Privacy is a fundamental human right that extends to patient care. Today’s technology makes it easier for nurses to commit unintended privacy violations. Nurses must continuously review guidelines, professional standards, organizational policies and best practices. They must be mindful of potentially high-risk situations and proactive strategies to protect patient information.
What Is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law 25 years ago and is still in effect today. The focus of HIPAA continues to be:
- Creating national standards to allow for the retention or transfer of health insurance between jobs (portability)
- Keeping health information private and secure (accountability)
HIPAA allows covered entities (healthcare providers, health plans and healthcare clearinghouses) to share protected health information (PHI) in order to provide treatment, process payments and conduct internal business operations. The Privacy Rule expects best efforts to maintain confidentiality and privacy of protected health information (PHI) with the policies and procedures necessary to secure an individual’s privacy.
What Does PHI Include?
PHI includes all forms of information — oral, paper and electronic for past, present or future care. This also extends to handwritten notes, social media and outside sharing of information. Don’t put PHI in the regular trash. Even the disposal of handwritten vital signs on a paper towel must comply with HIPAA guidelines. They must be “unreadable, indecipherable, and unable to be reconstructed.”
How Can You Avoid a HIPAA Violation?
Nurses may not be aware of high-risk HIPAA situations. With better awareness, they can be more diligent in protecting patient information.
Limit access to medical records
Avoid the temptation to check the medical records of a friend or family member. Also, do not access your own medical records using an employee login — most systems track who accesses health records. Do not discuss patients with co-workers not involved in the patient’s care. Curiosity and gossiping are clear, well-documented violations.
Watch your surroundings
Avoid discussions in public areas like elevators, cafeterias, hallways or nurse’s stations. Speak quietly and only in private places. Cover papers or files and watch who might be looking at screens. Print or transmit information only in a secure area. Never store data on any personal or unencrypted flash drive or device. Do not open files on public transportation or leave them in your car.
Secure all devices
Be sure to lock or log off your computer terminal or tablet when you are not using it. Never text patient information, whether through the SMS network, WhatsApp or Facebook. Such networks can be unencrypted, easily intercepted or lack appropriate controls. Confirm and double-check fax numbers and email addresses.
Avoid sharing patient information on social media
Do not post anything about a patient on social media, including photographs. The National Council of State Boards of Nursing lists clear guidelines for social networking sites, blogs, video sites, online chat rooms and other forums. Besides, most organizations have strict guidelines on social media communication to protect patient privacy and the organization’s image.
What Happens If You Violate HIPAA?
Violating HIPAA regulations results in severe consequences for both the organization and the individual. Organizational discipline may include remediation, verbal or written counseling, and even termination. The U.S. Department of Health and Human Services can impose civil fines of up to $1.5 million per year. The U.S. Department of Justice (DOJ) levies criminal penalties of up to $250,000 and a maximum of 10 years in prison.
With advancements in telehealth and informatics, nurses will need heightened HIPAA awareness and education. They need to be proactive in identifying situations that have a high potential for a privacy breach. If you or a colleague accidentally violate a HIPAA rule, be sure to report it.
Although HIPAA guidelines apply to all care team members, they are vital for nurses who deal with so much patient information. Nurses do not have to be HIPAA experts, but they must understand the regulations and potential consequences. Most importantly, they should review best practices and seek opportunities for improvement.
Learn more about Lamar University’s online RN to BSN program.
Sources:
American Medical Association: HIPAA Violations & Enforcement
American Mobile: Common HIPAA Violations Nurses Make
California Department of Healthcare Services: Health Insurance Portability & Accountability Act
HIPAA Journal: What Happens if a Nurse Violates HIPAA?
HIPAA Journal: When Should You Promote HIPAA Awareness?
National Council of State Boards of Nursing: A Nurse’s Guide to the Use of Social Media
NorCal Group: HIPAA Violations You May Not Have Thought of and How to Prevent Them
U.S. Department of Health and Human Services: HIPAA for Professionals
U.S. Department of Health and Human Services: Incidental Uses and Disclosures
U.S. Department of Health and Human Services: Summary of the HIPAA Privacy Rule