(1) In conjunction with the Health Insurance Portability and Accountability Act (HIPAA) staff shall report any breach of security, whether accidental or intentional, of confidential information covered by the HIPAA, to their supervisor or the Senior Human Resources Officer. The Samish Indian Nation “whistle-blower” policy protects anyone who reports a breach in client or employee privacy and security from being punished for such reporting.

(2) Any staff member who does not adhere to this policy is subject to disciplinary action up to and including termination, notification of law enforcement, and notification of licensure agencies. The severity of the sanction depends on the severity of the violation, whether or not it is intentional, or whether the violation indicated a pattern or practice of improper access, use or disclosure. [Res. 2022-10-016 § 1, 2022.]