Office of Audit, Risk & Compliance

To establish the framework and define the sanctions that may be imposed for violations of University policies and procedures related to the Health Insurance Portability and Accountability Act (HIPAA), healthcare privacy, and information security.

To recognize the University’s obligation to provide training on applicable federal, state, and accreditation requirements and University policy, and the requirement of employees, students, volunteers, and affiliates to participate in and complete such training.

The general purpose of this policy is to protect any University employee or other member of the University community who makes a good-faith disclosure of suspected wrongful conduct. This policy establishes the appropriate reporting mechanisms to be used for notification of known or suspected wrongdoing and protection from retaliation.