CONFIDENTIALITY AND USE AGREEMENT FOR ACCESS TO HEALTHPOINT

Phoenix Children’s Hospital (PCH) agrees to grant me access to the HealthPoint System, subject to the conditions set forth below. In exchange for PCH’s grant of access, I agree to the following provisions:
  1. I acknowledge that through HealthPoint access I may obtain confidential patient demographic, financial, clinical and business proprietary information (“Confidential Information”), and I agree to comply with all existing and future PCH policies and procedures concerning the security, confidentiality and privacy of Confidential Information.
  2. I agree not to, in any way, divulge, copy, release, sell, or loan any Confidential Information.
  3. I agree that I will not save Confidential Information to portable media devices (“thumb drives”, memory sticks, DVDs, floppies, CDs, PDAs, and other devices) or hard copies.
  4. I agree not to release my identification code (ID) and password to any other person, including any employee or person acting on my behalf. I agree not to allow anyone else to access the HealthPoint System under my ID and password. Furthermore, I agree not to use or release anyone else’s identification code and password.
  5. I agree to notify PCH’s Information Technology Services (ITS) Department at (602) 933-HELP immediately if I become aware or suspect that another person has access to my identification code and/or password. Furthermore, I understand that my staff or assistants will not be able to access this system without submitting a Confidentiality and Use Agreement with approval by the ITS Department and their own unique user identification and logon has been assigned.
  6. I agree not to allow any unauthorized person to use or access the HealthPoint System either onsite or remotely. I agree not to allow my staff, family, friends or other persons to see the Confidential Information on my computer screen while I am accessing the HealthPoint System. I further agree to fully log out of all PCH networked systems before leaving my workstation.
  7. I agree to follow all PCH policies and procedures concerning access, use and disclosure of patient health information (available upon request). I agree to access Confidential Information only for those individuals with whom I or the physician(s) for whom I work have a treatment relationship. I also agree to access only the amount of Confidential Information necessary to perform my job functions related to that treatment relationship. Any other access requires the express permission of PCH.
  8. I agree that I will never access Confidential Information for “curiosity viewing”. I understand that this includes viewing Confidential Information of children, other family members, friends, or co-workers, unless access is necessary to provide services to patients with whom I or the physician(s) for whom I work have a treatment 'relationship.
  9. I agree to maintain adequate security procedures for the computers on which I access PCH information systems, including firewalls, password management practices, and appropriate and current anti-virus software approved for use by PCH’s ITS Department. I agree that my computer will require a password for access that is a minimum of eight characters long and be a combination of alpha-numeric characters under the guidelines of generally accepted security practices.
  10. I agree to immediately report to the PCH Office of Business Integrity any use or disclosure of protected health information (PHI) received from PCH for purposes other than those permitted by this Agreement and any security incident that I become aware of that affects PHI created on behalf of or received from PCH by calling the PCH Information Technology Services (ITS) Department at (602) 933-HELP.
  11. I understand that the hours of support by PCH’s ITS Department for remote access will be between the hours of 8:00 a.m. and 5:00 p.m., Monday through Friday. Remote support is limited to password resets and application support only.
  12. I understand that it is not the responsibility of the PCH ITS Department to support and/or repair my computer, ISP connection, applications or web browsers.
  13. I agree to wipe clean the hard drive prior to sale, transfer, or donation of my computer according to Department of Defense 5220.22-M wipe pass standards. I will contact the PCH ITS Department at (602) 933-1964 and permit them to review the hard drive for any Confidential Information.
  14. I agree that my compliance with this Agreement may be subject to review and/or audit by PCH.
  15. I agree to allow PCH to inspect any computer I use for remote access, including those located in my home, office or other facility. Further it is understood that this device will be blocked from accessing the PCH network and other systems except those permitted by HealthPoint.
  16. I agree that my obligations under this Agreement will continue in the event my status with PCH is terminated or expires, my employment ends, or in the event PCH terminates my remote access under this Agreement.
  17. I agree that any breach of this Agreement will be considered a material breach of this Agreement, and that breaches are treated as a very serious matter. I agree that, in the event I breach any provision of this Agreement, PCH has the right to terminate my remote access, with or without notice at PCH’s discretion.
  18. I agree that, in the event I breach any provision of this Agreement, I am responsible for my actions. If PCH is required to bring an action to enforce this Agreement, I agree to pay PCH its expenses, including reasonable attorneys’ fees and court costs.
By accepting this, I agree that I have read, understand, and will comply with this Agreement.