Sanction policies are often vague or even overlooked in many privacy and security programs. The whole point of a sanction policy is to list out the consequences for failure to follow our policies and procedures. With a vague or non-existent policy consequences aren’t clear which leads to a lack of concern for failure to follow the policy in the first place. You will never build a culture that worries about protecting information without it being clear that is a requirement for inclusion in our culture. How do you sanction?
More at HelpMeWithHIPAA.com/207