The Importance of HIPAA Employee Confidentiality Agreements

HIPAA Privacy Rules require that employers train all employees on the security and usage of confidential medical and patient information as it pertains to their job.

This means it is your responsibility as an employer to make sure your employees know everything about patient privacy as it pertains to compliance. Depending on their job duties, that may mean training employees on handling data, storing data, handling requests for information, required forms and reporting, and other regulations.

What Is the HIPAA Employee Confidentiality Agreement?

The Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 requires that anyone with access to a person’s protected health information (PHI) maintains the confidentiality of personal and medical information.

The HIPAA Employee Confidentiality Agreement is not meant to restrict the flow of information required to provide the highest levels of care, but rather to limit disclosure of information to the minimum amount required to provide that care. It was also designed to prevent disclosure of confidential information without the written consent of the healthcare facility and/or patient.

Employers that are regulated under HIPAA typically require employees to sign a HIPAA Employee Confidentiality Agreement to verify that they know the rules and restrictions on patient data. It also helps to document any training and show that the employer took the necessary steps to educate employees. The HIPAA Employee Confidentiality Agreement can help protect organizations from claims that employees were not advised and trained on rules and regulations in the event of a disclosure.

HIPAA provides access to PHI on a need-to-know basis and limits its release to information needed for treatment. The Act provides that certain information may be released to other healthcare providers and researchers. In some cases, specific personally identifiable information must be removed before release.

A clear understanding by your employees is necessary in order to guarantee compliance. It is critical that organizations and employees know the rules regarding these specific items:

  • Protected Health Information
  • De-Identified Health Information
  • Limited Data Sets
  • Permitted Uses
  • Permitted Disclosures
  • Required Disclosures
  • Authorizations, Required Forms and Notices
  • Incidental Use and Disclosure
  • Public Interest and National Priority Purposes
  • Notes
  • Marketing Communications
  • Employee Access
  • Policies and Procedures
  • Documentation and Record Retention
  • Data Safeguards
  • Training and Mitigation Practices
  • Dealing with Requests and Complaints

What Is Customer Proprietary Network Information?

The Customer Proprietary Network Information (CPNI) was established by the Federal Communications Commission (FCC) to govern how data collected by telecommunication companies is controlled. While aimed at communication companies, third-parties entities used by healthcare providers are also subject to the requirements.

It covers sensitive and personal information that providers have about customers as a result of their business relationship. To protect privacy, the FCC also requires carriers and providers to file annual reports to certify compliance. For in-patient services, any information collected by a patient’s use of internet or healthcare system-controlled communication (such as phones) is also considered confidential. Numbers called, time and duration of calls, and other recorded information is protected from release without patient permission or as required by law.

In today’s connected world, how patient data is handled by mobile devices, internal and external communications, and electronic communications can lead to inadvertent disclosure if not carefully monitored and structured.

Managing Data Security

Data can be especially difficult to manage when you consider all the ways people contact you and all the people who have access to the information. By using world-class contact center capabilities, including workforce optimization, advanced business phone and collaboration services, and unified communications, you can keep data secure while providing access to the people that need the information.

When it comes to security, 8x8 provides reliable and compliant cloud solutions at a demanding level rarely seen by other cloud providers. Don't take your chances with a subpar cloud-based telecom system. Call 1-866-879-8647 or fill out our online form to request a no-obligation quote from an 8x8 Product Specialist.

  • Request a

    or call 1-866-835-2979