Skip to main content

5 Tips on HIPAA Compliance for Nurses

HIPAA compliance is an important part of every nurse’s professional duties, but safeguarding sensitive patient information in an increasingly digital world can be challenging. An online Registered Nurse to Bachelor of Science in Nursing (RN to BSN) program includes coursework about the legal issues affecting nurses today. By deepening your understanding of what HIPAA entails, you can uphold each patient’s right to privacy and protect yourself and your employer at the same time.

What Is HIPAA?

HIPAA, the Health Insurance Portability and Accountability Act, was introduced into legislature in August 1996.  It established national standards and safeguards to:

  • Protect patient privacy
  • Determine who can access patients’ healthcare information, including how individuals obtain their personal medical records
  • Identify what data should be classified as protected health information (PHI) and how it should be stored and distributed for the purposes of treatment, payment and healthcare operations

What Are Some Common Ways Nurses Violate HIPAA?

Unfortunately, nurses and healthcare providers may violate HIPAA regulations if they are not diligent. A quick comment to a co-worker or acquaintance about a patient seems innocent enough, but it is considered a breach of confidentiality if that person should not have access to such information. Leaving your computer screen open and without password protection is an example of how common violations arise. While these incidents often occur inadvertently and without ill intent, the consequences — up to and including fines and jail time — remain the same.

Below are five tips to help you remain HIPAA compliant.

  1. Understand What Constitutes PHI.

Any health information that is “individually identifiable” is considered PHI and falls under the protections of HIPAA. This typically covers virtually anything that is contained in the medical record, whether it is stored digitally, on paper or spoken, such as:

  • Health histories
  • Test results
  • Diagnoses
  • Insurance and billing information

Individual health identifiers are protected data too. Demographic information is not usually safeguarded under HIPAA rules, except when it is associated with health information. Common identifiers are:

  • Names
  • Contact information, such as email addresses and telephone numbers
  • Social security numbers
  • Medical record and account numbers
  • Driver’s license numbers
  • Photographs
  1. Secure Electronic Devices.

As the digitization of medical records has advanced, a number of electronic devices are used in daily practice and at different points of care. Tablets, laptops and cell phones may contain sensitive data that must be protected. Nurses should exercise extreme caution when accessing patient information on any device and always use password protection.

  1. Report All Inappropriate Disclosures ASAP.

While inappropriate disclosures of PHI are sometimes unintentional due to brief lapses in judgement or faulty safeguards, the consequences are still dire. A HIPAA violation may prompt loss of patient trust, damage the facility’s public image and lead to potential fines and imprisonment for the offenders. No matter how minor the violations or breaches, you should report them through the appropriate internal chain of command. Alternatively, you can file an electronic complaint with the Office for Civil Rights (OCR), an organization within the Department of Health and Human Services (HHS) that oversees and enforces HIPAA regulations.

  1. Learn About Proper PHI Disposal Methods.

Nurses should be aware of their employer’s policies regarding proper disposal of paper records and electronic media that contain PHI, such as depositing papers into a dedicated receptable for shredding or burning and using software to periodically clear devices of sensitive data.

  1. Never Share Your Password or Login Credentials.

Nurses should have their own passwords and logins for devices and systems that contain PHI. These credentials should never be shared with others since they are used to authorize access to patient data as well as track your activity. Notify your information technology or security department immediately if your passwords or login credentials become public or compromised. 

HIPAA compliance has many moving parts, but it is imperative that nurses closely follow the guidelines and protect patient privacy. As you learn more about HIPAA best practices and PHI, both through experience in the workplace and during an RN to BSN program, you can confidently care for patients as well as their data.

Learn more about UTA’s online RN to BSN program.


American Medical Association: HIPAA Violations & Enforcement

HIPAA Journal: What Is Considered PHI Under HIPAA?

Office for Civil Rights, U.S. Department of Health and Human Services: Filing a Complaint

Office for Civil Rights, U.S. Department of Health and Human Services: Summary of the HIPAA Privacy Rule

Office for Civil Rights, U.S. Department of Health and Human Services: What Do the HIPAA Privacy and Security Rules Require of Covered Entities When They Dispose of Protected Health Information?

Related Articles

Request More Information

Submit this form, and an Enrollment Specialist will contact you to answer your questions.

  • This field is for validation purposes and should be left unchanged.

Or call 866-489-2810

Ready to Begin?

Start your application today!

or call 866-489-2810 866-489-2810
for help with any questions you may have.