3. Protection of Data.
3.1 Scope of Access. As an Authorized User, you may have access to Data that includes protected health information that is subject to confidentiality, privacy and security requirements under state and federal law and regulations. You agree that you will only access Data consistent with your access privileges, and pursuant to all requirements under this Agreement, the Participant’s Participation Agreement, TCC policies and procedures, and applicable laws and regulations including but not limited to the “Minimum Necessary” requirement as defined under HIPAA.
3.2 Protection of Data. As an Authorized User, you have an obligation to maintain the confidentiality, privacy and security of the Data.
a. You will not disclose Data except as required for your job as Participant and subject to all terms of this Agreement.
b. You will not access or view any information other than what is required for you to do your job.
c. You will not make any unauthorized copies of Data. You will not save Confidential Information to portable media devices (Floppies, ZIP disks, CDs, PDAs, and other devices).
d. You will not to email any Data to another email account.
e. You will not release your authentication code or device or password to any other person, including any employee or person acting on your behalf. You will not to allow anyone else to access the EMR Exchange under your authentication code or device or password. You agree not to use or release anyone else’s authentication code or device or password. You agree to notify TCC immediately if you become aware or suspect that another person has access to your authentication code or device or password.
f. You agree not to allow your family, friends or other persons to see the Data on your computer screen while you are accessing the Exchange. You agree to log out of the EHR Exchange before leaving your workstation to prevent others from accessing the Exchange.
g. You agree never to access Data for “curiosity viewing.” This includes viewing Data of your children, other family members, friends, or coworkers, unless access is necessary to provide services to a Patient with whom you or the physician(s) with whom you work have a treatment relationship with that Patient.
h. You will protect the accuracy of the Data submitted or received through the EMR Exchange and will not insert information that you know is not accurate.
4. Audit and Review.
TCC and Participant have the right at all times and without notice to access the EHR Exchange and any hardware or software relating to the Exchange to review and audit your use of the EMR Exchange and compliance with the terms of this Agreement. This includes any hardware or software located at your office, your home, or any other site from which you access the EMR Exchange.
5. Sanctions.
You understand that failure to comply with the terms of this Agreement, may result in disciplinary action against you, which may include loss of access to the Exchange as an Authorized User or termination of your employment or contract with Participant. TCC maintains the right to immediately terminate this agreement at any time for any reason. Access to the EMR Exchange is a privilege for the benefit of mutual patients, only.
6. Duration.
This Agreement will be in effect from the time it is signed until TCC or Participant terminates your status as an Authorized User or until you violate the terms of this Agreement. Any terms of this Agreement necessary to protect the Exchange and Data will survive the termination of this Agreement.
7. Scope of Agreement.
This agreement is intended to be consistent with all state and federal privacy laws specifically including, but not limited to, ORS 192.558 and 45 CFR 164.506 and represents a sharing of PHI from one covered entity to another for purposes of coordination of health care and treatment. For that reason, it is not anticipated that separate prior patient authorization. However, to the extent such is deemed required, it shall be the responsibility of the Participating Provider to obtain that authorization and maintain a copy in the patient’s health record.