Top five tips for confidentiality agreements
By AdvocateDaily.com Staff
Regulators must take care when sharing confidential information with third parties, says Burlington health lawyer Cathi Mietkiewicz.
Mietkiewicz, principal of Mietkiewicz Law, tells AdvocateDaily.com that it’s inevitable that professional health regulators, as part of their everyday operations, will have to share confidential information with service providers or other outside organizations.
Here are her top five tips for things to consider when drafting confidentiality agreements:
Identify your subject matter
All parties to the agreement need to be on the same page, and it’s unrealistic for regulators to assume that every piece of data they turn over will be considered secret, Mietkiewicz says.
“The first thing to do is to properly identify and robustly describe the confidential information that is covered by the agreement,” she says.
Who can see the confidential information
Although blanket disclosure bans on recipients can be appropriate, that’s rarely the case, Mietkiewicz says.
“If the recipient is a service provider you’ve hired, they are probably going to have to share that confidential information with their agents or employees in order to provide you with the service,” she explains. The agreement should also set out who is allowed to see the data and what steps are to be taken to ensure its protection.
“For example, you might say that it can be disclosed to employees as long as they have similar confidentiality disclosure restrictions in place as part of their employment,” Mietkiewicz says.
Lawful authority requests
Parties to confidentiality agreements sometimes overlook the prospect that the recipient of the confidential information could be legally required, including by court order, to disclose the confidential information to another party, she says.
While the holder of the confidential information cannot instruct recipients to ignore such a request from a legal authority, Mietkiewicz says the agreement should cover what happens in those circumstances.
“The agreement can require that the disclosing party is notified before the information is disclosed to ensure they will have an opportunity to challenge whether it really has to be disclosed,” she says.
After the agreement ends
Before an agreement has run its course, the parties need to know what will happen when it expires, Mietkiewicz says.
“The agreement needs to address what the recipient will do with the information once they are no longer engaged,” she says, explaining that the disclosers of confidential information could require the data to be returned or destroyed, depending on their preferences.
“It should also make clear that the confidentiality provisions continue even after the agreement has expired,” Mietkiewicz adds.
“It’s all great to have an agreement when everyone complies, but what happens when it all goes wrong?” she says.
“The agreement should cover what type of damages or equitable relief is available to the affected party if the receiving party reveals confidential information it shouldn’t, or there is some other kind of breach. It might say that damages aren’t enough, and the disclosing
party can seek an injunction or some other equitable relief,” Mietkiewicz says.