Acknowledgement of Sparrow Health System CONFIDENTIALITY AND SECURITY OBLIGATIONS AND/OR CONDITIONS
As an Associate, physician, healthcare provider, contractor, or temporary employee or volunteer of a Sparrow Health System entity, you may have access to confidential information including patient, financial or business information obtained through your association with Sparrow Health System. The purpose of this Acknowledgement is to help you understand your personal obligation regarding confidential information.
Confidential information includes any information about a person's past, present, or future physical or mental health; the health care services provided to the individual or payment information related to such services, that identifies the individual or provides enough information that there is a reasonable basis to believe the information could be used to identify the individual.
Confidential information is valuable and sensitive and is protected by law and by strict Sparrow Health System policies. State law and the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), require protection of confidential health information. Inappropriate disclosure of confidential health information regarding patients may result in the imposition of fines on Sparrow Health System of up to $250,000 and ten years imprisonment per incident.
Accordingly, by signing this Acknowledgement and, having as a condition of and in consideration of my access to confidential information whether in oral, paper, electronic, or any other form, I acknowledge the following obligations and conditions of employment:
1. I am only allowed to access confidential information for which I have a legitimate need to know as part of my job responsibilities at Sparrow Health System and am only allowed to access information systems for which I am an authorized user. I am prohibited from removing any confidential information from Sparrow premises in any media including paper, magnetic disk, compact disk, video, recording, etc. without the express written permission of an authorized officer of Sparrow Health System. In addition, if I have remote access to Sparrow Health System information systems, I will not download or transfer any confidential files or data to my home personal computer.
2. I am prohibited from using or connecting to the personal computer assigned to me by Sparrow Health System, any equipment, modem, other hardware, or software without the prior written approval of Sparrow Health System -Information Services.
3. I am prohibited from discussing confidential information in any location at Sparrow Health System where it is likely that the conversation can be overheard by people who do not have a legitimate need to know the confidential information in order to perform their job responsibilities at Sparrow. I am required to return all recorded confidential information to its authorized, secure location in Sparrow Health System when I am done with it. I am prohibited from in any way from divulging, copying, releasing, selling, loaning, reviewing, altering or destroying any confidential information unless expressly permitted by existing policy or as properly approved in writing by an authorized officer of Sparrow Health System within the scope of my association with Sparrow Health System.
4. I am prohibited from utilizing another person's password in order to gain access to any information system. I am prohibited from revealing my computer access code to anyone else unless a confirmed request for access to my password has been made by Information Services and I am able to confirm the legitimacy of the request and the requestors. I am required to change my password immediately after it is disclosed to anyone. I am personally responsible for all activities occurring under my password.
5. If I observe or have knowledge of unauthorized access or divulgence of confidential information I am obligated to report it immediately to my supervisor or to Sparrow Information Security.
6. I am prohibited from seeking personal benefit or permitting others to benefit personally by any confidential information that I may have access to.
7. I acknowledge and recognize that I am prohibited from operating any software on the personal computer assigned to me by Sparrow Health System, other than those programs provided to me by Information Services, without the prior written approval of my supervisor.
8. I acknowledge that all information, regardless of the media on which it is stored (paper, computer, videos, recorders, etc.), the system which processes it (computers, voice mail, telephone systems, faxes, etc.), or the methods by which it is moved (electronic mail, face to face conversation, facsimiles, etc.) is the property of Sparrow Health System and shall not be used inappropriately or for personal gain. I also acknowledge that all electronic communication shall be monitored and subject to internal and external audit.
9. I acknowledge that my failure to fulfill the obligation or conditions in this Acknowledgement may result in disciplinary action, which might include, but is not limited to, termination of employment or, loss of my privileges within Sparrow Health System or other legal action.
By my signature below, I acknowledge that Sparrow Health System has an active on-going program to review records and transactions for inappropriate access and I acknowledge that inappropriate access or disclosure of confidential information contrary to or inconsistent with the conditions described in this acknowledgement can result in penalties up to and including termination of my employment and/or legal action against me.