UAMS physicians, faculty, employees, students, contract personnel, vendors, volunteers, and official visitors.

UAMS prohibits the unlawful or unauthorized access, use or disclosure of confidential and proprietary information obtained during the course of employment or other relationship with UAMS. As a condition of employment, continued employment or relationship with UAMS, UAMS workforce shall be required to sign the UAMS Confidentiality Agreement approved by the UAMS Office of General Counsel. UAMS will provide training for each of its workforce members on the importance of maintaining confidentiality and the specific requirements of state and federal law, including the HIPAA Privacy Regulations and laws protecting the privacy of students and employees.

For purposes of this policy, "Confidential Information" includes information concerning UAMS research projects, confidential employee information, information concerning the UAMS research programs, proprietary information of UAMS, and sign-on and password codes for access to UAMS computer systems. "Confidential Information" shall include "Protected Health Information" which is any information about a UAMS patient, including demographic information, that relates to the past, present or future health of the patient, the health services provided to the patient, or payment for health services, and which reasonably can be used to identify that patient. Protected Health Information (PHI) includes the following examples of information about a patient, each of which, standing alone, constitutes PHI subject to this Policy: name, address, telephone or fax numbers, email address, date of birth, social security number, name of employer, admission or discharge dates, medical record number, medical diagnosis or health condition, health beneficiary, license number, or photographs.

This policy applies to information maintained or transmitted in any form, including verbally, in writing, or in any electronic form.

PROCEDURES:

UAMS limits and restricts access to Confidential Information and computer systems containing Confidential Information based upon the specific duties and functions of the individual seeking or requiring access. UAMS will restrict access to Confidential Information to the minimum necessary to perform his/her job functions or duties. UAMS will further limit and control access to its computer systems with the use of sign-on and password codes issued by the IT Security Office to the individual user authorized to have such access. Authorization to access, use or disclose Protected Health Information also is governed by the UAMS Use and Disclosure Policy.

UAMS will control and monitor access to Confidential Information through management oversight, identification and authentication procedures, and internal audits. UAMS managers and heads of departments will have the responsibility of educating their respective staff members about this Policy and the restrictions on the access, use and disclosure of Confidential Information, and will monitor compliance with this Policy.

3. Sales Representatives and Service Technicians: Must register in the appropriate area (Refer to UAMS Vendor Policy), sign and complete the Confidentiality Agreement prior to any exposure to UAMS confidential information.

4. Media: All contacts from the media regarding any Confidential Information must be referred to the UAMS Office of Communications and Marketing.

5. Violation of Confidentiality Policy:

Individuals shall not access, use, or disclose Confidential Information in violation of the law or contrary to UAMS policies. Each individual allowed by UAMS to have access to Confidential Information must maintain and protect against the unauthorized access, use or disclosure of Confidential Information. Any access use or disclosure of Confidential Information in any form – verbal, written, or electronic – which is inconsistent with or in violation of this Policy may result in disciplinary action, including but not limited to, immediate termination of employment, dismissal from an academic program, loss of privileges, or termination of relationship with UAMS.

All UAMS employees and others subject to this Policy must report any known or suspected incidents to access, use or disclose Confidential Information in violation of this Policy or in violation of the law.

I, the undersigned, acknowledge that I received a copy of and read the UAMS Confidentiality Policy.

As a condition of my employment, continued employment or relations with UAMS, I agree to abide by the requirements of the UAMS Confidentiality Policy and with federal and state laws governing confidentiality of a patient’s Protected Health Information, and I agree to the terms of this Confidentiality Agreement.

I understand and agree that if I access, use or disclose Confidential Information in any form – verbal, written, or electronic – in a manner that is inconsistent with or in violation of the Confidentiality Policy, UAMS may impose disciplinary action, including but not limited to, immediate termination of employment, dismissal from an academic program, loss of privileges, or termination of relationship with UAMS.

I understand that when I receive a sign-on code to access the UAMS Network and Systems, I have agreed to the following terms and conditions:

• The sign-on and password codes assigned to me are equivalent to my signature, and I will not share the passwords with anyone.
• I will be responsible for any use or misuse of my network or application system sign-on codes.
• I will not attempt to access information on the UAMS Network and Systems except to meet needs specific to my job or position at UAMS.

I acknowledge that I have read the terms of this Confidentiality Agreement, and that I have received a copy.

Date: ______________________ College:_________________________________

(Please return completed form to IS Security Administrator, Slot 802) UAMS