Practice Management Alert

Sample Document, Part 1:

Confidentiality Agreement Stops Leaks

Staff must know what's considered 'sensitive info'

Did you know that logging in to the office computer system with a co-worker's information could be a violation of the Health Insurance Portability and Accountability Act (HIPAA)? Yes, something as innocent as a biller logging in with a fellow staffer's password could land the office in hot water.

Medical practices should not wait for a HIPAA violation to occur; start educating staff on confidentiality violations the first day of work. Further, get each employee to sign a confidentiality agreement. An ideal confidentiality agreement both defines sensitive data and makes staff promise to protect that data's integrity.

Use the first part of this sample agreement, created by Kelley Meeusen of Harrison Hospital in Bremerton, Wash., as a starting point when working on a contract that works for your office. Look for the second half of the confidentiality agreement in the next issue of Medical Office Billing & Collections Alert. ************ Access and Confidentiality Agreement As an employee or contract personnel at [Organization], you may have access to confidential information. The purpose of this agreement is to help you understand your duty and responsibilities regarding confidential information. The violation of any of the following duties will subject you to discipline, which may include, but is not limited to, termination of employment or [Organization] affiliation and to legal liability. You make the following agreement with [Organization]:

1. I will use confidential information only as needed to perform my legitimate duties as an [Organization] associate.


This means:

a. I will access only confidential information for which I have a need to know.

b. I will not in any way divulge, copy, release, sell, loan, review, alter or destroy any confidential information except as properly authorized within the scope of my approved activities.

c. I will not misuse or be careless with confidential information. 2. I will report any improper action taken by another [Organization] associate that may compromise the integrity of confidential information.
You’ve reached your limit of free articles. Already a subscriber? Log in.
Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:
  • Simple explanations of current healthcare regulations and payer programs
  • Real-world reporting scenarios solved by our expert coders
  • Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
  • Instant access to every article ever published in Revenue Cycle Insider
  • 6 annual AAPC-approved CEUs
  • The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more