LifeCare of Florida is a covered entity under the Health Insurance Portability & Accountability Act (“HIPAA”). In your position with LifeCare, you shall have access to privileged, intimate, and confidential information, as well as information that is expressly defined as Protected Health Information (collectively hereinafter referred to as “PHI”). With this access, you understand that:

• LifeCare is required to provide patients with a Notice of Health Information Practices and to document the patient's understanding of our intent to comply with this standard. This documentation is included in a Patient Intake Package.

• The Notice of Health Information Practices (NPP) is posted on LifeCare’s website and is available in both English and Spanish.

• Your obligations extend to any PHI that you may acquire during the course of employment or affiliation with LifeCare, whether in oral, written, or electronic form, and regardless of the manner in which access was obtained.

• You must commit to not use, access, or disclose PHI in any manner to any person or entity, internally or externally, except as required and permitted in the course of your duties and responsibilities. This prohibition includes, but is not limited to, disclosing any information about the identity of the patients with whom you work or any information about them, including their medical and other personal information, to family, friends, other patients, other clients, or co-workers unless such person is lawfully authorized to receive such information.

• Uses and disclosures of PHI must be documented in writing and include the information that is disclosed, the purpose of this disclosure, and the date that the disclosure occurred.

• Unauthorized use or disclosure of PHI can result in sanctions by LifeCare up to and including termination of employment or agreement, as well as professional disciplinary action. The intent of the breach (accidental versus adversarial) will be considered in determining the appropriate sanctions, with the final decision left to the Security Officer. Accidental or unintentional breaches in security policies and procedures can be remediated through HIPAA training. Adversarial breaches will automatically result in termination and reporting to the appropriate authorities.

• Any impermissible PHI use or disclosure or potential security risk (loss or threat) must be immediately reported to LifeCare.