Policy No.                   8-27-2019 Revised Date: 


WSU Employee Wellness will apply the following principles in sanctioning its workforce members who violate the provisions of WSU Employee Wellness’s HIPAA Policies and Procedures. 


Protected Health Information (“PHI”): means individually identifiable health information (“IIHI”) that is transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or media.  IIHI means information that is a subset of health information, including demographic information collected from an individual and is created or received by a health care provider, health plan, employer or health care clearinghouse.  Such information relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual, that identifies the individual or with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.  PHI excludes IIHI: (i) in education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g; (ii) in records described at 20 U.S.C. 1232g(a)(4)(B)(iv); (iii) in employment records held by WSU Employee Wellness in its role as employer; and (iv) regarding a person who has been deceased for more than 50 years.

Workforce: means employees, volunteers, trainees and other persons whose conduct, in the performance of work for Weber State University, is under the direct control of WSU Employee Wellness, whether or not they are paid by Weber State University.


Workforce members will be made aware of what actions are prohibited and punishable.  Training will be provided and expectations will be clear so that individuals are not sanctioned for doing things that they did not know were wrong or inappropriate.  In additional to WSU Employee Wellness’s sanctions, workforce members will be advised of civil or criminal penalties for misuse or misappropriation of health information.  WSU Employee Wellness will inform workforce members that violations may result in notification of law enforcement officials and regulatory, accreditation and licensure organizations. 


A. Equal Treatment

All workforce members subject to discipline will be treated equally.  Workforce members sanctions may include any of the following:

1- verbal warning

2- notice of disciplinary action placed in workforce members file

3- removal of (computer) system privileges 

4- termination of employment/engagement


B. Determination of Sanctions

The Privacy Officer will determine appropriate workforce members sanctions for any violation of the provisions of WSU Employee Wellness’s HIPAA Policies and Procedures.  


C. Conflict

In the event any of the disciplinary policies and procedures of WSU Employee Wellness’s HIPAA Policies and Procedures conflict with any of Weber State University’s other disciplinary policies and procedures, shall control with respect to the subject matter contained in WSU Employee Wellness’s HIPAA Policies and Procedures.


D. Exception to Sanctions

Sanctions will not be imposed for disclosures by whistleblowers and workforce member crime victims, or against any individual for the exercise by the individual of any right established under WSU Employee Wellness’s HIPAA Policies and Procedures, or for participation in any process of complying with WSU Employee Wellness’s HIPAA Policies and Procedures, including: the filing of a complaint; testifying; assisting or participating in an investigation, compliance review proceeding or hearing; or opposing any unlawful act or practice, provided the individual has a good faith belief that the practice opposed is unlawful, the manner of opposition is reasonable and protected health information (“PHI”) is not inappropriately disclosed.