Confidentiality Agreement (Please Read and Sign)
It is the policy of the UNC Health Care System and its affiliates (individually and collectively called “UNCHCS” herein) that users (i.e., employees, medical staff, students, volunteers, vendors, outside affiliates, and any others who are permitted access) shall respect and preserve the privacy, confidentiality and security of confidential information (“CI”). In the course of providing services for or at UNCHCS, I may encounter these types of CI: (1) patient information (such as medical records, billing records, and conversations about patients), (2) personnel information (payroll, discipline or other information about employees, volunteers, students, contractors, or medical staff), (3) confidential business information of UNCHCS, its affiliates, and/or third parties, including third-party software and other licensed products or processes, or (4) operations, quality improvement, peer review, education, billing, reimbursement, administration, or research (such as utilization reports, survey results, and related presentations). This information from any source and in any form, including, but not limited to, paper record, oral communication, audio recording, and electronic display, is strictly confidential. I understand and agree that I will only access, maintain, use or disclose CI on a legitimate job-related, need-to-know basis, and that I will limit my access, maintenance, use or disclosure of CI to the minimum amount of CI necessary to accomplish the intended purpose of the use, disclosure or request.
I further agree that:
- I will protect the privacy, confidentiality and security of UNCHCS patient information, including electronic medical records (“EMR”), in accordance with federal and state regulations and applicable policies and procedures.
- I will complete all required privacy and security training for accessing EMR or other CI.
- I will not maintain CI on a mobile device (laptop, smartphone, tablet, etc.) that is not encrypted and will not electronically transmit CI in an unsecured manner or to an unencrypted mobile device.
- I will not disclose to another person my sign-on code and/or password, and will not use another person’s, for accessing EMR or other CI. I will not leave a secured application unattended while I am signed on.
- I will not attempt to access a secured application or restricted area without proper authorization or for purposes other than official UNCHCS business.
- I will not alter or destroy CI unless alteration or destruction is part of my job or services for UNCHCS, in which case I will only alter or destroy CI in accordance with applicable policies and procedures.
- I will immediately report to my supervisor any known or suspected (a) use of my password by someone other than me, or (b) inappropriate access, use or disclosure of CI.
- I will safeguard from loss, theft, or unauthorized use/access UNCHCS owned equipment/property on which CI is stored or through which CI may be accessed.
- I will not store or transmit CI via my personal equipment/property unless permitted by and in accordance with applicable policy or procedure.
- I will not post or discuss CI of any type to social media sites unless pre-approved by UNCHCS.
- I will not take photographs, make videos, or make other recordings of patients, staff, or visitors except in accordance with applicable UNCHCS policies and procedures.
- I understand that my access to CI and my UNCHCS email account may be audited.
- I will not access or obtain my own, a friend’s, or a family member’s patient information maintained by UNCHCS without appropriate written authorization and under applicable policies and procedures.
EXAMPLES OF BREACHES OF CONFIDENTIALITY
These examples are only a few examples of mishandling of confidential information. If you have any questions about the handling, use or disclosure of confidential information, please contact your supervisor, manager, or director.
Accessing confidential information that is not within the scope of your duties:
- Unauthorized access or reading of patient medical or account information.
- Unauthorized access of personnel file information.
- Accessing information for which you do not have a legitimate job-related “need-to- know” purpose for the proper execution of your duties.
Disclosing to another person your sign-on code and password for accessing electronic confidential information or for physical access to restricted areas:
- Telling a co-worker your password so that he or she can log in to your work or access your work area.
- Telling an unauthorized person the access codes for personnel files, patient accounts, or restricted areas.
- Posting passwords and sign-on codes in a location where they may be viewed by others.
Intentional or negligent mishandling or destruction of confidential information:
- Leaving confidential information in areas outside of your work area, such as the cafeteria or your home.
- Disposing of confidential information in a non- approved container, such as a trash can.
- Failure to promptly report the loss or theft of UNC Health Care System owned equipment/property assigned to you or the misuse of this equipment/property.
- Failure to report the loss or theft of personally owned equipment containing UNC Health Care System confidential information
Attempting to access a secured application or restricted area without proper authorization or for purposes other than official UNC Health Care System business:
- Trying passwords and login codes to gain access to an unauthorized area of the computer system or restricted area.
- Using a co-worker’s application for which you do not have access after he or she is logged in.
Misusing, disclosing without proper authorization, or altering confidential information:
- Making unauthorized entries into or marks on a patient’s chart or electronic medical record.
- Making unauthorized changes to a personnel file.
- Sharing or reproducing information in a patient chart or a personnel file with unauthorized personnel.
- Discussing confidential information in a public area such as a waiting room or elevator.
Using another person’s sign-on code and/or password for accessing electronic confidential information or for physical access to restricted areas:
- Using a co-worker’s password to log in to the Health.
- Care System computer system or access their work area.
- Unauthorized use of a login code for access to personnel files, patient accounts, or restricted areas.
Leaving a secured application unattended while signed on:
- Being away from your desk while you are logged into an application.
- Allowing a co-worker to use your secured application for which he or she does not have access after you have logged in.
- Taking or allowing photographs to be taken of patients or patient PHI without obtaining the required authorization.
- Posting photos or confidential information on social media or public access point.