INTERMOUNTAIN HEALTH

ACCESS AND CONFIDENTIALITY AGREEMENT

SECTION 1.0. PURPOSE AND DEFINITION

1.1 ??? Purpose of this Agreement. Federal and state laws, as well as Intermountain Health (Intermountain) policies, protect Confidential Information, assure that it remains confidential, and permit it to be used for appropriate purposes. Those laws and policies assure that Confidential Information, which is sensitive and valuable, remains confidential. They also permit you to use Confidential Information only as necessary to accomplish legitimate and approved purposes. You may need access to Confidential Information because you have one of the following roles:

A. ?? An Intermountain Workforce member as defined by the Health Insurance Portability and Accountability Act (HIPAA), which includes volunteers (a "Workforce Member"); or

B. ?? An Intermountain-affiliated or Intermountain-credentialed Provider (a "Provider"); or

C. ?? A vendor or agent of IHC Health Services, Inc. (a "Vendor" or "Agent"); or

D.??? Any other authorized person who uses Intermountain resources and/or has access to Intermountain information (?Resource User?).

1.2 ???? Definition. "Confidential Information" means data proprietary to Intermountain, other companies, or other persons, plus any other information that is private and sensitive and which Intermountain has a duty to protect. You may learn or access Confidential Information through oral communications, paper documents, computer systems, or through your activities at or with Intermountain. Examples of Confidential Information include the following information that is maintained by, or obtained from, Intermountain:

A. ?? An individual's demographic, employment (except that this does not prevent individuals from discussing their terms and conditions of employment), or health information (including Protected Health Information);

B. ?? Peer-review information;

C. ?? Intermountain's business information, (e.g., financial and statistical records, strategic plans, internal reports, memos, contracts, peer review information, communications, proprietary computer programs, source code, proprietary technology, etc.); and

D. ?? Intermountain's or a third-party's information (e.g., computer programs, client and vendor proprietary information, source code, proprietary technology, etc.).

SECTION 2.0. YOUR DUTIES UNDER THIS AGREEMENT

2.1 ???? Principal Duties. To qualify to access or use Confidential Information, you will comply with the laws and Intermountain policies governing Confidential Information. Your principal duties regarding Confidential Information include, but are not limited to, the following:

A. ?? Safeguard the privacy and security of Confidential Information;

B. ?? Use Confidential Information only as needed to perform your legitimate and Intermountain-approved responsibilities. This means, among other things, that you will not:

(1) ? Access Confidential Information for which you have no legitimate need to know;

(2) ? Divulge, copy, release, sell, loan, revise, alter, or destroy any Confidential Information except as properly authorized within the scope of your legitimate and Intermountain-approved responsibilities; or

(3) ? Misuse Confidential Information;

C. ?? Safeguard, and not disclose, any Intermountain username and password, access codes, or any other authorization that allows you to access Confidential Information. This means, among other things, that you will:

(1) ? Accept responsibility for all activities undertaken using your Intermountain username and password, access codes, and other authorization; and

(2) ? Report any suspicion or knowledge that you have that your Intermountain username and password, access codes, authorization, or any Confidential Information has been misused or disclosed without Intermountain's permission (Report this suspicion or knowledge to the Intermountain Compliance Hotline at 1-800-442-4845, or, if you are a member of Intermountain's Workforce, to your supervisor or facility compliance officer.);

D. ?? Not remove Confidential Information from an Intermountain facility unless necessary for your legitimate and Intermountain-approved responsibilities (If removal of Confidential Information from an Intermountain facility is necessary, you will use reasonable and appropriate physical and technical safeguards-such as encrypting electronic Confidential Information or ensuring Confidential Information is not left in plain sight in a car.);

E. ??? Report activities by any individual or entity that you suspect may compromise the confidentiality of Confidential Information (To the extent permitted by law, Intermountain will hold in confidence reports that are made in good faith about suspect activities, as well as the names of the individuals reporting the activities.);

F. ??? Not use or share Confidential Information after termination of your role that triggered the requirement to sign this Agreement (For example, if you are a Workforce Member, when you leave Intermountain's Workforce; if you are a Provider, when you lose your privileges at an Intermountain facility or your privileges to access Confidential Information; and if you are a Vendor or Agent, when you finish your assignment or project with Intermountain or when your company stops doing business with Intermountain, whichever is first.); and

G. ?? Claim no right or ownership interest in any Confidential Information referred to in this Agreement.

 

SECTION 3.0. VIOLATION OF DUTY - CHANGE OF STATUS

3.1 ???? Responsibility. You are responsible for your noncompliance with this Agreement.

3.2 ???? Discipline. If you violate any provision of this Agreement, you will be subject to consequences, including but not limited to, the following:

A. ?? If you are a Workforce Member, dismissal as a member of Intermountain's Workforce, loss of employment with Intermountain, termination of your ability to access Confidential Information, and legal liability;

B. ?? If you are a Provider, Vendor, Agent, or Resource User, discipline, including revocation of your ability to access or use Confidential Information, and legal liability.

3.3 ???? Relief. Any violation by you of any provision of this Agreement will cause irreparable injury to Intermountain that would not be adequately compensable in monetary damages alone or through other legal remedies, and will entitle Intermountain to the following:

A. ?? If you are a Workforce Member, Vendor, Agent, or Resource User, preliminary and permanent injunctive relief, a temporary restraining order, and other equitable relief in addition to damages and other legal remedies; or

B. ?? If you are a Provider, a court order prohibiting your use of Confidential Information except as permitted by this Agreement, and Intermountain may also seek other remedies.

3.4. ??? Authority. Intermountain may terminate your access to Confidential Information if your status as a Workforce Member, Provider, Vendor, Agent, or Resource User changes, if Intermountain determines that to be in the best interests of Intermountain's mission, or if you violate any provision of this Agreement.

 

SECTION 4.0. CONTINUING OBLIGATIONS

4.1 ???? Continuing Obligations. Your obligations under this Agreement continue after termination of your relationship with Intermountain as a Workforce Member, Provider, Vendor, Agent, or Resource User.