For more information, visit www.nursing.com/cornell
Get unlimited access to lessons and study tools
In this lesson, we are going to look at HIPAA, the Health Insurance Portability and Accountability Act, and how it affects our practice.
We hear about HIPAA all the time. But what exactly is HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act, which is basically a big federal law that focuses on patient privacy. It outlines who, what, where, when, why and how we use patient information.
The important thing here is to protect patient privacy when it comes to protected health information, or PHI – which is basically everything about the patient. Lab tests, diagnosis, medical history – you name it. You don’t discuss it unless it is someone who is on a “need to know” basis, which usually means they’re involved in the patient’s care, which I’ll talk about in a second.
Let’s talk about patient privacy, and what that looks like. When we say “patient privacy”, we are really talking about their PHI. Anything about that patient, any tests that are run, previous diagnoses, previous surgeries, the medications they’re on…it all falls under PHI.
As nurses, you’ll need to discuss the patient and their history with someone. So who can you discuss it with? You can share that information with people who are on a “need to know” basis – so those are people actively involved in your patient’s care. You can discuss a patient with your charge nurse to get guidance on their plan of care, since they’re actively involved, but you CANNOT call another nurse friend at another hospital to talk about it.
That leads me to my next point. You also need your patient’s permission to discuss any aspects of care with anyone who is not a medical provider. For instance, if you have a family friend show up in your patient’s room, and they want to know how your patient is doing, you’ll have to ask your patient if they’re ok with you sharing that information. Sometimes they’re not, so it’s best to assume that no one wants any information shared ever, and you should always ask.
Also, it’s not uncommon to receive phone calls regarding patient updates. Also err on the side of caution here and don’t disclose any information. You can’t prove who’s on the other side of the phone, so just share with those people who are ok’d by the patient at the bedside. What you can say is something like “I’m sorry but I can’t give any information over the phone. If you want, you can talk to their family for updates.” Check with your unit or hospital policy – they’ll be the ones to clarify SPECIFICALLY how you should handle these types of issues.
Now we are going to talk about what I call PHI pitfalls. These are situations where you would consider yourself “safe,” but actually aren’t.
First off, you need to always always always turn your screen away from onlookers and make sure you log out. That new diagnosis for a patient of HIV and the family friend who happens to peer over your shoulder can put you at risk of liability. When you are not physically at your computer, always log out. You’d be surprised at how intuitive computer software is now, and how easily a family member could navigate through your patient’s record, not to mention other patients you may be caring for.
Another point – DO NOT talk about your patient’s information in public places. You have no idea who’s within earshot. Elevators are a common place. You don’t know who can hear you. Make sure you’re in a private area away from any unsuspecting people.
When you are done with a piece of paper that could have PHI, shred it. Your report sheets, or the new labs you just received, EKG strips, whatever it is. Unless it belongs in a chart (which is where you SHOULD put it), then shred it. You don’t want to lose that info and make it available to someone else.
Last thing I want to talk about is social media. If you are tempted to post something about a patient on your social media accounts, just don’t do it. Attached to this lesson is a story about a nurse who shared minimally identifying information on her Facebook and received disciplinary action for violating privacy laws. Just do not do it.
The question then becomes “What happens if I violate HIPAA?” Well, you could be suspended or fired. You could be sued by the patient, you could lose your license, and you could be charged with a crime. Your hospital could also face fines and penalties too.
I get it – sometimes our stories are really juicy, but save it. We always talk about being an advocate – so advocate for your patient’s privacy too. Don’t share their private info. Remember, it’s Federal Law.
HIPAA is a big deal when we talk about nursing concepts. It affects our ethical and legal practice, is a direct result of health policy and is a professional responsibility as a nurse.
HIPAA is no joke. So let’s recap on some key points about HIPAA.
Remember, it’s a federal law that protects the health information of patients and it’s private!
Always do everything in your power to protect their info. Shred papers if they’re not required to be part of a chart, don’t talk to people that the patient has ok’d to talk to, and don’t post on social media.
Also, don’t share info in public places!
Lastly, you could lose your job, your license, and everything you’re working for now because you share info. Be smart with patient information!
If there is ONE thing to remember from today, protect your patient’s information! Be sure to check out all the resources attached to this lesson. Now, go out and be your best selves today. And, as always, happy nursing!!