For a better experience, click the Compatibility Mode icon above to turn off Compatibility Mode, which is only for viewing older websites.

Current Update

Compliance & Privacy: What You Need to Know

December 2, 2014

The merger with the College of Medicine prompted President John Fry to elevate the University's compliance and privacy functions to the cabinet level under a Corporate Compliance and Privacy Office. The office provides auditing, monitoring and educational services to the University and a centralized process for reporting compliance violations through the confidential hotline (Reporting Allegations Hotline: 1.866.358.1010). This appointment is to ensure that University staff and faculty are operating within the law and with best ethical practices while also protecting sensitive personal information and proprietary data.

The policies are described below and posted on the Corporate Compliance and Privacy Office website. To help University personnel understand how the office functions and how policies are enforced, some hypothetical compliance situations are presented below. The situations are meant to be used for guidance only and are not actual situations. If you have any questions about the policies or the examples given, please call the Corporate Compliance and Privacy Office at 215.255.7819.

All policies are revised and effective July 1, 2014.

  • CPO-1 (formerly, OGC-5) - Code of Conduct
    This policy has been revised and updated predominantly to confirm that University faculty, professional staff members, students, volunteers and contractors who witness, or hear about, incidents of child abuse must report such information to the appropriate state child abuse registry (ChildLine in Pennsylvania, and the other identified numbers for New Jersey and California, where Drexel has a physical presence, depending on where the child abuse is witnessed or reasonably suspected to have occurred).
  • CPO-1.01 (formerly, DUCOM OGC 5.01) - Business Relationship with Industry
    This policy relates to the CoM faculty, professional staff members and students. The policy addresses gifts and meals from vendors.
  • CPO-2 (formerly, OGC-1) - Conflict of Interest and Commitment
    This policy has been updated to reflect that it is a Corporate Compliance and Privacy Office policy and to add information relating to the new Acceptance of Personal Gifts policy.
  • CPO-3 (formerly, OGC-11) - Identity Theft
    This policy has been updated to delete references to the CoM as a separate entity and to reflect that, as of July 1, it is a Corporate Compliance and Privacy Office policy.
  • CPO-4 (formerly, OGC-7- Whistleblower Policy) - Reporting Allegations
    This policy, formerly called the Whistleblower Policy at Drexel, has been re-named “Reporting Allegations.” In substance, the biggest change to the policy is that it provides detailed information for faculty, professional staff, students, volunteers and independent contractors to discharge their duties as mandated reporters, as required under new laws in Pennsylvania, and existing laws in New Jersey and California, for reporting child abuse.
  • CPO-4.01 (formerly, DUCOM OGC 7.01) - Federal and State False Claims Statutes
    This policy applies to the CoM (as it has before July 1, 2014), and has not been otherwise changed except to underscore that claims made in bad faith or intentionally making false statements under the policy may subject the reporter to termination.
  • CPO-5 - The Acceptance of Personal Gifts Policy
    This policy presents guidance on how University faculty and professional staff address the offers of gifts or items of value from current or prospective vendors and initiates a Waiver Review Process to enable questions of policy applicability to be answered in a timely fashion by a committee.

Let's Look at Some Hypothetical Situations

The following hypothetical situations are for illustrative purposes only and do not necessarily reflect what would happen in an actual case with different facts and circumstances. These examples are designed to assist in understanding the policies.

1. Code of Conduct (CPO-1)

A member of management finds that key regulatory paperwork is missing. Rather than obtain the paperwork properly, this individual decides to forge the name of a vendor to make it look as if the vendor has performed the federally required audit. When the manager submits the paperwork to a federal agency, the agency recognizes that the signature is false, and contacts the vendor to verify the the signature.

  • Possible or Likely response:
    Internal Audit investigates and confirms suspicion of fraud.
  • Likely outcome:
    Termination of employment for person who forged the signature.
2. Code of Conduct (CPO-1)

A professional staff member waits until the absence of his immediate supervisor to submit expense account receipts very close to the deadline for the submission cycle. The expenses seem appropriate and next level management approves the transactions for payment. The supervisor returns to work and while reviewing the budget notes higher than usual expenses and notifies senior management, who engages Internal Audit.

  • Possible or Likely response:
    Internal Audit reviews expenses and purchase orders and determines the submitter created false receipts for thousands of dollars in purchases that were actually personal purchases of items for personal, non-business use by the professional staff member.
  • Likely outcome:
    Professional staff member is terminated and formal reports of theft filed with enforcement authorities to ensure restitution of funds to the University.
3. Business Relationships with Industry (CPO-1.01)

A professional staff member files a report stating that a graduation dinner hosted by a department, in the College of Medicine has been paid for by a vendor.

  • Possible or Likely response:
    The chief compliance and privacy officer interviews faculty and management of the involved CoM department and gathers documents related to the event including an event program with a “Thank you” to the vendor sponsor on the back cover.
  • Likely action:
    The chief compliance and privacy officer presents facts to the CoM dean, who requests the $2,000 sponsorship be returned to the vendor.
4. Reporting Allegations Policy (CPO-4) and Identity Theft Policy (CPO-3)

The Reporting Allegations hotline receives a call from someone stating he had been improperly provided a W-2 form for income earned at Drexel University and that he is facing a state income tax investigation for failure to pay. Caller is in a state licensed field for his work and could face license suspension for tax problems. Caller reports never having been employed by Drexel.

  • Possible or Likely response:
    The chief compliance and privacy officer requests that Internal Audit review facts and determine cause. Internal Audit determines that a cousin of the caller with the same last name and very similar first name is an adjunct faculty member, did earn income and was not sent a W-2.
  • Likely outcome:
    Arrangements made to notify state tax authority and correct W-2 issued to proper individual.
5. Acceptance of Personal Gifts Policy (CPO-5)

A member of management is invited to attend a Philadelphia Flyers game by a current University vendor. The luxury box event will be attended by other businesses from the Philadelphia area and “networking” is the goal. The invited member of management and supervisor discuss the Acceptance of Personal Gifts Policy and decide the $160 ticket falls in a Drexel-sponsored event exception.

  • Possible or Likely response:
    The supervisor notifies the chief compliance and privacy officer a week after the game that they are having second thoughts about the ticket fitting into a “Drexel-sponsored event” exception.
  • Likely outcome:
    The chief compliance and privacy officer would review with the waiver process committee provided for in the policy and a majority of the three members agreeing the exception was not met would require a refund of the $160 ticket value.

We never guess. We Ask!

Confidential Hotline 1.866.358.1010 - Compliance Hotline Website

Drexel University Corporate Compliance and Privacy Office - 215.255.7819