THIS CONFIDENTIALITY OF INFORMATION AND COMPUTER ACCESS AGREEMENT (hereinafter “agreement”) is entered into with Franklin Technology Services LLC by the business associate or business associate’s employees (such person who is executing, and any business associate entity on behalf of which the person is executing, being hereinafter referred to as the “undersigned” or "you"). You agree to comply with all policies and procedures regarding acceptable use of information system and associated systems and reports.
ACKNOWLEDGMENT AND AGREEMENT: In by accessing the affiliate area and all associated data and reports, you acknowledge and agree to the following:
(1) As an individual who has been granted access rights to any data application and reports, you have a duty to protect the confidentiality of patient information. Therefore, any patient/prescriber information that you are exposed to within the course of his/her interactions, including patient information accessed through the electronic prescription record system, shall be treated as highly confidential. Patient/prescriber information should not be accessed by or disclosed to anyone whose current professional duties do not require such access.
(2) You shall not access, use or disclose patient/prescriber information in a manner that would violate State or Federal privacy laws, including but not limited to the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules (“HIPAA”) and the federal Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”).
(3) Use of your username or password by anyone other than the undersigned is forbidden under any circumstances. You shall not disclose their username or password and will not write down or otherwise document this information so that it could be obtained or accessed by others. All access must be through such individual’s own username and password, and the you will not attempt to learn or access any information using another user’s credentials. If you learn or has reason to believe that others may know their username or password, it is the your obligation to immediately notify us. If you learn or has reason to believe that any person has made or attempted any unauthorized access to the electronic prescription record system, you must immediately report this information to us.
(4) When you access patient information through the electronic prescription record system, he/she will not allow any unauthorized person to view the patient information. When the undersigned leaves the physical vicinity of a device upon which he/she has logged onto the electronic prescription record system, the undersigned will ensure that he/she properly logs out or secures the system. The undersigned understands that they will be held accountable for all activities undertaken using their credentials if they fail to logoff or secure the computer system.
(5) You will ensure that appropriate security measures are implemented and maintained respecting any device utilized by the undersigned to access the electronic prescription record system. You agree that he/she will not cause or permit any patient information to be electronically downloaded, forwarded, saved (to CD’s, DVD’s, USB drives, portable hard drives, etc.) or otherwise stored on any such device (other than to the provider’s own electronic medical record of the patient). The undersigned will take all reasonable and practical measures to minimize the risk of unauthorized access to the electronic prescription record system through such PC, device or system. In addition, any patient information that is printed must be stored in a secure locked area when not in use and properly disposed of (shredded, not discarded in trash) when the paper copy is no longer needed.
Any breach of privacy or security that results from any act or omission may result in action against the offender. The security practices of business partners should be periodically reviewed to ensure that patient/prescriber information in their possession is adequately protected and properly disposed of when no longer needed, especially when the outsourced relationship has expired or been otherwise terminated.