HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. It is the intention of Cardiology Medical Group to ensure the confidentiality and integrity of protected health information of both patients and employees, as required by HIPAA, professional ethics, accreditation standards, licensure requirements, and any other legal requirements. Employees, students, and volunteers are expected to follow Cardiology Medical Group’s policies, guidelines, and standards for workforce performance expectations, which are mandated by HIPAA. Violation of these rules and standards will constitute grounds for disciplinary action up to and including termination, professional discipline, and criminal prosecution.
Employees are required to comply with all relevant standards, including the following:
•An employee must not review employee or patient protected health information for any purpose other than treatment, payment, or health care operations, and only with a legitimate need to know such information.
•An employee, student, or volunteer must not disclose to others employee or patient protected health information for any purpose other than treatment, payment, or health care operations, and only with the others having a legitimate need to know such information.
•An employee, student, or volunteer must not discuss a patient’s protected health information in a public area or outside of the Cardiology Medical Group’s premises.
•An employee, student, or volunteer must secure protected health information to avoid inadvertent disclosure.
•An employee, student, or volunteer must not intentionally access or disclose protected health information in a manner inconsistent with office policies and procedures, for personal gain, curiosity, concern, or any other reason not permitted by HIPAA.
•An employee/student/volunteer must report to his or her supervisor their knowledge of any breach in HIPAAA confidentiality standards.
Cardiology Medical Group will not take disciplinary action against any employee, student, or volunteer who makes an internal complaint, participates in an investigation, or makes a disclosure to a federal or state oversight agency or public health authority authorized by law to oversee the relevant conduct of Cardiology Medical Group or to an appropriate health care accreditation organization, when the employee is acting in good faith on the belief that the Cardiology Medical Group has engaged in conduct that is unlawful or otherwise violates professional or clinical standards.
I, _____________________________________ acknowledge my understanding of my duties, as set forth herein. I further understand that these duties apply during work hours and during off duty time. I further understand that these duties and standards apply even after the termination of my employment with Cardiology Medical Group. I understand that my failure to comply with these standards during my employment may result in disciplinary action, civil liability, and/or criminal prosecution. I understand that my failure to comply with these standards after my employment ends may result in civil liability and/or criminal prosecution.
__________________________________ __________________________
Employee/Student/Volunteer Signature Date
__________________________________ __________________________
Witness Date