To help increase awareness of the need for confidentiality at VUMC, all staff, faculty, students, temps and volunteers will be asked each year to sign a confidentiality agreement. VUMC confidentiality agreements formerly were signed only by those with systems access to electronic patient information. Where signed agreements formerly were filed with information management, they’ll now be included in personnel files maintained by human resource services.
The purpose of the agreement is to help members of the Vanderbilt community understand their duty to protect confidential information, including patient information, private information about employees or students, and internal information about Vanderbilt and its business partners. The agreement also points out some of the more common breaches of VUMC confidentiality protection, such as staff and faculty letting others use their system passwords.
“I’m not sure people realize your password is like your signature, and you can be held accountable for anything done with your password,” said Kimberly Lawrence, information security coordinator.
A task force was formed recently to recommend penalties for breaches of confidentiality and to step up audits to look for abuse of systems privileges, such as staff and faculty viewing the medical records of fellow employees, or records of friends and neighbors. Termination of employment is already among the penalties for violations of confidentiality at VUMC.
Staff will review and sign the confidentiality agreement as part of the annual job performance review process. New hires began signing the agreement in January as part of the confidentiality segment of the Hearts and Minds orientation program. The confidentiality agreement will become part of orientation for students, house staff and faculty. Planning continues on the best way to reach other categories of Vanderbilt people.