HIPAA/CONFIDENTIALITY AGREEMENT (NON-EMPLOYEE)

As a non-employee who is on the premises of _________(hereafter “Practice”) you may have access to Protected Health Information (“PHI”) as well as “confidential” information. Both are valuable and sensitive information and protected by law. This Agreement will set out the terms and conditions which information created or received by or on behalf of the Practice may be used or disclosed under state law and the Health Insurance Portability and Accountability Act and updated through HIPAA Omnibus Rule of 2013 (hereafter “HIPAA”)

Confidential information includes, but is not limited to any information about employees, any computer log-on codes or passwords, physician information, any financial information, any proprietary information, or anything that is otherwise designated as confidential by the Practice.

Protected Health Information (hereafter “PHI”) includes all identifiers under C.F.R. § 164.514 and defined under HIPAA as individually identifiable health information, held or maintained by the Practice that is transmitted or maintained in any form or medium.

Disclosure and use of PHI or confidential information includes, but is not limited to, the display or distribution of tangible physical documentation, in whole or in part, from any source or in any format (e.g., oral, electronic, paper, digital, internet, social networks, posting, FAX, etc.)

As a non-employee of the Practice, I, the undersigned agree to comply with the following terms:

  1. All data available to me will be treated as confidential information.

  2. I will not access any confidential information, including personnel, billing or private information, or PHI for which I have no responsibilities or need to know

  3. I will not use or disclose any confidential or PHI information in violation of HIPAA or any other applicable law.

  4. All confidential and PHI information I receive will be held and treated as confidential and will not be disclosed in any manner whatsoever, in whole or part, except as authorized by HIPAA and state law.

  5. I will not divulge, copy, release, sell, loan, review, alter or destroy any confidential information or PHI except as properly authorized by the Practice and within the scope of my professional activities.

  6. I will immediately report suspected disclosures of PHI or confidential information to the Practice.

Upon the end of my relationship with the Practice, I understand that disclosure of confidential information or PHI is prohibited indefinitely, even after termination of my business relationship with the Practice.

Under state and federal law and regulations governing an individual’s right to privacy, I understand I may be subjected to civil fines for which I may be personally responsible and criminal sanctions for unlawful or unauthorized access to or use or disclosure of an individual’s confidential information.

I understand that if I violate any of the terms set out above, I may be subject to disciplinary actions, including loss of privileges, termination of contract, legal action for monetary damages or injunction, or both, or any other remedy available to the Practice. With my signature set out below, I have read, understand and acknowledge agreement to all of the above statements regarding my responsibility for compliance with this Agreement.