All workforce members have to protect confidential information. Breach of this duty includes the following: 

• Accessing confidential information, in any form, without a “need to know” to perform assigned duties. Workforce members are prohibited from accessing their records and records of family members, relatives, and others unless access is necessary to perform assigned duties. 
• Assisting an unauthorized user to gain access to secured information. 
• Leaving confidential information unattended in a non-secure area. 
• Disclosing confidential information without proper authorization. 
• Discussing confidential information in the presence of individuals who do not have the “need to know” to perform assigned duties. 
• Improper disposal of confidential information. 
• Disclosing that a patient or employee is receiving care (except for authorized directory purposes). 
• Transferring confidential information in any form without both parties needing to know. 

Individuals who breach confidentiality are subject to corrective action up to and including termination of employment. In addition, civil and criminal penalties can be assessed under HIPAA for PHI violations.