Oregon Medical Association Use Agreement – Please Read
This template form is part of Oregon Medical Association's HIPAA Security Rule resources, Copyright December 2009.This template form should be viewed as a tool to aid in the establishing of systems and procedures that will enhance medical privacy and information security. It is meant to be adapted to the nature of the individual practice. It does not constitute nor should be viewed as legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem.
OMA has produced this template form in electronic format as a membership benefit for your convenience. The cost of preparing this template form is borne by the Oregon Medical Association. If you provide it to others without charge you are violating copyright law and you are "stealing.”
THIRD PARTY NON-DISCLOSURE AND
CONFIDENTIALITY AGREEMENT
BETWEEN: ______("Physician")
AND: ______("Third Party")
DATED: ______
BACKGROUND
The Third Party will have access to Physician retained protected health information (PHI) for the purpose of [indicate purpose of exchange such as access to patient information as an affiliate physician, access as a temporary, access as another health care professional assisting Physician, as a workforce member of a business associate, etc.]. Third Party will use and disclose PHI to assist Physician or on behalf of Physician as part of the working relationship involving Physician and Third Party. In addition, Physician may disclose to Third Party other confidential and/or proprietary information (collectively, including PHI, “the Confidential Data”). Physician requires reasonable assurances that Confidential Data will not be compromised, inappropriately disclosed or used for purposes prohibited by Physician or by law. In order to protect the Confidential Data, Third Party voluntarily enters into and agrees to the terms of this Confidentiality and Non-disclosure Agreement ("Agreement"):
AGREEMENT
1 . Confidentiality. In consideration of Physician policies, procedures, practices, legal requirements and mandates (as it relates to other confidential and/or proprietary data), Third Party shall maintain the confidentiality of Confidential Data, shall not disclose Confidential Data to any third party (other than a third party identified in writing to the other party and which assumes the obligations under this Agreement in a signed writing prior to disclosure of which Physician is informed prior to any disclosure), shall use such data only for the purpose of assisting Physician or Physician’s patients and shall return Confidential Data at the time the relationship between Physician and Third Party is terminated.
2. PHI Sharing. This Agreement is not a business associate contract under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). It is recognized, though, that the Confidential Data shared may include PHI and may be shared between Physician and Third Party for the purpose of treatment, payment, healthcare operations or when specifically authorized by the patient or by law. It is further understood that PHI sharing will be in accordance with properly executed business associate contracts between the parties and the respective entities where such a contractual relationship exists and/or as permissible pursuant to the HIPAA Privacy Rule (45 CFR 164.500 to 45 CFR 164.534) and the HIPAA Security Rule (45 CFR 164.302 to 45 CFR 164.318), and other applicable federal and state law.
3. Minimum Use/Return of Data. Confidential Data will be used and disclosed by Third Party only to the extent necessary to meet the stipulated intent of such Confidential Data use and disclosure as identified in the Background section of this Agreement. Any use and disclosure of PHI shall meet the minimum necessary requirements of the HIPAA Privacy Rule unless related to patient treatment. In the event the relationship between Physician and Third party is terminated for any reason, Confidential Data shall be returned to Physician or confidentially destroyed within ten (10) business days.
4. Sanctions/Legal Recourse. In the event of any threatened or actual use or disclosure of Confidential Data in violation of the terms of this Agreement, the HIPAA Privacy Rule, the HPAA Security Rule or other federal or state law, Third Party fully understands Physician may seek an injunction against any further use or disclosure and, if appropriate, seek damages plus legal fees in a state or federal court sitting in [city], Oregon associated with inappropriate use and disclosure. Also, Physician may report any inappropriate use or disclosure by Third Party to the US Department of Health and Human Services, Office for Civil Rights (OCR), law enforcement and the Oregon Office of Attorney General. In the event of inappropriate use and/or disclosure in violation of the HIPAA Privacy Rule, Oregon privacy laws and/or Physician policies and procedures, Physician shall be entitled to an award of reasonable attorneys’ fees, at trial and on appeal in addition to an award covering present and future damages to Physician and Physician-associated entities.
5. Criminal Prosecution. Third Party understands that any inappropriate use and disclosure of PHI that is intentional on the part of Third Party is a criminal violation of the HIPAA Administrative Simplification Provisions and, if such occurs, Third Party may be subject to criminal fines and a prison sentence.
6. Governing Law. This Agreement shall be governed by the laws of the State of Oregon and appropriate federal laws, without regard to its choice of law principles.
DATED as of the day first set forth above:
PHYSICIAN THIRD PARTY
By: ______By:______
Title: ______Title:______
Date: ______Date: ______
December 2009 © Oregon Medical Association Page 2