Legal Templates

20M+ Documents Created Since 2015

Free HIPAA Employee Confidentiality Agreement Template

Use a free HIPAA employee confidentiality agreement template to keep patient records private. Answer a few questions and get your form in minutes.

  • 4.6
    126 Ratings 25 Downloads
  • Takes 4 minutes
  • Verified legal template
  • PDF & Word

How It Works

  1. 1
    Choose Your Form
    Select the HIPAA employee confidentiality agreement to get started.
  2. 2
    Answer Simple Questions
    Answer a few questions about the employer, employee, and patient access.
  3. 3
    Download Your Form
    Download your completed HIPAA employee confidentiality agreement in PDF or Word format.
  • Tabinda Mustershad
    Written by
    Tabinda Mustershad
    Tabinda Mustershad
    Written by
    Tabinda Mustershad, BSc
    Tabinda Mustershad is an SEO content writer with a bachelor’s degree in Mass Communication. She brings nearly a decade of experience working in marketing with various B2B and B2C brands across the wellness, e-commerce, and tech industries. She creates compelling content tailored to inform and engage diverse audiences.
    Full Bio Editorial Guidelines
  • Josh Sainsbury
    Fact-checked by
    Josh Sainsbury
    Josh Sainsbury
    Fact-checked by
    Josh Sainsbury
    Josh Sainsbury is a business content editor with expertise in legal writing. His degree in magazine journalism from Southampton Solent University, combined with 10 years of experience in content creation, has allowed him to produce clear, accessible resources in the legal and business sectors.
    Full Bio Editorial Guidelines
  • Harvey Barbee, J.D.
    Legally Reviewed by
    Harvey Barbee, J.D.
    Harvey Barbee, J.D.
    Legally Reviewed by
    Harvey Barbee, J.D.
    Harvey Barbee is an attorney with 15 years of legal experience in family law, criminal law, personal injury, and civil litigation. He graduated with a bachelor's degree in political science and a juris doctor from the University of North Carolina School of Law. He's an active member of the North Carolina State Bar, North Carolina Bar Association, and Greensboro Bar Association.
    Full Bio Editorial Guidelines
Last updated January 20, 2026

What Is a HIPAA Employee Confidentiality Agreement?

A HIPAA employee confidentiality agreement is a type of non-disclosure agreement (NDA). It is used in healthcare settings. It requires employees to keep patient information private while doing their job. This agreement applies to all employees who access patient information. It helps employees follow HIPAA privacy rules when handling protected health information (PHI).

PHI refers to patient information that is tied to a person’s health or identity. According to the US Department of Health and Human Services, this can be:

  • Spoken, such as conversations about a patient’s condition
  • Written, such as medical charts or billing records
  • Electronic, such as data stored in electronic health record systems

When employees sign this agreement, they agree to handle patient information with care. They may use it only as allowed by the workplace rules and the law.

What Information Does a HIPAA Employee Confidentiality Agreement Protect?

A HIPAA compliance form protects all patient information that employees may access, use, disclose, or share while performing their job duties. This includes details that could identify a patient or reveal something about their health or the care they are receiving. Here are some common types of identifiers that fall under PHI (45 CFR § 164.514):

  • Patient names
  • Phone numbers and email addresses
  • Dates tied to a patient, such as birth or admission dates
  • Medical records or health plan numbers
  • Social Security Numbers
  • Photos that clearly show a patient’s face
  • Online identifiers, such as IP addresses
  • Biometric identifiers (e.g., fingerprints, voice prints)

All of this information is protected to reduce the risk of identity theft and maintain patient privacy. It also supports legal compliance for the healthcare organization. When patient information is handled with care, it helps maintain trust between health care providers and the people they serve.

While HIPAA is a federal law, some states have stricter patient privacy rules. For example, California’s Confidentiality of Medical Information Act (CMIA), the Texas Medical Records Privacy Act, and New York Public Health Law § 18 may offer additional protections.

Who Should Use a HIPAA Employee Confidentiality Agreement?

