In recognition of the important work that Pacific University employees conduct at conferences, presentations, site visits, development trips, and more, the University Travel Policy provides a way to ensure cost effectiveness and accountability while upholding Pacific University’s mission.

This policy has been created to govern spending on travel and expenses related directly to business travel for Pacific University, in compliance with IRS regulations. The University will reimburse individuals for reasonable, necessary, appropriate and approved travel and business expenses incurred in the performance of University business.

All employees must receive approval from their supervisor before traveling to conferences, workshops, and other off-campus events. Documentation showing this approval may differ for some areas and employees should consult their supervisor. If an area does not have a current system in place employees may utilize a Travel Authorization Form (TAF). For travel to other campuses, prior approval is not necessary.

Prior approval must be documented prior to arranging any travel. The University may not reimburse travel plans made without prior approval from the employee’s supervisor. A purchase order is not required for travel expenses.

In adherence with IRS guidelines, when the employee returns from their travel, they are required to submit a Travel Expense Report to the Business Office with the proper documentation and approval paperwork, within 30 days. The 30-day rule is necessary to allow for processing, and given the IRS may now consider later-filed reimbursements as taxable income to the employee and subject to income and withholding taxes, employees are asked to adhere to this deadline. However, fiscal year-end deadlines set by the Business Office may impact this 30-day requirement and forms may be required to be submitted in less than 30 days.

*Note - Policy document was updated on 2/1/19 to clarify procedures related to obtaining travel insurance.

Travel Authorization Form - June 2019

Travel Expense Report & Reconciliation Form - June 2019

Travel Insurance Information, updated 2/1/19  (for questions related to university insurance, contact the executive assistant to the VP of Finance)

PUNet ID required for review of documents.

Grounded in the core theme of educating for student success, Individual Development Plans intend to guide graduate and postdoctoral students in their professional development and career planning.

Graduate students and post-doctoral researchers supported by funding from the National Institutes of Health (NIH) are required to develop Individual Development Plans (IDP). Required progress reports submitted to the NIH must include a copy of the University’s IDP policy, a description of whether the university uses IDPs, and how IDPs are used to assist in the career development of graduate students and postdoctoral researchers supported by NIH.  

Pacific University encourages graduate students and postdoctoral researchers to create and use IDPs to formulate academic and career goals and facilitate conversations with faculty advisors and mentors. All graduate students and postdoctoral researchers supported by NIH funding are required to have an IDP. The Office of Scholarship and Sponsored Projects offers graduate students, postdoctoral researchers, faculty advisors and mentors information on IDP resources, including templates and online resources.

PUNet ID required to review policy.

Pacific University utilizes a variety of IT equipment to support patient care and communicate with healthcare information systems including desktop computers, servers, laptops, and biomedical devices. Biomedical devices typically measure physiological characteristics of patients and in some cases may not use or look like a traditional computer, yet they may store electronic protected healthcare information (ePHI).

Policy addresses security of devices/equipment while in use by Pacific workforce. Details encryption and physical safety measures as well as removal of PHI from devices.

PUNID required to review policy.

Pacific University has adopted this Data Integrity Policy and Procedure to ensure the confidentiality, integrity, and availability of all Protected Data we create, receive, maintain, or transmit as required by federal or state regulatory requirements, including but not limited to FERPA, GLBA, HIPAA, PCI, and other regional or local applicable laws and requirements.

The policy establishes a standard to instruct and guide workforce members in the appropriate access, use, storage, and transmission of protected data. Policy requires audits of user access rights to protected data. The university will leverage appropriate security safeguards to support the integrity of Protected Data.

PUNID required to review policy.

In support of the physical security safeguards described in NIST standards, Pacific University will implement policies and procedures to prevent unauthorized access to facilities and document the repairs and modifications to the physical components of a facility related to Protected Data security (for example, hardware, walls, doors and locks). This includes access to defined spaces as well as maintenance performed on equipment.

PUNID required to review policy.

Information security related incidents impact Pacific University's (Pacific) security goals and may also harm its ability to conduct business. These incidents may be malicious in nature or accidental. Pacific has selected and implemented a set of safeguards, which are based on the result of risk assessments and information security standards. In the event of a security related incident, this policy addresses the methods for identifying, responding to and, when possible, preventing security incidents. The Incident Response Team includes the Information Security Officer, the Privacy Officer, the Director of Legal Affairs and may include other department directors as needed.

PUNID required to review this policy.

This policy sets forth Pacific's approach to applying sanctions upon completion of investigations regarding misuse of Protected Data. Attempting to obtain or use, actually obtaining or using, or assisting others to obtain or use Protected Data, when unauthorized or improper, will result in counseling and/or disciplinary action up to and including termination.

Pacific University has adopted this Information Security Sanctions Policy to ensure the confidentiality, integrity, and availability of all Protected Data we create, receive, maintain, or transmit as required by federal or state regulatory requirements, and other regional or local applicable laws and requirements.

Supplemental Document: FRM-UIS4508-1 Pacific University Sanctions Matrix

PUNID required to review this policy.

The goal of Information Systems Activity Review is to prevent, detect, contain, and correct security violations and threats to Protected Data such as unauthorized access to the information systems, suspicious data use, or tampering.

