In the dawning days of the internet, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) to protect the confidentiality of medical records and health information sent electronically. HIPAA confidentiality agreements, also called nondisclosure agreements, restrict employees of health care plans and providers from disclosing certain types of information.
What Is HIPAA?
Congress enacted HIPAA in 1996 to improve data privacy and security provisions for safeguarding medical information transmitted electronically. The law required the U.S. Department of Health and Human Services to develop regulations protecting the privacy and security of certain health information.
The regulations include what is called the HIPAA Privacy Rule, protecting patients' health information. They also include the HIPAA Security Rule, establishing national security standards requiring health care providers to protect any of that health information that is held or transferred in electronic form.
Read More: HIPAA Release of Information Laws
Who Is Covered by HIPAA's Privacy/Security Rules?
The Privacy/Security Rules apply to health care businesses, including health plans, health care clearinghouses and health care providers that transmit health information in electronic form. Institutional providers of health or medical services, like hospitals, are covered, including government insurers like Medicare, Medicaid, California's Medi-Cal and military and veterans’ health programs.
Noninstitutional providers may also be covered, including people or businesses that are in the business of offering, billing for or paying for health care. That means that anyone who submits claims electronically are "covered entities," including doctors, dentists, psychologists, clinics, pharmacies and nursing homes.
What Is a HIPAA Employee Confidentiality Agreement?
The HIPAA Privacy Rule puts the onus on covered entities to be sure that their employees don't violate the law. In order for them to protect individuals’ health records and other identifiable health information, employers regulated by HIPAA require that their employees execute HIPAA confidentiality agreements or nondisclosure agreements.
A written and signed agreement guarantees that an employee is aware of the legal restrictions on the use and transmission of a patient's medical data. It is one of the steps an employer can take to show its diligence in attempting to follow the dictates of the HIPAA privacy rule.
Confidentiality Versus Nondisclosure Agreement
While confidentiality agreements and nondisclosure agreements may sound like very different documents, they are essentially the same in the context of enforcing HIPAA Privacy Rules. In other contexts, however, the subtle differences might be significant.
For example, a nondisclosure agreement is more frequently used for unilateral restrictions. A confidentiality agreement is said to offer greater protection of information. But since, in the HIPAA context, the basis of the agreement is to fulfill the requirements of the same law, the title given the agreement is not likely to affect its restrictions.
How to Get a HIPAA Confidentiality Agreement?
Most entities or individuals covered by the HIPAA Privacy Rule require employees to sign HIPAA confidentiality agreements or nondisclosure agreements. However, few of them actually sit down and write the HIPAA confidentiality agreements themselves. So how do they get appropriate HIPAA agreements for their employees to sign?
An attorney specializing in labor law would likely be able to provide an employer with an appropriate confidentiality agreement that meets HIPAA standards. However, going to the expense might not be necessary. An employer that needs HIPAA confidentiality agreement forms or a HIPAA nondisclosure template, can readily find a selection available on the internet.
Most forms and templates online are free, and some even have instructions as to how they should be filled in. It is always wise, however, to have an attorney review the document before using it to make sure it meets a business' needs. The HIPAA Privacy Rule is updated and amended from time to time, which may alter the required language of an employee agreement.
- HHS.gov: HIPAA for Professionals
- U.S. Department of Health and Human Services: Health Insurance Portability Act of 1996
- HHS.gov: Summary of the HIPAA Security Rule
- State of Georgia: HIPAA and Confidentiality
- Pennsylvania State: Confidentiality
- Non-Disclosure Agreement: HIPAA (Employee) Non-Disclosure Agreement (NDA)
- Every NDA: Defeat the Confusion: Confidentiality v. Non-Disclosure
Teo Spengler earned a JD from U.C. Berkeley Law School. As an Assistant Attorney General in Juneau, she practiced before the Alaska Supreme Court and the U.S. Supreme Court before opening a plaintiff's personal injury practice in San Francisco. She holds both an MA and an MFA in English/writing and enjoys writing legal blogs and articles. Her work has appeared in numerous online publications including USA Today, Legal Zoom, eHow Business, Livestrong, SF Gate, Go Banking Rates, Arizona Central, Houston Chronicle, Navy Federal Credit Union, Pearson, Quicken.com, TurboTax.com, and numerous attorney websites. Spengler splits her time between the French Basque Country and Northern California.