What is a HIPAA Employee Confidentiality Agreement: Definition of “Confidential Information”
When drafting a HIPAA employee confidentiality agreement, an employer should be specific as to what constitutes “confidential information.”
For example, an employer may describe, as confidential, “PHI that may be included in documentation, communication or correspondence in any form, i.e. paper, magnetic or optical media, conversations, film, etc.”
The HIPAA employee confidentiality agreement may also contain a provision specifically defining PHI:
“PHI includes medical records, financial information, or billing information relating to a patient’s past, present or future mental or physical condition; or past, present or future provision of healthcare; or past, present, or future payment for provision of healthcare, and contains any of the following identifiers that may be used to identify a patient in relation to PHI:
- Patient names.
- Geographical elements (such as a street address, city, county, or zip code).
- Dates related to the health or identity of individuals (including birthdates, date of admission, date of discharge, date of death, or exact age of a patient older than 89).
- Telephone numbers.
- Fax numbers.