Ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) is an important part of every nurse’s professional duties, but safeguarding sensitive patient information in an increasingly digital world can be challenging. Accordingly, the online Registered Nurse (RN) to Bachelor of Science in Nursing (BSN) program from The University of Texas at Arlington (UTA) includes the course Health Policy, Legal Aspects and Informatics in Nursing.
This class covers legal issues affecting nurses today, including evolving regulations surrounding personal data and informatics as well as other technology- and privacy-driven topics. By deepening your understanding of what HIPAA entails, you can uphold each patient’s right to privacy while protecting yourself and your employer at the same time.
What Is HIPAA?
HIPAA was introduced into legislature in August 1996. It established national standards and safeguards to:
- Protect patient privacy
- Determine who can access patients’ healthcare information, including how individuals obtain their personal medical records
- Identify what data should be classified as protected health information (PHI) and how it should be stored and distributed for the purposes of treatment, payment and healthcare operations
The HIPAA Privacy Rule was issued to Implement HIPAA Requirements and safeguard PHI. The HIPAA Security Rule further safeguards protected information that is transmitted in electronic form (electronic protected health information, or e-PHI).
What Are Some Common Ways Nurses Violate HIPAA?
Unfortunately, nurses and healthcare providers may violate HIPAA regulations in numerous unexpected ways if they are not diligent. A quick comment to a co-worker or acquaintance about a patient seems innocent enough, but it could be a breach of confidentiality if that colleague should not have access to such information.
Leaving your computer screen open without password protection is an example of how common violations arise. While these incidents often occur inadvertently and without ill intent, the consequences remain the same — up to and including fines and jail time, although consequences vary widely.
Below are five tips to help you remain HIPAA compliant.
1. Understand What Constitutes PHI
Any health information that is “individually identifiable” is considered PHI and falls under the protections of HIPAA. This typically covers virtually anything that is contained in the medical record, whether it is stored digitally, on paper or spoken, such as:
-
-
-
- Health histories
- Test results
- Diagnoses
- Insurance and billing information
-
-
Individual health identifiers are protected data too. Demographic information may also be safeguarded under HIPAA rules when it is associated with health information. Common identifiers are:
-
-
-
- Names
- Contact information, such as email addresses and telephone numbers
- Social security numbers
- Medical record and account numbers
- Driver’s license numbers
- Photographs
-
-
2. Secure Electronic Devices
As the digitization of medical records advances and telemedicine evolves, a number of electronic devices are used in daily practice and at different points of care. Tablets, laptops and cell phones may contain sensitive data that must be protected. Nurses should exercise extreme caution when accessing patient information on any device and always use password protection.
3. Report All Inappropriate Disclosures ASAP
While inappropriate disclosures of PHI are sometimes unintentional due to brief lapses in judgement or faulty safeguards, the consequences are still dire. A HIPAA violation may prompt loss of patient trust, damage the facility’s public image and lead to potential fines and imprisonment for the offenders.
No matter how minor the violations or breaches are, you should report them through the appropriate internal chain of command. Alternatively, you can file a complaint with the Office for Civil Rights (OCR), an organization within the U.S. Department of Health and Human Services (HHS) that oversees and enforces HIPAA regulations.
4. Learn About Proper PHI Disposal Methods
Nurses should be aware of their employer’s policies regarding proper disposal of paper records and electronic media that contain PHI, such as depositing papers into a dedicated receptable for shredding or burning and using software to periodically clear devices of sensitive data.
5. Never Share Your Password or Login Credentials
Nurses should have their own passwords and logins for devices and systems that contain PHI. These credentials should never be shared with others since they are used to authorize access to patient data as well as track your activity. Notify your information technology or security department immediately if your passwords or login credentials become public or compromised. Further, follow your information security department’s guidelines closely surrounding password policies, cybersecurity trainings and other important security measures.
HIPAA compliance has many moving parts, but it is imperative that nurses closely follow the guidelines and protect patient privacy. As you learn more about HIPAA best practices and PHI, both through experience in the workplace and during an RN to BSN program, you can confidently care for patients as well as their data.
Learn more about UTA’s online RN to BSN program.
