Common use of CONFIDENTIALITY AND SECURITY OF INFORMATION Clause in Contracts

CONFIDENTIALITY AND SECURITY OF INFORMATION. The safeguarding of proprietary and protected health information (PHI) is a vital part of UMHS’s commitment to serve patients, employees and the community. Therefore, access privilege for non- employees to information systems and to the electronic medical record is granted only if a clear and justifiably valid business or clinical need exists and only for a renewable term of one year, unless otherwise terminated by UMHS. • I may have access to proprietary or confidential information about patients (“sensitive information”). This information must be treated by me in a confidential and secure fashion. • I will access only the PHI of those UMHS patients with whom there exists a current treatment relationship or who have scheduled an appointment for treatment. • I will not access, release, or share sensitive information – even demographic screens with addresses and phone numbers – unless doing so is a necessary part of my assigned duties. • I will not reveal any of my passwords or share access with others. • If I use a portable electronic device (e.g., laptop), I will ensure that it meets HIPAA security standards and acknowledge that I am responsible for maintaining the security of such information in accordance with HIPAA. If I am unsure whether the device is compliant, I will consult with my supervisor/employer before using such device. • I have completed and understand the HIPAA training required for my position by my organization/employer. • I will cooperate with any investigation of possible noncompliance and will not withhold relevant information. • I understand that unauthorized access, use, or disclosure of PHI may violate federal or state laws, and may result in criminal and civil penalties against me personally or against my employer. Signature: User / Site Affiliation Name: As the Authorized User Site Administrator, I understand the following summarizes my responsibilities under this Agreement in support of my User and Workforce use of the UMHS EHI. • Reviewing all User Site Administrator training materials related to Workforce support, system functions and Provider Portal navigation • Submitting account requests for all Workforce members utilizing Provider Portal system tools as described in training materials • Ensuring the information contained in the account request is correct and complies with all UMHS policies and request standards • Ensuring the Workforce are the same person(s) that the account request claims • Reminding all users to secure their log in information • Reminding all users to complete their training • Communicating Workforce requirement to secure patient signed authorization for access to Restricted Department records • Answering first line Workforce questions regarding the Provider Portal use, navigation and policies • Resetting Workforce passwords • Completing User Site Validation requests • Deactivating Workforce in a timely manner once they depart the organization and communicating same to UMHS Signature: User / Site Affiliation: User / Site Affiliation Address: User / Site Affiliation Email Address: Telephone Number (day): Telephone Number (cell): Specify the type of INDIVIDUAL user for the Site Administrator: (pick one)  Provider with In Basket – Requires NPI and License Number. All communications will be sent via Provider Portal InBasket message. If the provider works at multiple sites this option should be used.  Provider with Fax – Requires NPI and License Number. Results and Discharge Summaries will be sent via fax. All other communications will still be delivered via Provider Portal InBasket.  Clinical Access – Use for any Non-Provider staff members that need access to patient information.  Non-Clinical Access– Use only For Site Admins that do not need access to patient information..