Responsible Official: VP for Human Resources
Administering Division/Department: Employee Relations
Effective Date: March 30, 2007
Last Revision: June 21, 2007
It is the policy of Emory University that any confidential information (verbal, written, computer file or the enterprise computer network) is considered privileged and strictly confidential. All confidential information should be maintained in a manner which ensures its privacy and safety. Confidential and/or patient information should not be discussed in open areas (elevators, cafeteria, etc.).
Emory safeguards the security and confidentiality of employee records. Employees who disclose information observed or heard without proper authorization will be subject to disciplinary action up to and including dismissal from Emory employment. The observance of confidentiality also applies to the disclosure of information regarded as confidential within a department.
Employees’ medical information is expected to be maintained in a strictly confidential manner, in a confidential file separate from any other departmental information.
For purposes of this policy, confidential information is defined as, but not limited to, patient records, financial records, human resources/payroll records, legal documents, and clinical data. Any communication or reception of knowledge, such as facts, data or opinions, including numerical, graphic or narrative forms, whether oral or maintained in any medium, including computerized database, paper, microfilm or magnetic tape, should be protected because of its sensitivity. The release of this information may have negative financial, competitive, productivity loss, legal or other non-beneficial impacts on Emory.
Authorized individuals (including, but not limited to, all employees and non-employees) have access to confidential information for the purposes of employee matters and/or specific job related duties. Authorized individuals who may have access to confidential information include, but are not limited to, new hires, current staff and principals, students, physicians, contractors, volunteers, vendors, faculty, and other university representatives. Individuals must obtain prior approval by the appropriate department directors or designee and/or committee prior to the release of any information deemed confidential.
Confidential information should not be accessed by, or discussed with, anyone except authorized individuals with a need to know. All requests for information about the employee should be forwarded to the authorized department.
Access controls should be in place (logon IDs and passwords) to protect confidential computer information as defined by Information Technology Division.
Employees, physicians, contractors, students or other agents who as either information providers or information users intentionally and without proper authorization (1) access or disclose confidential Emory information or (2) modify or destroy Emory information are in direct violation of Emory’s policy. Such violations may lead to disciplinary actions up to and including dismissal from Emory. Under certain circumstances, such violations may give rise to civil and/or criminal liability.
- Current Version of This Policy: http://policies.emory.edu/4.79
No previous versions of this policy were found.