Designated workforce members in each college, school or department will review any unauthorized access to the information systems, suspicious data use or tampering. They will take appropriate action regarding potential system vulnerabilities, improve safeguards as needed, and work with the Pacific University Privacy Officer and/or the Information Security Officer on appropriate action items.

PUNID required to review policy.

Implementation Guidance Worksheet:
AA Legal Policies FRM-UIS4509-1 Healthcare System Activity Review and Audit Template 04-19

Appropriate management of access to Protected Data is an important aspect of Pacific University's information security strategy. The policy outlines requirements and process for granting members of the workforce appropriate levels of access to electronic Protected Date based on study or work-related duties and responsibilities. Policy also outlines the documented process for granting authorization and access to Protected Data.

PUNID required to review policy.

Workforce members of Pacific University are generally not issued smart phones or similar mobile devices, which have the ability to connect to the Pacific network and download data. To support mobile access for the workforce, Pacific has adopted a "bring your own device" (BYOD) approach, which permits workforce members to utilize personally owned devices to access Pacific email, calendar, contacts and other resources. This policy applies to both personally owned devices and Pacific-owned devices.

The use of personally owned mobile devices to access Pacific data remotely might inevitably lead to users storing Pacific data on their personally owned devices. While Pacific determines the financial and technical feasibility of implementing technical controls and mobile device security enhancements, the university has adopted the measures described in this policy to safeguard university Protected Data.

PUNID required to review policy.

Revised 2/8/2022

Pacific University has adopted this Risk Analysis and Management Policy in order to recognize the requirement to comply with Information Security Requirements. Under the guidance of Senior Leadership, Pacific University will conduct periodic assessments of potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic Protected Data of which we have been entrusted.

Senior Leadership will be responsible for receiving, reviewing and acting upon the risk analysis, including assessing assignment of risk, prioritizing risk mitigation, and advocating for resources needed to implement a risk mitigation plan.

Updated 2/25/20
PUNID required to review policy.

Pacific University takes reasonable and appropriate steps to conduct periodic technical and non-technical evaluations of its security safeguards in order to demonstrate and document the extent of the university’s compliance with its security policies and applicable laws and regulations. These safeguards include policies, controls, and processes, which are updated in response to environmental or operational changes affecting the security of Protected Data. The evaluations will be completed by a team or individual designated by Pacific University's Information Security Officer.

PUNID required to review this policy.

Pacific University has adopted this Workforce Security Policy to ensure the confidentiality, integrity, and availability of all Protected Data we create, receive, maintain, or transmit as required by federal or state regulatory requirements, including but not limited to FERPA, GLBA, HIPAA, PCI, and other regional or local applicable laws and regulations. During the course of normal operations, it will be necessary to provide Pacific University workforce members with access to electronic Protected Data. Access to sensitive materials such as this should be restricted to those individuals who have been vetted and authorized for such access and possess a need to know to perform the course of their duties. Workforce clearance procedures screen access to Protected Data and ensure that only those individuals who should possess access have access.

PUNID required to review policy.

Policy safeguards Protected Data, which may reside on, or be accessed through Pacific University workstations. Members of the Pacific University workforce are expected to adhere to this policy whenever they are using workstations to access Protected Data.

PUNID required to review policy.

This policy establishes the required guidelines for the use of HIPAA/FERPA protected healthcare conferencing and video services (e.g. Healthcare Zoom) by workforce members to discuss Protected Data.  Permitted uses are: case conferences, preceptor consultations, HIPAA/FERPA protected conferencing and video services, student performance measures, care coordination, student advising sessions, and administrative meetings.

PUNID required to review policy.

Updated August 2022.

This policy is designed to recognize that many students use first names other than their legal names to identify themselves. This policy makes official University use of preferred names for students in certain instances, while maintaining the official, legal name when required. Congruent with Pacific University’s commitment to creating a welcoming and inclusive campus environment, this policy aims to support the transgender and gender-neutral student populations, as well as students who prefer to be known by nicknames.

PUN ID required to view policy.

The purpose of this policy is to provide guidelines for use of printing credits for the Pharos stations located on Pacific University’s Forest Grove, Hillsboro, Eugene, and Woodburn campuses. This policy applies to all Pacific University students and employees.

University Information Services (UIS) deploys and maintains printing and copy stations to numerous locations at Pacific University campus locations where there are high concentrations of students. This system is primarily for student use. Employees should utilize printing resources provided by their departments or use the Service Center for larger quantities of copies but may use the Pharos printing system for small quantities when away from their departmental resources.  All employee Pharos printing charges will be billed to the employee’s department. Currently enrolled Pacific University students receive an annual printing credit, currently set at $60.00, for use of the Pharos printing system. The credit does not apply to sponsored student accounts or students who are not currently enrolled in classes.

PUN ID required to review policy.

Pacific University Healthcare Clinic workforce members are committed to quality, honesty and integrity in our handling of billing and coding activities within the healthcare clinics.  We are committed to operate within the laws, rules, regulations, and policies set by the federal and state governments, insurance programs and Medicare/Medicaid carriers, fiscal intermediaries, and others.

All clinical billing and coding will be done in compliance with all applicable state and federal laws and regulations.  Pacific University follows the standards set forth by the Office of Inspector General (OIG) to identify areas of billing and coding at risk for non-compliance.  Pacific University workforce members will ensure their billing and coding is compliant with these standards.

Policy last updated in April 2024.
PUNID required to view policy.