Patient Confidentiality Agreement Template for the United States
Generate a bespoke document
What is a Patient Confidentiality Agreement?
The Patient Confidentiality Agreement is essential for healthcare providers operating in the United States to ensure compliance with HIPAA and state privacy laws. This document should be implemented when establishing a provider-patient relationship and before collecting or handling any protected health information. It addresses the collection, use, and disclosure of medical information, incorporating federal requirements while allowing for state-specific variations. The agreement helps healthcare providers maintain legal compliance while building trust with patients through transparent information handling practices.
About the Patient Confidentiality Agreement
A Patient Confidentiality Agreement is a legally binding document that establishes privacy protections between healthcare providers and patients regarding medical information. This agreement ensures your practice complies with federal healthcare privacy laws while clearly defining how patient data will be collected, used, and protected throughout the provider-patient relationship.
When do you need this document?
You need a Patient Confidentiality Agreement before establishing any provider-patient relationship or collecting protected health information. This includes when opening a new medical practice, onboarding new patients, hiring healthcare staff who will access patient records, or implementing new electronic health record systems. The agreement is also essential when partnering with other healthcare providers, conducting medical research involving patient data, or when patients specifically request enhanced privacy protections beyond standard HIPAA requirements.
Key legal considerations
The agreement must clearly define Protected Health Information (PHI) and establish specific protocols for its handling, storage, and transmission. Include detailed provisions for permitted uses and disclosures, such as treatment coordination, payment processing, and healthcare operations. Address patient rights including access to their medical records, amendment requests, and disclosure accounting. Establish breach notification procedures and security safeguards for both physical and electronic health information. Consider including provisions for patient consent to specific uses, minimum necessary standards for information sharing, and protocols for third-party disclosures. The agreement should also address record retention periods, patient authorization requirements, and procedures for handling requests to restrict information use or disclosure.
Legal requirements in United States
Under federal law, your Patient Confidentiality Agreement must comply with HIPAA's Privacy Rule and Security Rule, which govern the use and disclosure of protected health information. The HITECH Act expands these requirements and mandates breach notifications for unsecured PHI. If treating substance use disorders, you must also comply with 42 CFR Part 2, which provides additional confidentiality protections. The Americans with Disabilities Act requires protecting medical information of patients with disabilities, while GINA prohibits discrimination based on genetic information. State privacy laws may impose additional or more stringent requirements than federal regulations, so ensure your agreement addresses applicable state-specific provisions. Some states require enhanced consent procedures, impose stricter disclosure limitations, or provide additional patient rights beyond federal minimums. Mental health records often receive special protection under state laws, requiring separate consent procedures and enhanced confidentiality measures.
GOVERNING LAW
Applicable law
This Patient Confidentiality Agreement is drafted to comply with United States law. Key legislation includes:
Explore 208,390+ legal templates
Explore 208,390+ legal templates
Genie's Security Promise
Genie is the safest place to draft. Here's how we prioritise your privacy and security.
Your data is private:
We do not train on your data; Genie's AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it