UAMS ADMINISTRATIVE GUIDE

NUMBER: 3.1.15
DATE:
03/05/2002
REVISION:
 08/15/2005

SECTION: ADMINISTRATION
AREA: GENERAL ADMINISTRATION
SUBJECT: CONFIDENTIALITY POLICY

SCOPE

UAMS physicians, faculty, employees, students, contract personnel, vendors, volunteers, and official visitors.

DEFINITIONS

Confidential Information includes information concerning UAMS research projects, confidential employee information, information concerning the UAMS research programs, proprietary information of UAMS, and sign-on and password codes for access to UAMS computer systems.   Confidential information shall include Protected Health Information.

Protected Health Information (PHI) means information that is part of an individual’s health information that identifies the individual or there is a reasonable basis to believe the information could be used to identify the individual, including demographic information, and that (i) relates to the past, present or future physical or mental health or condition of the individual; (ii) relates to the provision of health care services to the individual; or (iii) relates to the past, present, or future payment for the provision of health care services to an individual.  This includes PHI which is recorded or transmitted in any form or medium (verbally, or in writing, or electronically). PHI excludes health information maintained in educational records covered by the federal Family Educational Rights Privacy Act and health information about UAMS employees maintained by UAMS in its role as an employer.

To access any other terms or definitions referenced in this policy: http://hipaa.uams.edu/DEFINITIONS%20-%20HIPAA.pdf

POLICY

UAMS prohibits the unlawful or unauthorized access, use or disclosure of confidential and proprietary information obtained during the course of employment or other relationship with UAMS.   As a condition of employment, continued employment or relationship with UAMS, UAMS workforce shall be required to sign the UAMS Confidentiality Agreement approved by the UAMS Office of General Counsel.   UAMS will provide training for each of its workforce members on the importance of maintaining confidentiality and the specific requirements of state and federal law, including the HIPAA Privacy Regulations and laws protecting the privacy of students and employees.

This policy applies to information maintained or transmitted in any form, including verbally, in writing, or in any electronic form.

PROCEDURES:

1.                  Confidentiality Agreement: As a condition of employment, continued employment, or a relationship with UAMS, UAMS will require such individuals to sign the UAMS Confidentiality Agreement approved by the UAMS Office of General Counsel.  The Confidentiality Agreement shall include an agreement that the signing party will abide by the UAMS policies and procedures and with federal and state laws, governing the confidentiality and privacy of information.

All new employees, students, or vendors requiring access to electronic Confidential Information (computer systems) must have a current Confidentiality Agreement on file in the IT Security Office.  The UAMS IT Security Office will maintain signed Confidentiality Agreements and furnish a copy to the individual signing the agreement.  It is the responsibility of the manager hiring individual vendors or consultants or receiving sales representatives or service technicians (who do not require electronic access but who may have access to Confidential Information) to require execution of the appropriate confidentiality agreements approved by the UAMS Office of General Counsel and to send those documents to the UAMS IT Security Office.

2.                  Restriction on Access, Use and Disclosure of Confidential Information: UAMS limits and restricts access to Confidential Information and computer systems containing Confidential Information based upon the specific duties and functions of the individual seeking or requiring access.  UAMS will restrict access to Confidential Information to the minimum necessary to perform individual job functions or duties.  UAMS will further limit and control access to its computer systems with the use of sign-on and password codes issued by the IT Security Office to the individual user authorized to have such access.  

Authorization to access, use or disclose Protected Health Information also is governed by the UAMS Use and Disclosure Policy. UAMS will control and monitor access to Confidential Information through management oversight, identification and authentication procedures, and internal audits.  UAMS managers and heads of departments will have the responsibility of educating their respective staff members about this Policy and the restrictions on the access, use and disclosure of Confidential Information, and will monitor compliance with this Policy. 

3.         Sales Representatives and Service TechniciansMust register in the appropriate area (Refer to UAMS Guidelines for Vendors and Sales Representatives Policy), sign and complete the Confidentiality Agreement prior to any exposure to UAMS Confidential Information.

4.         MediaAll contacts from the media regarding any Confidential Information must be referred to the UAMS Office of Communications and Marketing (501-686-8998 or pager 501-395-5989)

5.         Violation of Confidentiality Policy:  Individuals shall not access, use, or disclose Confidential Information in violation of the law or contrary to UAMS policies.  Each individual allowed by UAMS to have access to Confidential Information must maintain and protect against the unauthorized access, use or disclosure of Confidential Information.  Any access, use or disclosure of Confidential Information in any form – verbal, written, or electronic – which is inconsistent with or in violation of this Policy may result in disciplinary action, including but not limited to, immediate termination of employment, dismissal from an academic program, loss of privileges, or termination of relationship with UAMS.

All UAMS employees and others subject to this Policy must report any known or suspected incidents of access, use or disclosure of Confidential Information in violation of this Policy or in violation of the law.

 

CONFIDENTIALITY AGREEMENT

As a condition of my employment, continued employment or relationship with UAMS, I agree to abide by the requirements of the UAMS Confidentiality Policy and with federal and state laws governing confidentiality of a patient’s Protected Health Information, and I agree to the terms of this Confidentiality Agreement.

            I understand and agree that if I access, use or disclose Confidential Information in any form – verbal, written, or electronic – in a manner that is inconsistent with or in violation of the Confidentiality Policy, UAMS may impose disciplinary action, including but not limited to, immediate termination of employment, dismissal from an academic program, loss of privileges, or termination of relationship with UAMS.

I understand that when I receive a sign-on code to access the UAMS Network and Systems, I have agreed to the following terms and conditions:

      I acknowledge that I have read the terms of this Confidentiality Agreement, and that I have received a copy.

                                                                                     SS#                                                    

            (Signature)

 

Print Full Name:                                                                                                                     

 

Date:  ______________________     Department:                                                                

******************************************************************************

Witness at UAMS Orientation only, otherwise not required:                                                   

 

Supervisor/Manager’s Signature:                                                       Date:                         

 

 (If Vendor, then Department Head Signature required)

 

Department Head Signature:                                                               Date:                         

 

 (Please return completed form to UAMS IT Security Office, #802)

 


 

 

FOR NON-UAMS EMPLOYEES, VENDORS & CONSULTANTS ONLY

Please provide the following additional information:

1.       UAMS Sponsor Name/Title:                                                                                                                     

Department:                                                                                                                                                

2.       What type of access is needed:                                 On-Site                   Remote

Describe:                                                                                                                                                       

3.       Please describe why the access is needed: