Practice Management Alert

Sample Document, Part II:

Use This Confidentiality Agreement To Reduce HIPAA Hot Spots

Staff must know what is expected of them before handling patient info

Medical practices interested in warding off potential violations of Health Insurance Portability and Accountability Act (HIPAA) should inform staff on what constitutes a confidentiality violation. For more protection, the practice might consider getting each employee to sign a confidentiality agreement.

In last month's issue of Medical Office Billing & Collections Alert, we presented the first half of a sample confidentiality agreement, courtesy of Kelley Meeusen of Harrison Hospital in Bremerton, Wash. (See the January issue for the document.)

Read on for Part II of the confidentiality agreement (which begins with item 3 below). Pair this with Part I  and use it as a template for your practice's confidentiality agreement:

*****

3.  I understand that my obligations under this Agreement will continue after termination of my employment or affiliation. I understand that my privileges to access and use confidential information hereunder are subject to periodic review, revision and if appropriate, renewal.

4.  I understand that I have no right or ownership interest in any confidential information referred to in this Agreement.

5.  My user name/password is equivalent to my LEGAL SIGNATURE and I will not disclose this information to anyone or allow anyone to access the system using my user name/password.

6.  I am responsible and accountable for all entries made and all retrievals accessed with my user name/password, even if such action was made by another due to my intentional or negligent act or omission. Any data available to me will be treated as confidential information.

7.  I will not attempt to learn or use another employee's user name/password.

8.  I will not access any computer system using a user name/password other than my own.

9.  If I have reason to believe that the confidentiality of my user name/password has been compromised, I will immediately change my password and notify the Information Systems Help Desk.

10.  I will not leave a secured computer application unattended while signed on.

11.  I will comply with all policies and procedures and other rules of [Organization] relating to confidentiality of information and user name/passwords.

12.  I understand that my use of the system will be periodically monitored to ensure compliance with this agreement. Signature: _____________________________    
Date: _______________________________
You’ve reached your limit of free articles. Already a subscriber? Log in.
Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:
  • Simple explanations of current healthcare regulations and payer programs
  • Real-world reporting scenarios solved by our expert coders
  • Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
  • Instant access to every article ever published in Revenue Cycle Insider
  • 6 annual AAPC-approved CEUs
  • The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more