Page 1 of 2
CONFIDENTIALITY AGREEMENT
FOR VOLUNTEERS, STUDENTS,
OBSERVERS, OUTSIDE
CONTRACTORS AND OTHER NON-
EMPLOYEES
Welcome to Cabell Huntington Hospital, Inc. (“the Hospital”). While at the Hospital or at any facilities
owned or operated by the Hospital, you may have access to protected health information (“PHI”) for
treatment, payment or healthcare operation purposes as those terms are defined by the Health Insurance
Portability and Accountability Act of 1996 (“HIPAA”) as well as confidential and proprietary information
about the Hospital and its business transactions and relationships. This information is confidential, and it
shall not be disclosed to anybody inside or outside of the Hospital except to those people who are
authorized by law or hospital policy to receive such information. See, for example, Administrative Policy II-
5 “Release of Protected Health Information.” You may not discuss this information with family or friends
even if the information is about them. Patients expect the Hospital to keep their medical information
confidential and you are expected to respect their rights and abide by applicable laws and hospital policies.
By signing this Confidentiality Agreement, I hereby agree to the following terms and conditions:
1. I shall keep confidential all PHI, regardless of whether it is oral, written or maintained in electronic
media, and I shall use or disclose such PHI only as permitted by HIPAA or other applicable
federal, state or local laws, rules or regulations. I shall also keep confidential all confidential and
proprietary information about the Hospital and its business transactions and relationships.
2. I understand that my access to PHI at the Hospital shall be monitored and subject to random
audits, and I shall be held responsible for all attempts at access using my password regardless of
who is actually attempting such access. Therefore, I shall safeguard my password at all times and
not share it with any other individuals for any purpose or reason. Likewise, I shall not use another
person’s password to access PHI. I also shall log off of any Hospital system that contains or
provides access to PHI as soon as I am finished using such system, in order to prevent
unauthorized access. I shall not photograph, print or otherwise copy PHI, including copying PHI to
electronic storage media, unless specifically authorized to do so by my supervisor or preceptor or
pursuant to my agreement with the Hospital.
3. I understand that I may have access to PHI beyond what I need to carry out my specific duties and
responsibilities. I acknowledge that the fact that I may have access to such PHI does not
authorize me to access such PHI in the absence of a legitimate reason to do so. Therefore, I shall
limit access to PHI to what is specifically necessary to carry out my specific duties and
responsibilities as a student, volunteer, observer, outside contractor or other non-employee.
4. I understand that access to PHI of Hospital employees, friends and family members is subject to
the same use and disclosure requirements as access to any other patient’s PHI. Therefore, I
shall not access PHI of Hospital employees, friends or family members beyond what is specifically
necessary to carry out my duties and responsibilities.
5. I understand that posting PHI or other confidential or proprietary information from the Hospital on
social media is never permitted and that removal of patient names is not sufficient to satisfy HIPAA
requirements for use and disclosure of PHI.
6. I shall report any of the following to the Hospital’s Privacy Officer immediately at (304) 399-2997 or
a. If my password is used by another person for access to PHI.
Page 2 of 2
b. If I become aware of any unauthorized use or disclosure of PHI.
c. If I ever find that I have accessed PHI in error.
d. If I am advised by a patient or family member of unauthorized use or disclosure of PHI.
7. I understand that information about Hospital employees contained in their personnel and
employee health files is also confidential and should be handled as set forth in Administrative
Policy V-23 “Confidentiality of Personnel Records” and Administrative Policy V-24 “Confidentiality
of Employee Health Records.”
8. I also understand that information, such as proprietary information about the Hospital’s operations,
incident reports, materials designated as “Peer Review” by the Medical and Dental Staff,
information concerning lawsuits in which the Hospital is involved, and other similar information
shall be treated as confidential and not disclosed to others, such as in a paper or presentation for
a class assignment, without the prior permission of my supervisor or preceptor or pursuant to my
agreement with the Hospital.
9. I understand that failure to comply with applicable laws and hospital policies and procedures on
confidentiality may result in (i) loss of access; (ii) where applicable, termination of my status at the
Hospital and/or any agreement the Hospital may have with me and (iii) where applicable, such
actions that may be taken by the Office for Civil Rights, U.S. Department of Health and Human
Services, in response to a complaint about a violation of HIPAA.
10.. I understand that my duties and responsibilities to maintain the confidentiality of information as
described in this Confidentiality Agreement shall remain in effect even after leaving the Hospital.
11. I have received the Non-Employee information packet, and I have read and understood the
information contained in the packet.
I have read and understand the information set forth above concerning confidentiality,
and I agree to comply with this Confidentiality Agreement as well as all applicable laws and
hospital policies and procedures on confidentiality and privacy.
Print Name: _______________________________________________________
Signature: _________________________________________Date:___________
Signature of Parent or Guardian if under age 18: ________________________
Revised: 07/25/16 (CH)
