Check for these essentials in confidentiality agreements

In California, physicians and hospitals are fighting with Blue Cross of California, a WellPoint-owned company, over confidentiality agreements the health plan is putting into contracts that would effectively prevent any outside counsel from examining physician contracts.

The case is a reminder that physicians should examine their health plan contracts to make sure that they are not put in a similar situation in not having the option for outside negotiating assistance if they so choose it. It is also a reminder that there are limits, even for physician practices, as to how businesses can define what is confidential.

Having reviewed the Blue Cross confidentiality agreement in question, I agree that it is overreaching, and that any similar agreements should be viewed by physicians with suspicion and caution.

That being said, Blue Cross, as with all businesses, has a legitimate interest in protecting its confidential information.

Before signing a confidentiality agreement, doctors should review the agreement to ensure that the following provisions are incorporated:

"Confidential information" is sufficiently and succinctly defined. The definition of confidential information should not be so vague as to make the term meaningless. The definition can address broad categories such as information of a proprietary, intellectual, or similar nature -- including reports, financial information, business plans and proposals, economic data, market data, supply information, ideas, concepts, trade secrets, know-how, processes, and other technical or business information.

But the agreement should specifically address the information that the parties want to keep confidential. For example, Blue Cross is concerned about the confidentiality of its reimbursement data; a medical practice would be concerned about patient files; and a pharmaceutical company would be concerned about its chemical formulas.

Exceptions to the definition of confidential information are reflected. A common exception to the definition of confidential information includes information that at the time of disclosure is already in the public domain. Another exception includes information that after disclosure becomes part of the public domain by publication or otherwise through no act or fault of the recipient.

A third exception is information that can be proven to have been known to the recipient and not obtained or derived in contravention of any confidentiality obligation in favor of the disclosing party.

A fourth is information that was obtained from a third party in lawful possession of such information and who is not under a confidentiality obligation to the disclosing party. Finally, another exception is information disclosed as a result of the recipient's obligation to disclose as imposed by applicable law or regulation, or legal process.

Confidential information can be disclosed on a "need-to-know" basis. The recipient should only be permitted to disclose confidential information to its officers, employees, and agents -- including legal counsel and other consultants -- who have a reason or a need to know confidential information to assist the recipient for a specific purpose. The recipient should also be required to ensure that these persons and consultants protect the confidentiality of the specified information.

The use of confidential information is restricted to a specified purpose. The recipient should be limited regarding how it can use confidential information -- for example, to assess the feasibility of a certain project, to negotiate a contract, or to bill patients.

A standard of care for keeping the information confidential is in the agreement. At a minimum, the recipient should exercise at least the same degree of care with respect to the confidential information it received as the recipient uses in handling its own confidential information.

Note that more comprehensive standards for securing protected health information apply under HIPAA and can also apply under state privacy laws.

An affirmative obligation regarding the return or destruction of confidential information is provided. The agreement should provide that, upon the request of the disclosing party, the recipient will account for, and either destroy or return to the disclosing party, all evidences or embodiments of the confidential information, including any reports or other documentation derived from or containing the confidential information.

If the recipient has an option of destroying any confidential information in attorney work product or attorney-client privileged communications, this avoids the problem presented by the Blue Cross confidentiality agreement.

Remedies if the agreement is breached are documented. If there is a breach or threatened breach of the restrictions on disclosing confidential information, the disclosing party, in addition to all other remedies, should be entitled to specific performance, injunctive and other equitable relief.

Finally, when providing confidential information to third parties, conspicuously label the information as confidential.

Also, when receiving the confidential information of another party, segregate the information from your own business information, and label the information so that its confidential nature and owner can be quickly identified.