<p>TITLE: HIPAA SANCTIONS POLICY POLICY OWNERS: Mike Strohm, Sr. VP and Chief Operations Officer Sara Kircher, VP of Human Resources DATE INSTITUTED: April 14, 2005 CURRENT VERSION: Ver. 3.2 REVISION DATE: 01/23/14 COBIT 4.1 REFERENCE: N/A</p><p>OBJECTIVE: The objective of the HIPAA Sanctions Policy, (the, “Policy”), is to apply appropriate sanctions and disciplinary actions against staff members who fail to comply with HIPAA security policies and procedures.</p><p>SCOPE: This Policy applies to all Waddell & Reed Financial, Inc. and a certain number of its subsidiaries, (collectively, the “Company”), employees, contractors, interns, and temporary workers who administer or have access to the Company’s Group Health plan.</p><p>POLICY STATEMENT: Employees, contractors, interns, and temporary workers who violate the HIPAA Security Policy or procedures will be disciplined to a degree appropriate for the severity of the violation(s). These sanctions include; but are not limited to, retraining, verbal and written warnings, immediate dismissal from employment or other sanctions as prescribed in the Human Resources Progressive Counseling Procedures, located on the HR Website (http://hr.waddell.com/f534kd/index_policies.html).</p><p>1. Employees who knowingly and willfully violate state or federal law for improper use or disclosure of an individual’s information are subject to criminal investigation, prosecution or civil monetary penalties. 2. All disciplinary actions taken will be maintained in the employment records of the employee. 3. All security incidents or violations will be investigated. The Company will attempt to mitigate the negative effects arising from an incident in a timely manner. 4. Employees, contractors, interns, and temporary workers who report incidents will not be retaliated against.</p><p>ROLES AND RESPONSIBILITIES: HIPAA Sanctions Officer1 is responsible for:  Assessing disciplinary sanctions against employees who violate HIPAA related policies and procedures.  Ensuring that appropriate documentation is created and maintained for seven (7) years with regards to HIPAA related investigations and sanctions. </p><p>1 Chief Operating Officer of Waddell and Reed, Inc.</p>