Copyright © 2018 NonDisclosureAgreement.com. All Rights Reserved.
HIPAA EMPLOYEE CONFIDENTIALITY AGREEMENT
THIS AGREEMENT entered into this ___ day of __________________, 20___, by and between
__________________, known as the “Healthcare Facility”, and __________________, known
as the “Employee”, and known collectively as the “Parties”, set forth the terms and conditions
under which information created or received by or on behalf of this Healthcare Facility (known
collectively referred to as protected health information, or “PHI”) may be used or disclosed
under State law and the Health Insurance Portability and Accountability Act of 1996 and
updated through HIPAA Omnibus Rule of 2013 and will also uphold regulations enacted there
under (hereafter “HIPAA”).
THEREFORE, in consideration of the premises and the covenants and agreements contained
herein, the Parties hereto, intending to be legally bound hereby, covenant and agree as follows:
1. Confidential Information. The Parties acknowledge that meaningful employment may or will
necessitate disclosure of Confidential Information by this Healthcare Facility to the Employee
and use of Confidential Information by the Employee. The term “Confidential Information”
includes, but is not limited to, PHI, any information about patients or other employees, any
computer log-on codes or passwords, any patient records or billing information, any patient lists,
any financial information about this Healthcare Facility or its patients that is not public, any
intellectual property rights of Practice, any proprietary information of Practice and any
information that concerns this Healthcare Facility’s contractual relationships, relates to this
Healthcare Facility’s competitive advantages, or is otherwise designated as confidential by this
Healthcare Facility.
2. Disclosure. Disclosure and use of Confidential Information includes oral communications as
well as display or distribution of tangible physical documentation, in whole or in part, from any
source or in any format (e.g., paper, digital, electronic, internet, social networks, magnetic or
optical media, film, etc.). The Parties have entered into this Agreement to induce use and
disclosure of Confidential Information and are relying on the covenants contained herein in
making any such use or disclosure. This Healthcare Facility, not the Employee, is the records
owner under state law and the Employee has no right or ownership interest in any Confidential
Information.
3. Applicable Law. Confidential Information will not be used or disclosed by the Employee in
violation of applicable law, including but not limited to HIPAA Federal and State records owner
statute; this Agreement; the Practice’s Notice of Privacy Practices, as amended; or other
limitations as put in place by Practice from time to time. The intent of this Agreement is to
ensure that the Employee will use and access only the minimum amount of Confidential
Information necessary to perform the Employee’s duties and will not disclose Confidential
Information outside this Healthcare Facility unless expressly authorized in writing to do so by
this Healthcare Facility. All Confidential Information received (or which may be received in the
future) by Employee will be held and treated by him or her as confidential and will not be
disclosed in any manner whatsoever, in whole or in part, except as authorized by this
Healthcare Facility and will not be used other than in connection with the employment
relationship.
4. Log-on Code and Password. The Employee understands that he or she will be assigned a
log-on code or password by Practice, which may be changed as this Healthcare Facility, in its
sole discretion, sees fit. The Employee will not change the log-on code or password without this
Healthcare Facility’s permission. Nor will the Employee leave Confidential Information
unattended (e.g., so that it remains visible on computer screens after the Employee’s use). The