HIPAA (Employee) Non-Disclosure Agreement (NDA)
The HIPAA (employee) non-disclosure agreement (NDA) is intended for employees of healthcare professionals. The Health Insurance Portability and Accountability Act (HIPAA) (Public Law 104-191), sets forth regulations for medical personnel, hospitals, insurance companies and other healthcare providers who transmit health information in electronic form. “Health information” refers to patient medical records, billing, and financial records or any individually identifiable health information. Employers that are regulated by HIPAA should have employees execute a HIPAA NDA to guarantee the employee is aware of restrictions on patient data and to establish documentation of the employer’s diligence.
Sample
HIPAA (EMPLOYEE) NON-DISCLOSURE AGREEMENT
This HIPAA (employee) non-disclosure agreement (the “Agreement”) is made between _________________ (“Provider”) and _________________ (“Employee”) and is effective _________________. The Agreement is intended to prevent the unauthorized disclosure of Confidential Information (as defined below) by Employee. The parties agree as follows:
1. Personal Health Information
During the course of employment, Employee may have access to personal health information (‘PHI”) relating to clients or patients of Provider. PHI may consist of medical records, billing, and financial records or any individually identifiable health information. PHI is protected by the Health Insurance Portability and Accountability Act (“HIPAA”). HIPAA permits access to PHI on a “need to know” basis. Therefore, unless authorization has been granted, any intentional accessing of PHI, or circumvention of PHI security protocols, is prohibited.
“Confidential Information” consists of PHI as well as proprietary information relating to Provider’s business, including but not limited to: medical and financial records, revenues, identification and account numbers and names, PINs, and passwords, or other information conveyed in writing or in a discussion that is indicated to be confidential.
Without Provider’s prior written consent, Employee will not: (a) disclose Confidential Information to any third party, whether electronically, orally, or in writing; (b) make or permit to be made copies or other reproductions of Confidential Information; (c) make any use of Confidential Information; or (d) use or disclose Confidential Information in violation of applicable law, including but not limited to HIPAA.
4. Return of Confidential Materials
Upon Provider’s request, Employee shall immediately return all original materials provided by Provider and any copies, notes or other documents in Employee’s possession pertaining to Confidential Information.
The non-disclosure terms of this Agreement shall survive any termination, cancellation, expiration or other conclusion of employment (or this Agreement) unless the parties otherwise expressly agree in writing or Provider sends Employee written notice releasing it from this Agreement.
6. Notice of Immunity from Liability
An individual shall not be held criminally or civilly liable under any federal or state trade secret law for the disclosure of a trade secret that is made (i) in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney; and (ii) solely for the purpose of reporting or investigating a suspected violation of law; or is made in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal. An individual who files a lawsuit for retaliation by an employer for reporting a suspected violation of law may disclose the trade secret to the attorney of the individual and use the trade secret information in the court proceeding, if the individual (i) files any document containing the trade secret under seal; and (ii) does not disclose the trade secret, except pursuant to court order.
(a) Relationships. Nothing contained in this Agreement shall be deemed to constitute either party a partner, joint venturer or employee of the other party for any purpose.
(b) Severability. If a court finds any provision of this Agreement invalid or unenforceable, the remainder of this Agreement shall be interpreted so as to best to effect the intent of the parties.
(c) Integration. This Agreement expresses the complete understanding of the parties with respect to the subject matter and supersedes all prior proposals, agreements, representations, and understandings. This Agreement may not be amended except in a writing signed by both parties.
(d) Waiver. The failure to exercise any right provided in this Agreement shall not be a waiver of prior or subsequent rights.
(e) Injunctive Relief. Any misappropriation of Confidential Information in violation of this Agreement may cause Provider irreparable harm, the amount of which may be difficult to ascertain, and therefore Employee agrees that Provider shall have the right to apply to a court of competent jurisdiction for an order enjoining any such further misappropriation and for such other relief as Provider deems appropriate. This right of Provider is to be in addition to the remedies otherwise available to Provider.
(f) Attorney Fees and Expenses. In a dispute arising out of or related to this Agreement, the prevailing party shall have the right to collect from the other party its reasonable attorney fees and costs and necessary expenditures.
(g) Governing Law. This Agreement shall be governed in accordance with the laws of the State of _________________.
(h) Jurisdiction. The parties consent to the exclusive jurisdiction and venue of the federal and state courts located in _________________ in any action arising out of or relating to this Agreement. The parties waive any other venue to which either party might be entitled by domicile or otherwise.
Provider:
_____________________________________________ (Signature)
_____________________ (Typed or Printed Name)
Title: _____________________
Date: _____________________Employee:
_____________________________________________ (Signature)
_____________________ (Typed or Printed Name)
Title: _____________________
Date: _____________________
How to Write
Below we provide an explanation for each of the provisions in the HIPAA (employee) Non-Disclosure Agreement.
Introductory Paragraph
Fill in the name or company name of the Provider. That’s the party revealing confidential information. Fill in the name of the individual employee that will receive or have access to the financial information (the Employee). Finally, fill in the date the agreement will take effect. This is often the date that the last party signs the agreement.
1. Personal Health Information (PHI)
This clause identifies and limits employee’s access to PHI.
This section defines what is protected against disclosure.
This clause makes clear that your confidential information (including PHI) must be kept in confidence by the Employee and may not be revealed to others without your prior written consent.
The Employee promises to immediately return the confidential materials that you provided.
This clause provides the Employee’s obligation will continue after employment has ended.
6. Notice of Immunity from Liability
Including this provision enables an employer to qualify for double damages and attorney fees under the Federal Defend Trade Secrets Act.
These miscellaneous provisions (sometimes referred to as “boilerplate”) are usually grouped together at the end of an agreement.
(a) Relationships. Most agreements include a provision like this one, disclaiming any relationship other than that defined in the agreement.
(b) Severability. The severability clause provides that if you wind up in a lawsuit over the agreement and a court rules that one part of the agreement is invalid, that part can be cut out and the rest of the agreement will remain valid.
(c) Integration. The integration provision verifies that the version you are signing is the final version and that neither of you can rely on statements made in the past.
(d) Waiver. This provision states that even if you don’t promptly complain about a violation of the NDA, you still have the right to complain about it later.
(e) Injunctive Relief. An injunction is a court order directing a person to do (or stop doing) something. If an employee violated your NDA, you would want a court order directing that person to stop using your secrets.
(f) Attorney Fees and Expenses. If you don’t include an attorney fees clause in your agreement, a judge may (in most states) order the award of attorney fees in cases where the theft of the trade secret was willful and malicious. It’s up to the judge, which makes things unpredictable.
(g) Governing Law. You can choose any state’s laws to govern the agreement, though the most logical state for this provision is the state where you (Provider) are located.
(h) Jurisdiction. The purpose of adding a jurisdiction provision to an NDA is to get each party to consent in advance to jurisdiction in one county or state and to give up the right to sue or be sued anywhere else. As with the previous provision, the most likely choice is the county and state in which you (Provider) are located.
Signing the agreement. Someone with the necessary authority must sign the agreement on behalf of each party. Each party should sign two copies and keep one. This way, both parties have an original signed agreement.