A HIPAA Primer for Nurses

Privacy is a fundamental human right that extends to patient care. Today’s technology makes it easier for nurses to commit unintended privacy violations. Nurses must continuously review guidelines, professional standards, organizational policies and best practices. They must be mindful of potentially high-risk situations and proactive strategies to protect patient information.

What Is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law 25 years ago and is still in effect today. The focus of HIPAA continues to be:

  • Creating national standards to allow for the retention or transfer of health insurance between jobs (portability)
  • Keeping health information private and secure (accountability)

HIPAA allows covered entities (healthcare providers, health plans and healthcare clearinghouses) to share protected health information (PHI) in order to provide treatment, process payments and conduct internal business operations. The Privacy Rule expects best efforts to maintain confidentiality and privacy of protected health information (PHI) with the policies and procedures necessary to secure an individual’s privacy.

What Does PHI Include?

PHI includes all forms of information — oral, paper and electronic for past, present or future care. This also extends to handwritten notes, social media and outside sharing of information. Don’t put PHI in the regular trash. Even the disposal of handwritten vital signs on a paper towel must comply with HIPAA guidelines. They must be “unreadable, indecipherable, and unable to be reconstructed.”

How Can You Avoid a HIPAA Violation?

Nurses may not be aware of high-risk HIPAA situations. With better awareness, they can be more diligent in protecting patient information.

Limit access to medical records
Avoid the temptation to check the medical records of a friend or family member. Also, do not access your own medical records using an employee login — most systems track who accesses health records. Do not discuss patients with co-workers not involved in the patient’s care. Curiosity and gossiping are clear, well-documented violations.

Watch your surroundings
Avoid discussions in public areas like elevators, cafeterias, hallways or nurse’s stations. Speak quietly and only in private places. Cover papers or files and watch who might be looking at screens. Print or transmit information only in a secure area. Never store data on any personal or unencrypted flash drive or device. Do not open files on public transportation or leave them in your car.

Secure all devices
Be sure to lock or log off your computer terminal or tablet when you are not using it.  Never text patient information, whether through the SMS network, WhatsApp or Facebook. Such networks can be unencrypted, easily intercepted or lack appropriate controls. Confirm and double-check fax numbers and email addresses.

Avoid sharing patient information on social media
Do not post anything about a patient on social media, including photographs. The National Council of State Boards of Nursing lists clear guidelines for social networking sites, blogs, video sites, online chat rooms and other forums. Besides, most organizations have strict guidelines on social media communication to protect patient privacy and the organization’s image.

What Happens If You Violate HIPAA?

Violating HIPAA regulations results in severe consequences for both the organization and the individual. Organizational discipline may include remediation, verbal or written counseling, and even termination. The U.S. Department of Health and Human Services can impose civil fines of up to $1.5 million per year. The U.S. Department of Justice (DOJ) levies criminal penalties of up to $250,000 and a maximum of 10 years in prison.

With advancements in telehealth and informatics, nurses will need heightened HIPAA awareness and education. They need to be proactive in identifying situations that have a high potential for a privacy breach. If you or a colleague accidentally violate a HIPAA rule, be sure to report it.

Although HIPAA guidelines apply to all care team members, they are vital for nurses who deal with so much patient information. Nurses do not have to be HIPAA experts, but they must understand the regulations and potential consequences. Most importantly, they should review best practices and seek opportunities for improvement.

Learn more about Lamar University’s online RN to BSN program.


Sources:

American Medical Association: HIPAA Violations & Enforcement

American Mobile: Common HIPAA Violations Nurses Make

California Department of Healthcare Services: Health Insurance Portability & Accountability Act

HIPAA Journal: What Happens if a Nurse Violates HIPAA?

HIPAA Journal: When Should You Promote HIPAA Awareness?

National Council of State Boards of Nursing: A Nurse’s Guide to the Use of Social Media

NorCal Group: HIPAA Violations You May Not Have Thought of and How to Prevent Them

U.S. Department of Health and Human Services: HIPAA for Professionals

U.S. Department of Health and Human Services: Incidental Uses and Disclosures

U.S. Department of Health and Human Services: Summary of the HIPAA Privacy Rule

Have a question or concern about this article? Please contact us.

Our Commitment to Content Publishing Accuracy

Articles that appear on this website are for information purposes only. The nature of the information in all of the articles is intended to provide accurate and authoritative information in regard to the subject matter covered. The information contained within this site has been sourced and presented with reasonable care. If there are errors, please contact us by completing the form below. Timeliness: Note that most articles published on this website remain on the website indefinitely. Only those articles that have been published within the most recent months may be considered timely. We do not remove articles regardless of the date of publication, as many, but not all, of our earlier articles may still have important relevance to some of our visitors. Use appropriate caution in acting on the information of any article.
Report inaccurate article content:
  • Need More Info?

    Submit the form below, and a representative will contact you to answer any questions.

Or call 866-223-7675

By submitting this form, I am providing my digital signature agreeing that Lamar University (LU) may email me or contact me regarding educational services by telephone and/or text message utilizing automated technology or a pre-recorded message at the telephone number(s) provided above. I understand this consent is not a condition to attend LU or to purchase any other goods or services.

Ready to Get Started?

Begin your application today!

Related Articles

  • Need More Info?

    Submit the form below, and a representative will contact you to answer any questions.

or call 866-223-7675

By submitting this form, I am providing my digital signature agreeing that Lamar University (LU) may email me or contact me regarding educational services by telephone and/or text message utilizing automated technology or a pre-recorded message at the telephone number(s) provided above. I understand this consent is not a condition to attend LU or to purchase any other goods or services.

Ready to apply?

Congratulations, you’re taking the first step in shaping a future for yourself with great opportunities.

Please fill out the form and start the online application process. For help with any questions you have, call:

By submitting this form, I am providing my digital signature agreeing that Lamar University (LU) may email me or contact me regarding educational services by telephone and/or text message utilizing automated technology or a pre-recorded message at the telephone number(s) provided above. I understand this consent is not a condition to attend LU or to purchase any other goods or services.

  • Need More Info?

    Submit the form below, and a representative will contact you to answer any questions.

or call 866-223-7675

By submitting this form, I am providing my digital signature agreeing that Lamar University (LU) may email me or contact me regarding educational services by telephone and/or text message utilizing automated technology or a pre-recorded message at the telephone number(s) provided above. I understand this consent is not a condition to attend LU or to purchase any other goods or services.