EMPLOYEE HANDBOOK

Patient Confidentiality Agreement

I recognize that, in the course of my duties at SUNY College of Optometry/ University Eye Center, I may gain access to protected patient information, which is required by law and by University Administrative Policy and Procedure to be kept confidential and which may be disclosed only under limited conditions . I agree that I will: • Keep confidential all protected patient information to which I gain access whether in the direct provision of care or otherwise. • Access and utilize protected patient information on a “need to know” basis only. • Disclose protected patient information only to the extent authorized and necessary to provide patient care. • Avoid discussing protected patient information in the public places or outside of work. • Refrain from downloading and/or copying protected patient information from the system without authorized consent. • Take all necessary precautions to ensure that the access and handling of protected patient information in the office setting are conducted in ways that protect patient confidentiality to the greatest degree possible. I understand that it is my obligation and responsibility to ensure the confidentiality of all patient information. Improper disclosure or misuse of patient information, whether intentional or due to neglect on my part, is a breach of patient confidentiality, which may result in disciplinary action. During the course of my work at SUNY College of Optometry/ University Eye Center, I may be assigned unique system identification and instructions to develop a personal password. In order to maintain confidentiality of patient information stored in the facility’s computer systems, I agree that I will: • Keep my system identification and passwords confidential and will not share them with anyone for any reason. • Avoid leaving a computer terminal unattended without first logging off. • Contact the University Eye Center’s systems security administrator immediately if I have reason to believe that my system identification or password has been revealed. • Immediately report to the University Eye Center’s compliance officer any suspected unauthorized access to patient information. • Inform the appropriate managerial/administrative personnel if I leave my current employment so that my access to the clinical systems will be deactivated. I understand that it is my obligation and responsibility to protect my system identification and password form improper use. Noncompliance with this measure is a breach of administrative policy, which will result in disciplinary action. Clinical System Access Agreement Signature: ____________________________________________________ Date: _______________________

Signature: ____________________________________________________ Date: _______________________

98