I understand that King Fahad Medical City (KFMC) has a legal and ethical responsibility to safeguard the privacy of all patients and to protect the confidentiality of their patients’ health information. Additionally, KFMC must assure the confidentiality of its human resources, payroll, fiscal, research, internal reporting, strategic planning, information, or any information that contains passwords, PINs, encryption keys, (collectively, with patient identifiable health information, “Confidential Information”).

In the course of my employment / assignment at Second Health Cluster in Central Region, I understand that I may come into the possession of this type of Confidential Information. I will access and use this information only when it is necessary to perform my job-related duties in accordance with Cybersecurity Administration Policy. I further understand that I must sign and comply with this Agreement in order to obtain authorization for access to Confidential Information or to the KFMC Network.

- I will not disclose or discuss any Confidential Information with others, including friends or family, who do not have a need to know it.
- I will not in any way disclose, copy, release, sell, and loan, alter, or destroy any Confidential Information except as properly authorized.
- I will not discuss Confidential Information where others can overhear the conversation. It is not acceptable to discuss Confidential Information even if the patient’s name is not used.
- I will not make any unauthorized transmissions, inquiries, modifications, or removal of Confidential Information.
- I agree that my obligations under this Agreement will continue even after I finish my work with KFMC.
- Upon termination, I will immediately return any documents or media containing Confidential Information to KFMC.
- I understand that I have no right to any ownership interest in any information accessed or created by me during and in the scope of my relationship with KFMC.
- I understand that violation of this Agreement may result in disciplinary action, accordance with the KFMC’s or Second Health Cluster in Central Region policies.
- I will only access or use systems or devices I am officially authorized to access, will only do so for the purpose of delivery of medical services at this facility, and will not demonstrate the operation or function of systems or devices to unauthorized individuals.
- I understand that I should have no expectation of privacy when using KFMC information systems. KFMC may log, access, review, and otherwise utilize information stored on or passing through its systems, including e‐mail, in order to manage systems and enforce security. I accept responsibility for all accesses made using my Username and Password.

- I will practice good workstation security measures such as locking up when not in use, using screen savers with activated passwords appropriately, and position screens away from public view.
- I will practice secure electronic communications by transmitting Confidential Information only to authorized entities, in accordance with approved Cybersecurity standards.
- I will use only my officially assigned Username and Password provided by EAIT.
- I will use only approved licensed software.
- I will use a device with virus protection software.
- I will never disclose Passwords, PINs, or access codes.
- I will never use other employee Username and Passwords.
- I will never use tools or techniques to break/exploit security measures.
- I will never connect to unauthorized networks through the systems or devices.
- I will only access the Health Information System and other clinical systems to review patient records or KFMC information when I have a business need to know.
- I will periodically review Cybersecurity controls.
- I will notify Cybersecurity Officer through (CybersecurityIncident@kfmc.med.sa) if my password has been seen, disclosed, or otherwise compromised, and will report activity that violates this agreement, Cybersecurity policies, or any other incident that could have any adverse impact on Confidential Information


Signing this document, I acknowledge that I have read this Agreement and I agree to comply with all the terms and conditions stated above