret from English to the target language, when arranging for or providing services to a person with Limited English Proficiency (LEP), when the Provider meets the proficiency standard, prior to acting as interpreter. Patient requests for a certified or qualified interpreter from the Health Care Interpreters Registry will...

The purpose of this policy is to establish �鶹Ӱ��'s compliance with federal HIPAA regulations 45 CFR §§ 164.502(b) and 164.514(d), which require covered entities to make reasonable efforts to limit the use and disclosure of PHI to the minimum necessary. Information systems, including electronic health records contain more protected health information (PHI) than may be needed for a given purpose or disclosure. This policy governs the use and disclosure of PHI so that only the minimum...

Workforce members of �鶹Ӱ�� are generally not issued smart phones or similar mobile devices, which have the ability to connect to the Pacific network and download data. To support mobile access for the workforce, Pacific has adopted a "bring your own device" (BYOD) approach, which permits workforce members to utilize personally owned devices to access Pacific email, calendar, contacts and other resources. This policy applies to both personally owned devices and Pacific-owned devices...

�鶹Ӱ�� promotes the highest standard of ethical and legal conduct. The Code of Conduct, policy and procedures for all workforce members guide this effort. �鶹Ӱ�� promotes open dialogue between members of the �鶹Ӱ�� community, and encourages workforce members to report problems, concerns, opinions without fear of retaliation or retribution. The University will use best efforts to protect workforce members against retaliation or retribution from reporting actual...

�鶹Ӱ�� is committed to preserving the privacy of your health information. We are required by law to keep your health information private and provide you with this Notice of Privacy Practices. We are also required to provide you with this Notice describing our legal duties and our practices concerning your health information. We reserve the right to change this Notice and to make the revised or changed Notice effective for health information we already have about you, as well as any...

The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change. Passwords are an important aspect of computer security. A poorly chosen password may result in the compromise of �鶹Ӱ��'s entire university network.

In accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), �鶹Ӱ�� patients may complain about how �鶹Ӱ�� uses and discloses their Protected Health Information (PHI). All patient complaints will be submitted to the HIPAA Privacy Officer for investigation and resolution. (See the policy document for procedures on submitting a complaint.) �鶹Ӱ�� has established a comprehensive HIPAA privacy and security program to prevent...

The purpose of this policy is to ensure credit balances are appropriately returned to the payer, patient, or properly accounted for by each clinic.

This policy establishes the required guidelines for the use of HIPAA/FERPA protected healthcare conferencing and video services (e.g. Healthcare Zoom) by workforce members to discuss Protected Data. Permitted uses are: case conferences, preceptor consultations, HIPAA/FERPA protected conferencing and video services, student performance measures, care coordination, student advising sessions, and administrative meetings. PUNID required to review policy. Updated October 2024.

This policy describes and defines the retention and destruction of Protected Health Information (PHI) of patients of the healthcare component of �鶹Ӱ��. The entire record must be maintained for the required period. This policy is in accordance with all regulations related to the retention and storage of PHI, including but not limited to the follow healthcare regulations: HIPAA, HITECH, Oregon Administrative Rules, Oregon Revised Statutes and Oregon Medical Board. In cases where...

This policy applies universally to all remote access, regardless of ownership of the equipment used to perform the remote access. �鶹Ӱ�� determines the financial and technical feasibility of implementing technical controls and remote workstation security enhancements. PUNID required to review policy. Revised 2/8/2022

The purpose of this policy is to ensure patients the right to request Confidential Communications as required by HIPAA. HIPAA permits a patient to request that the covered entity communicates by alternative means or to alternative locations. The scope of this policy is all workforce members of �鶹Ӱ��’s health care component. �鶹Ӱ�� is a hybrid entity. Only the health care component (i.e., the covered functions) of �鶹Ӱ�� must comply with this policy. All...

The purpose of this policy is to describe the patient right to request a restriction of use and disclosure of protected health information (PHI). HIPAA permits a patient to request that the covered entity restrict uses or disclosures of protected health information (PHI) about the patient to carry out treatment, payment, or health care operations. The scope of this policy is all workforce members of �鶹Ӱ��’s health care component. �鶹Ӱ�� is a hybrid entity. Only the...

The purpose of this policy is to describe a patient’s right to request an amendment of protected health information contained in the designated record set (DRS), and the process and timeline for replying to the request. HIPAA provides patients and their representatives certain rights. This policy describes a patient’s right to request an amendment of protected health information (PHI). The scope of this policy is all workforce members of �鶹Ӱ��’s health care component. Pacific...