Copyright © 2018 NonDisclosureAgreement.com. All Rights Reserved.
Page 1 of 3
HIPAA EMPLOYEE CONFIDENTIALITY AGREEMENT
THIS AGREEMENT entered into this ___ day of __________________, 20___, by and between
__________________, known as the “Healthcare Facility”, and __________________, known
as the “Employee”, and known collectively as the “Parties”, set forth the terms and conditions
under which information created or received by or on behalf of this Healthcare Facility (known
collectively referred to as protected health information, or “PHI”) may be used or disclosed
under State law and the Health Insurance Portability and Accountability Act of 1996 and
updated through HIPAA Omnibus Rule of 2013 and will also uphold regulations enacted there
under (hereafter “HIPAA”).
THEREFORE, in consideration of the premises and the covenants and agreements contained
herein, the Parties hereto, intending to be legally bound hereby, covenant and agree as follows:
1. Confidential Information. The Parties acknowledge that meaningful employment may or will
necessitate disclosure of Confidential Information by this Healthcare Facility to the Employee
and use of Confidential Information by the Employee. The term “Confidential Information
includes, but is not limited to, PHI, any information about patients or other employees, any
computer log-on codes or passwords, any patient records or billing information, any patient lists,
any financial information about this Healthcare Facility or its patients that is not public, any
intellectual property rights of Practice, any proprietary information of Practice and any
information that concerns this Healthcare Facility’s contractual relationships, relates to this
Healthcare Facility’s competitive advantages, or is otherwise designated as confidential by this
Healthcare Facility.
2. Disclosure. Disclosure and use of Confidential Information includes oral communications as
well as display or distribution of tangible physical documentation, in whole or in part, from any
source or in any format (e.g., paper, digital, electronic, internet, social networks, magnetic or
optical media, film, etc.). The Parties have entered into this Agreement to induce use and
disclosure of Confidential Information and are relying on the covenants contained herein in
making any such use or disclosure. This Healthcare Facility, not the Employee, is the records
owner under state law and the Employee has no right or ownership interest in any Confidential
Information.
3. Applicable Law. Confidential Information will not be used or disclosed by the Employee in
violation of applicable law, including but not limited to HIPAA Federal and State records owner
statute; this Agreement; the Practice’s Notice of Privacy Practices, as amended; or other
limitations as put in place by Practice from time to time. The intent of this Agreement is to
ensure that the Employee will use and access only the minimum amount of Confidential
Information necessary to perform the Employee’s duties and will not disclose Confidential
Information outside this Healthcare Facility unless expressly authorized in writing to do so by
this Healthcare Facility. All Confidential Information received (or which may be received in the
future) by Employee will be held and treated by him or her as confidential and will not be
disclosed in any manner whatsoever, in whole or in part, except as authorized by this
Healthcare Facility and will not be used other than in connection with the employment
relationship.
4. Log-on Code and Password. The Employee understands that he or she will be assigned a
log-on code or password by Practice, which may be changed as this Healthcare Facility, in its
sole discretion, sees fit. The Employee will not change the log-on code or password without this
Healthcare Facility’s permission. Nor will the Employee leave Confidential Information
unattended (e.g., so that it remains visible on computer screens after the Employee’s use). The
Copyright © 2018 NonDisclosureAgreement.com. All Rights Reserved.
Page 2 of 3
Employee agrees that his or her log-on code or password is equivalent to a legally-binding
signature and will not be disclosed to or used by anyone other than the Employee. Nor will the
Employee use or even attempt to learn another person’s log-on code or password. The
Employee immediately will notify this Healthcare Facility’s HIPAA Privacy Officer upon
suspecting that his or her log-on code or password no longer is confidential. The Employee
agrees that all computer systems are the exclusive property of Practice and will not be used by
the Employee for any purpose unrelated to his or her employment. The Employee
acknowledges that he or she has no right of privacy when using this Healthcare Facility’s
computer systems and that his or her computer use periodically will be monitored by this
Healthcare Facility to ensure compliance with this Agreement and applicable law.
5. Returning Confidential Information. Immediately upon request by this Healthcare Facility,
the Employee will return all Confidential Information to this Healthcare Facility and will not retain
any copies of any Confidential Information, except as otherwise expressly permitted in writing
signed by this Healthcare Facility. All Confidential Information, including copies thereof, will
remain and be the exclusive property of this Healthcare Facility, unless otherwise required by
applicable law. The Employee specifically agrees that he or she will not, and will not allow
anyone working on their behalf or affiliated with the Employee in any way, use any or all of the
Confidential Information for any purpose other than as expressly allowed by this Agreement.
The Employee understands that violating the terms of this Agreement may, in this Healthcare
Facility’s sole discretion, result in disciplinary action including termination of employment and/or
legal action to prevent or recover damages for breach. Breach reporting is imperative.
6. Breach. The Parties agree that any breach of any of the covenants or agreements set forth
herein by the Employee will result in irreparable injury to this Healthcare Facility for which
money damages are inadequate; therefore, in the event of a breach or an anticipatory breach,
Practice will be entitled (in addition to any other rights and remedies which it may have at law or
in equity, including monetary damages) to have an injunction without bond issued enjoining and
restraining the Employee and/or any other person involved from breaching this Agreement.
7. Binding Arrangement. This Agreement shall be binding upon and endure to the benefit of all
Parties hereto and to each of their successors, assigns, officers, agents, employees,
shareholders and directors. This Agreement commences on the date set forth above and the
terms of this Agreement shall survive any termination, cancellation, expiration or other
conclusion of this Agreement unless the Parties otherwise expressly agree in writing.
8. Governing Law. The Parties agree that the interpretation, legal effect and enforcement of
this Agreement shall be governed by the laws in the State of _______________and by
execution hereof, each party agrees to the jurisdiction of the courts of the State. The Parties
agree that any suit arising out of or in relation to this Agreement shall be brought in the county
where this Healthcare Facility’s principal place of business is located.
9. Severability. If any provision under this Agreement shall be held invalid or unenforceable for
any reason, the remaining provisions and statements shall continue to be valid and enforceable.
IN WITNESS WHEREOF, and intending to be legally bound, the Parties hereto have executed
this Agreement on the date first above written, when signing below and after training on HIPAA
Law with full understanding this agreement shall stand.
Copyright © 2018 NonDisclosureAgreement.com. All Rights Reserved.
Page 3 of 3
EMPLOYEE DOCUMENTATION OF HIPAA PRIVACY TRAINING
The Health Insurance Portability Act of 1996 (HIPAA) requires our privacy officer to train
employees on our health information privacy policies and procedures to the HIPAA Omnibus
Standards of 2013 which also includes HI-TECH and Protected Health Information (PHI),
Electronic Protected Health Information (ePHI), and Electronic Health Records (EHR). All
employees with treatment, payment or healthcare operations responsibilities, which allow
access to protected health information, are trained with updates periodically as State and
Federal mandates require. HIPAA also requires that we keep this documentation (that the
training was completed) for six years after the training.
I, the undersigned, do hereby certify that I have received, read, understood and agree to abide
by this Healthcare Facilities HIPAA Policies and Operating Procedures.
Employee’s Signature ___________________________ Date _______________
Print Name ___________________________