Practice Management Alert

Sample Document, Part 1:

Confidentiality Agreement Stops Leaks

Staff must know what's considered 'sensitive info'

Did you know that logging in to the office computer system with a co-worker's information could be a violation of the Health Insurance Portability and Accountability Act (HIPAA)? Yes, something as innocent as a biller logging in with a fellow staffer's password could land the office in hot water.

Medical practices should not wait for a HIPAA violation to occur; start educating staff on confidentiality violations the first day of work. Further, get each employee to sign a confidentiality agreement. An ideal confidentiality agreement both defines sensitive data and makes staff promise to protect that data's integrity.

Use the first part of this sample agreement, created by Kelley Meeusen of Harrison Hospital in Bremerton, Wash., as a starting point when working on a contract that works for your office. Look for the second half of the confidentiality agreement in the next issue of Medical Office Billing & Collections Alert.

************

Access and Confidentiality Agreement

As an employee or contract personnel at [Organization], you may have access to confidential information. The purpose of this agreement is to help you understand your duty and responsibilities regarding confidential information.

The violation of any of the following duties will subject you to discipline, which may include, but is not limited to, termination of employment or [Organization] affiliation and to legal liability. You make the following agreement with [Organization]:

1. I will use confidential information only as needed to perform my legitimate duties as an [Organization] associate.


This means:

a. I will access only confidential information for which I have a need to know.

b. I will not in any way divulge, copy, release, sell, loan, review, alter or destroy any confidential information except as properly authorized within the scope of my approved activities.

c. I will not misuse or be careless with confidential information.

2. I will report any improper action taken by another [Organization] associate that may compromise the integrity of confidential information.