When to Use a Confidentiality Agreement

by Dr. Jeff Brown

There are numerous situations in which a business associate agreement (BAA) is not appropriate. Essentially, a BAA is never appropriate for use with a person or entity who is not actually your business associate.

[Read What is a HIPAA Business Associate and Why Should You Care? to learn more about business associates.]

But, what are you supposed to do when a person has potential access to your patient information but they aren't a business associate? Naturally, you still want something in writing for protection. That something is called a confidentiality agreement.

The two most common scenarios in which a confidentiality agreement is applicable would be a cleaning service and office sharing or rental. In these cases, there is a person who is:

  • In your office
  • Not your workforce
  • Not a business associate
  • Likely exposed to PHI

For anyone who fits the list above you will want a signed confidentiality agreement. This agreement should include sections pertaining to: confidentiality, compliance, reporting, and reimbursement. Here is a sample confidentiality agreement for your use.

Hmmm... what about workforce? Glad you asked. The HIPAA requires only one document be signed by all workforce members. Read The Sanction Policy for Workforce Members to learn more.

DISCLAIMER: Because of the generality of this article, the information provided herein may not be applicable in every situation and should not be acted upon without specific legal advice based on particular situations.

See More HIPAA Topics