Privacy and Compliance Policies

Commonwealth Medicine is committed to ensuring all its employees—from the Executive Leadership Team to part-time student interns—perform their day-to-day activities with an eye toward complying with all relevant laws, regulations, policies and contract provisions.

The Office of Compliance and Review (OCR) at Commonwealth Medicine supports employee compliance in providing services to various state agencies. Through education, training, monitoring and consultation, employees learn how compliance issues affect them and their work.

OCR goals:

• Increase employee awareness of compliance issues
• Minimize instances of non-compliance
• Ensure proper actions are taken in the event that non-compliant behavior occurs

The OCR Compliance program focuses on four areas:

• Issues inherent in the rapidly changing health care industry
• Laws designed to protect public monies and the integrity of public employees
• University-specific employment policies and procedures
• Applicable contract provisions governing individual projects on which employees work

Laws & Regulations

OCR ensures Commonwealth Medicine employees are familiar with several important laws and regulations. For example:

• The Conflict of Interest Law, Mass. Gen. Laws Ch. 268A, regulating public employee conduct
• Mass. Gen. Laws chapters 7, 30 and 30B of the Procurement Law, guiding employees’ actions when purchasing goods or services for the Commonwealth
• Mass. Gen. Laws Ch. 55, relating to public employee political activity
• Massachusetts Public Records Law, ensuring the public’s right to access documents and files
• Fair Information Practices Act, Mass. Gen. Laws Ch. 66A, protecting the data confidentiality of personal information
• The Health Insurance Portability and Accountability Act (HIPAA), protecting medical privacy as it relates to contractual provisions with public agency clients
• Federal and university rules regarding research done on behalf of public agency clients
• University employee policies