HIPAA Confidentiality Agreement

This Agreement is entered by and between Consultant and iMerit, Inc. ("Company") and sets forth the terms and conditions regarding Consultant receiving PHI from Company.

Purpose: The purpose of this Agreement is to ensure compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations, which govern the use, disclosure, and protection of Protected Health Information ("PHI").

B1. Definitions

i. Protected Health Information (PHI): Any information, whether oral or recorded in any form or medium, that relates to an individual’s past, present, or future physical or mental health condition, the provision of health care to the individual, or the past, present, or future payment for health care services, and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.

B2. Confidentiality Obligations

The obligations imposed on individuals to ensure that PHI is not improperly used or disclosed.

B3. Consultant Responsibilities

i. The Consultant agrees to:

Use PHI only as necessary to perform job-related duties.
Protect the confidentiality, integrity, and security of PHI at all times.
Access only the minimum necessary PHI required to complete job responsibilities.
Avoid discussing PHI in public areas or with unauthorized individuals.
Immediately report any suspected or actual breach of PHI to [Designated HIPAA Officer].

ii. The Consultant shall not:

Disclose PHI to unauthorized individuals or entities.
Remove PHI from the workplace without proper authorization.
Access, use, or disclose PHI for personal purposes or any non-work-related reasons.

B4. Company Responsibilities

The Company agrees to provide:

Training on HIPAA regulations and policies.
Secure systems and protocols for handling PHI.
Support for reporting and addressing any suspected or actual breaches of PHI.

B5. Consequences of Non-Compliance

i. The Consultant understands that violations of this Agreement or HIPAA regulations may result in disciplinary action, up to and including termination of Agreement.

ii. The Consultant further understands that improper use or disclosure of PHI may result in civil and criminal penalties under federal and state law.

B6. Duration of Agreement

This Agreement shall remain in effect for the duration of the Master Services Agreement and indefinitely thereafter concerning any PHI obtained during the course of contract.

PreviousProprietary Information Agreement NextInformation Security Terms & Conditions

hashtagB1. Definitions

hashtagB2. Confidentiality Obligations

hashtagB3. Consultant Responsibilities

hashtagB4. Company Responsibilities

hashtagB5. Consequences of Non-Compliance