Hca Confidentiality And Security Agreement Template printable pdf download

Confidentiality and Security Agreement

Note: this form to be used for HCA employees and HCA workforce members.

I understand that the HCA affiliated facility or business entity (the “Company”) for which I work, volunteer or provide services

manages health information as part of its mission to treat patients. Further, I understand that the Company has a legal and ethical

responsibility to safeguard the privacy of all patients and to protect the confidentiality of their patients’ health information.

Additionally, the Company must assure the confidentiality of its human resources, payroll, fiscal, research, internal reporting, strategic

planning information, or any information that contains Social Security numbers, health insurance claim numbers, passwords, PINs,

encryption keys, credit card or other financial account numbers (collectively, with patient identifiable health information,

“Confidential Information”).

In the course of my employment/assignment at the Company, I understand that I may come into the possession of this type of

Confidential Information. I will access and use this information only when it is necessary to perform my job related duties in

accordance with the Company’s Privacy and Security Policies, which are available on the Company intranet (on the Security Page)

and the Internet (under Ethics & Compliance). I further understand that I must sign and comply with this Agreement in order to obtain

authorization for access to Confidential Information or Company systems.

General Rules

I will act in the best interest of the Company and in accordance with its Code of Conduct at all times during my

relationship with the Company.

I understand that I should have no expectation of privacy when using Company information systems. The Company

may log, access, review, and otherwise utilize information stored on or passing through its systems, including email, in

order to manage systems and enforce security.

I understand that violation of this Agreement may result in disciplinary action, up to and including termination of

employment, suspension, and loss of privileges, and/or termination of authorization to work within the Company, in

accordance with the Company’s policies.

Protecting Confidential Information

I will not disclose or discuss any Confidential Information with others, including friends or family, who do not have a

need to know it. I will not take media or documents containing Confidential Information home with me unless

specifically authorized to do so as part of my job.

I will not publish or disclose any Confidential Information to others using personal email, or to any Internet sites, or

through Internet blogs or sites such as Facebook or Twitter. I will only use such communication methods when

explicitly authorized to do so in support of Company business and within the permitted uses of Confidential Information

as governed by regulations such as HIPAA.

I will not in any way divulge, copy, release, sell, loan, alter, or destroy any Confidential Information except as properly

authorized. I will only reuse or destroy media in accordance with Company Information Security Standards and

Company record retention policy.

In the course of treating patients, I may need to orally communicate health information to or about patients. While I

understand that my first priority is treating patients, I will take reasonable safeguards to protect conversations from

unauthorized listeners. Such safeguards include, but are not limited to: lowering my voice or using private rooms or

areas where available.

I will not make any unauthorized transmissions, inquiries, modifications, or purgings of Confidential Information.

I will not transmit Confidential Information outside the Company network unless I am specifically authorized to do so

as part of my job responsibilities. If I do transmit Confidential Information outside of the Company using email or

other electronic communication methods, I will ensure that the Information is encrypted according to Company

Information Security Standards.

Following Appropriate Access

10. I will only access or use systems or devices I am officially authorized to access, and will not demonstrate the operation

or function of systems or devices to unauthorized individuals.

11. I will only access software systems to review patient records or Company information when I have a business need to

know, as well as any necessary consent. By accessing a patient’s record or Company information, I am affirmatively

representing to the Company at the time of each access that I have the requisite business need to know and appropriate

consent, and the Company may rely on that representation in granting such access to me.

Using Portable Devices and Removable Media

12. I will not copy or store Confidential Information on removable media or portable devices such as laptops, personal

digital assistants (PDAs), cell phones, CDs, thumb drives, external hard drives, etc., unless specifically required to do so

by my job. If I do copy or store Confidential Information on removable media, I will encrypt the information while it is

on the media according to Company Information Security Standards

6/2011

Hca Confidentiality And Security Agreement Template

Related Articles

Related forms

Related Categories