HIPAA Employee Confidentiality Agreement

••• Hospital Files image by PinkSony from Fotolia.com

Related Articles

Under HIPAA, individuals in organizations who have access to health information must sign confidentiality agreements.

"HIPAA" stands for the Health Insurance Portability and Accountability Act of 1996. Every employer, clinic, hospital and employee is required to ensure the confidentiality of a patient's health information. Individuals in organizations who have access to health information must sign confidentiality agreements.


Confidentiality agreements under HIPAA are very strict. Any disclosure of an individual’s information, no matter how it was attained or revealed, is taken seriously. Negligence and carelessness are not excuses. Employees are not to disclose any personal information, even after they no longer work for the organization. Also, unauthorized disclosure must be immediately reported to protect the individual whose records have been breached.


Employees who release any information about an individual or the past actions of any other employee or individual in the organization may be subject to disciplinary action due to the confidentiality agreements that they must sign. This disciplinary action could include reprimand, suspension or termination.


Information about an employee’s health, family, address, friends, patients, clients, co-workers or any other personal information cannot be accessed or disclosed under any circumstances. Other information that is protected includes the employee’s employment records, including benefits, pay and disciplinary actions. Similar client information is also protected under HIPAA.


Patient privacy is the primary purpose of the confidentiality agreement. No information can be shared without the patient’s knowledge and release. Prior to the institution of HIPAA, there was no patient privacy protection framework, and information could be shared for personal gain. Violating privacy is now punishable, and HIPPA’s privacy policy is enforced by the Office of Civil Rights.


Personal information should only be accessed if it is necessary to complete the duties of the position. An employee, client or individual with a relationship to the company must disclose any information to the company that could affect the relationship. Only information that affects the duties of either party is shared. Any information on a computer must be protected and accessed through passwords. Access to any information must be secured against unlawful disclosure.



About the Author

Rebekah Smith is a writer and editor from Montana and the owner of several businesses. Smith has consulted and worked with businesses in the fields of commercial greenhouses, ecommerce, technology and home improvement. She holds a Master of Business Administration and is working on a Ph.D. in business.

Photo Credits