Security and Confidentiality Agreement
As a team member/student/visitor of Christie Clinic, I agree to the following:
- I understand that I am responsible for complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) policies and procedures.
- I will treat all information received in the course of my employment with Christie Clinic, which relates to the patients, as confidential and privileged.
- I will not access patient information without professional "need to know."
- I will not discuss or disclose information regarding Christie Clinic patients to any person or entity, other than as necessary to perform my job, and as permitted under the HIPAA policies and procedures.
- I will not discuss patients or their illnesses in public places where conversation may be overheard.
- I will not invite or permit unauthorized persons into patient care areas of the Clinic.
- I will not make copies of any records or data except as specifically authorized.
- I will not log on to any of Christie Clinic's computer systems that currently exist or may exist in the future using a password other than my own.
- I will not allow anyone, including other employees, to use my password to log on to Christie Clinic's computer systems.
- I will safeguard my computer password and will not post it in a public place, such as the computer monitor or a place where it will be easily lost, such as on my nametag.
- I will log off of any computer as soon as I have finished using it.
- I will not take patient information from the premises in paper or electronic form without first receiving permission from the Privacy Officer or designee.
- I will report to my manager or the Privacy Officer immediately any unauthorized access or divulgence of confidential records or data, either by myself or someone else.
- Upon cessation of my employment with Christie Clinic, I agree to continue to maintain the confidentiality of any information I learned while an employee and agree to turn over any keys, access cards, or any other device that would provide access to Christie Clinic or its information.
I understand that protected health information (PHI) or data is defined as any information that is identifiable to an individual and is transmitted or maintained in any form or medium, including oral, paper, or electronic, by an employer or a health care provider, health plan, or health care clearinghouse.
I have read this agreement and will demonstrate my understanding and willingness to abide by the policies and procedures. I understand that violation of this agreement may result in disciplinary actions, and/or including termination of employment. I also understand that intentional violation could lead to civil litigation including attorneys' fees, costs, and money damages.