A HIPAA confidentiality agreement can be used by any employee who accesses patient information as part of their job. This includes employees who view, use, discuss, or store PHI. The agreement applies based on an employee’s access to patient information, not the type of business they work for.

Using this agreement helps clarify expectations and ensures the proper handling of patient information in the workplace.

Employees Who Typically Need to Sign

Employees who commonly sign a HIPAA employee confidentiality agreement include:

  • Doctors, nurses, and other clinical staff
  • Medical assistants and technicians
  • Front desk and administrative employees
  • Billing, coding, and insurance staff
  • IT staff with access to patient records or systems
  • Temporary or part-time employees who handle patient information

Any employees who come into contact with patient information as part of their job duties should sign the HIPAA compliance form and understand how that information is protected. To save time, you can use Legal Templates’s free HIPAA employee confidentiality agreement to get started. You can customize it within minutes and download it as a PDF or Word file.

How to Write a HIPAA Employee Confidentiality Agreement

The HIPAA compliance form must clearly state what patient information is protected and how employees are expected to handle it. Here are the steps you should follow when writing your agreement:

Step 1 – Identify the Parties

List the names of the employer and the employee entering the agreement. Include the full legal name of both parties. Be sure to clarify their job title or position. Make sure the agreement clearly states that it applies to the employee’s role and access to patient information during work duties.

Step 2 – Define Protected Health Information

Explain what type of patient information the agreement covers. This may vary based on the employee’s role and access. List all applicable identifiers (45 CFR § 164.514).

Step 3 – Outline Non-Disclosure Responsibilities

Clearly describe what the employees may or may not do with patient information. The agreement should state that:

  • PHI may only be used for job-related purposes
  • PHI may not be shared without proper authorization
  • Disclosure is only allowed when workplace policies or law permit, such as when a patient requests access to their own medical records

Use a free medical records release (HIPAA) form when a patient wants to allow their medical records to be shared with another doctor, provider, or organization.

Step 4 – Include Standard Agreement Terms

Most HIPAA employee confidentiality agreements also include basic contract terms such as:

  • How long the agreement lasts
  • What happens if part of the agreement is found invalid
  • Whether the agreement replaces earlier confidentiality agreements

Step 5 – Sign and Date the Document

After carefully reviewing the agreement, both the employer and employee should sign and date the document. A signed agreement confirms that the employee understands their duty to protect patient information and follow workplace privacy rules. Employers should keep a copy for their records.

Sample HIPAA Employee Confidentiality Agreement

Take a look at a sample HIPAA employee confidentiality agreement template below to see what the form looks like and what details are required. Once you’re ready, use our guided questionnaire to customize and download your own agreement in PDF or Word format.

This is a document preview. Your customized version will be created after you answer a few quick questions.
HIPAA-Employee-Non-Disclosure-Agreement-pages

How a HIPAA Employee Confidentiality Agreement Supports Compliance

A HIPAA employee confidentiality agreement supports compliance by helping employees understand how to handle patient information properly in the workplace.

HIPAA Privacy Rule

The HIPAA Privacy Rule establishes national standards for protecting patient information and limits the use and disclosure of protected health information as outlined in 45 CFR Parts 160 and 164. Under the privacy rule, patients have the right to:

  • Control who may access their health information
  • Understand how their information is used or shared
  • Expect reasonable safeguards to protect their privacy.

HIPAA Security Rule

Under 45 CFR Part 164, Subpart C, the HIPAA Security Rule requires safeguards to protect electronic health information (ePHI) from unauthorized access, loss, or breach.

Consequences of Non-Compliance

Failing to follow HIPAA rules may result in severe fines, penalties, legal action, and damage to an employer’s reputation. Employees who violate a confidentiality agreement may receive warnings, suspension, or termination, depending on the severity of the violation.

Related Documents
HIPAA Employee Confidentiality Agreement Template

The document above is a sample. Please note that the language you see here may change depending on your answers to the document questionnaire.

Fill in the details
Download your Template
We’ll send you the free template via email - No need to create an account
Check Your Inbox
We just sent your template. 
Check your inbox to access it.
Free HIPAA Employee Confidentiality Agreement Template