1.001 Employee Termination

Op10.04-1 Employee Termination

Purpose

To define the University’s policy with regard to termination of computer and building access upon either termination (resignation, retirement, dismissal), placement of an employee on administrative absence in conjunction with an investigation or placement of an employee on suspension in accordance with 45 CFR 164.530 (c) (1) and (2). This policy will also address return of equipment, keys, etc.

Application

Applies to Missouri State University, its Health Care Components (HCC) and workforce.

  1. Contents
    1. Definitions
    2. Procedures for Terminating Computer and Building Access
    3. Procedures for Collecting Missouri State Owned Equipment
    4. Sanctions
    5. Monitoring
  2. Definitions
    1. Computer Systems: Computers connected to local and statewide communication networks, database storage or electronic records systems, Internet or email.
    2. Missouri State Workforce: Includes employees, volunteers, contract workers, trainees and other persons who are in a Missouri State facility on a regular course of business.
    3. University Security Officer or Security Officer (SO): Individual designated by the University to oversee all activities related to the development, implementation, maintenance of, and adherence to all University policies and procedures covering the electronic and physical security of, and access to, protected health information and other Missouri State data in compliance with federal and state laws and regulations.
    4. Missouri State Security Team: The unit in the department of Computer Services that is responsible for granting and revoking access to Missouri State computer systems.
    5. Facility Director: The individual in each Missouri State facility who is responsible for the operation of the IT functions.
  3. Procedures for Termination of Access to Missouri State Computer Systems and Facilities:
    1. A supervisor shall, upon receipt of notice of employment termination, immediately notify the Office of Human Resources. Designated staff in the Office of Human Resources shall prepare a Property Clearance Form and mail to the department of terminating employee, or notify the department to print the web-based clearance form.
    2. Upon receipt of a resignation letter the Office of Human Resources shall, either by email or memo, contact the SO to initiate termination of computer access. The terminated employee will follow property clearance procedures on the last work date.
    3. Staff in charge of facility building access shall sign terminating employee’s property clearance form upon return of keys.
    4. When an employee is placed on administrative leave during an investigation or placed on administrative leave or suspension without pay, the Office of Human Resources shall immediately contact, either by email or memo, the SO to initiate termination of computer and facility access. The Office of Human Resources shall notify, either by email or memo, the department supervisor to collect building keys. Access to Missouri State system(s) shall be revoked during the investigation or suspension period. When the employee returns, the employee shall complete a new Missouri State Access Request form.
    5. Upon termination of student employees who have been given non-student CICS computer access, the Supervisor will immediately cause the CICS password to be changed to terminate access.
  4. The Supervisor shall ensure that all University property in the employee’s possession is returned. This shall include, but is not limited to, a BearPass Card, phone card, uniforms and/or equipment such as a cell phone, pager, laptop, PDA, tools, etc.
  5. Sanctions. Failure to comply or assure compliance with the requirements of this policy will result in disciplinary action, up to and including dismissal.
  6. Monitoring. The SO shall collect information from the Office of Human Resources during the month of April of each year beginning in 2004, for the purposes of providing feedback to the HIPAA Management Team, the Director of Computer Services, and the Security Team to determine compliance with this regulation.

HISTORY: Effective March 21, 2003