HIPAA Confidentiality Agreement

Last updated: March 22, 2026

1. Purpose

This agreement outlines your obligations regarding the protection of Protected Health Information (PHI) when using the RFoodX platform. By creating an account and using this system, you acknowledge and agree to comply with all provisions of this agreement.

2. Definition of PHI

Protected Health Information (PHI) includes any individually identifiable health information, including but not limited to: patient names, dates of birth, addresses, phone numbers, Social Security numbers, health plan IDs, medical record numbers, diagnoses, treatment information, and billing data.

3. Your Obligations

You agree to:

• Access PHI only when required for your specific job duties
• Never access records of patients not under your care or responsibility
• Never share, copy, photograph, or transmit PHI through unauthorized channels
• Log out of the system when stepping away from your workstation
• Report any suspected breach or unauthorized access immediately
• Complete required HIPAA training as directed by your organization
• Maintain the confidentiality of your login credentials

4. Monitoring and Auditing

All access to PHI through this system is automatically logged, including: which records you accessed, when you accessed them, and what actions you performed. These logs are subject to regular audit and review.

5. Penalties for Violation

Violations of this agreement and/or HIPAA regulations may result in:

• Immediate revocation of system access
• Disciplinary action, up to and including termination of employment
• Civil penalties of up to $50,000 per violation (up to $1.5 million per year for identical violations)
• Criminal penalties of up to $250,000 in fines and up to 10 years imprisonment for knowing misuse
• Personal liability for damages resulting from unauthorized disclosure

6. Breach Notification

If you become aware of any unauthorized access, use, or disclosure of PHI, you must immediately notify your supervisor and/or the organization's Privacy Officer. Failure to report a known breach is itself a violation of this agreement.

7. Duration

This agreement remains in effect for the duration of your access to the RFoodX platform and survives termination of your access or employment. Your obligation to protect PHI you have accessed continues indefinitely.