Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Privacy Issues
Jacksonville University
NUR 516
Privacy Issues
Introduction
What is HIPPA? The term means Health Insurance Portability and Accountability Act.
The Department of Health and Human Services (HHS) enacted this law in 1996. The Office of
Civil Rights (OCR), which operates under the umbrella of (HHS), is responsible for
implementing and enforcing these rules. HIPPA Laws protect all individually identifiable health
information held or transmitted by a covered entity. An entity is any source that is engaged with
protected health information. These include health plans, health care providers, health care
clearing houses, business associates and business associates contracts. The laws remain the same
whether the mode of transmission is electronic, oral or paper. Protected Health Information
(PHI) cannot be disclosed without the written authorization of the individual except where
permitted by the law such as payment, treatment and administrative purposes ("Summary of the
This executive summary will address current HIPPA guidelines for electronic security
and information management. It will also identify the implications in nursing practice for the
staff nurse and the advance practice nurse. A case study will give insight into HIPPA violations
A major responsibility for the nursing staff is to document accurately in the Electronic
Health Record (EHR), preserve the integrity of the data, educate patient about their rights under
the HIPPA Law and protect individuals’ health information. The nursing staff make up a big
bulk of the professionals who access PHI therefore nurses are at the forefront of guarding PHI.
PRIVACY ISSUES 3
The task has become more difficult and challenging with the changes and advancement in
computerized technology. Patient care now includes the use of smart phones and other mobile
devices throughout the healthcare continuum. The nursing community is aware of the increased
risk of “medical identity theft” (Harman, Flite, & Bond, 2012, 1). The ongoing process in
providing high quality healthcare involves rapid exchange of data to other healthcare facilities,
non-facility providers and reporting to government agencies e.g. Center for Medicare and
Medicaid Services (CMS). The current HIPPA guidelines requires that individuals’ health
information is properly protected while allowing for the flow of health information needed to
provide and promote high quality health care and to protect the public’s health and well being.
information security can be approached using the acronym “CIA”, confidentiality, integrity and
availability (Harman et al., 2012, para. 12). In all health practices and processes, Nurses need to
be vigilant in protecting patient confidentiality, computers should be positioned out of the public
view, and shields can be added to screens for reduced visibility. Nurses should not engage in
activities that would potentiate hacking, manipulation or destruction of data and possible
infestation by viruses and worms. High caution should be given to personal password and login
to mainframe Electronic Medical Record (EMR) systems and other points of PHI access.
Information integrity should be maintained by performing chart review to ensure health data
accuracy. Staff nurses should also be aware of default/backup system should main system fail.
The patient should be educate on their rights to access their personal health records, medical
records are available according to the facility policy and procedure for release of information.
Patient can request amendment of health information that is incorrect or incomplete. Telephonic
PRIVACY ISSUES 4
exchange of patient information should be restricted to what is permissible under the HIPPA
Laws. A pin or code should be given to surrogates authorized by the patient to receive telephonic
PHI.
The advanced practice nurse identifies risk and vulnerabilities, create action plan and
execute the action plan in a timely manner. Staff training is to be optimized, administrative
standards should be enforced according to the facilities contracts or other written agreement
during the transfer or transport process e.g. shredding of PHI. PHI also needs to be protected
from natural and environmental hazards. The advance practice nurse should monitor that policies
and procedures are observed and followed. Offices should be locked, screens used, computers
are logged off completely and unauthorized sites are not visited by staff. Audits trails should be
performed frequently to identify any illegal system or chart access. In-service of staff regarding
organizational changes and updates in response to PHI security should be performed by the
advance practice nurse or any other auxiliary as mandated by the facility. Monitoring of the use
of encryption capabilities by staff nurses and other allied health care personnel should also be
done by the advance practice nurse ("Privacy and security of electronic health information," n.d.,
Chapter 6)
There are several tools available to accomplish the goal of optimal information privacy.
One such tool is the Medicare and Medicaid Meaningful Use Core Objectives that addresses
privacy and security. This can be a very effective and efficient tool for the advance practice
nurse to employ in the task of managing the security of PHI: “lead the culture, document the
process, findings and actions, review existing security of PHI, develop an action plan, manage
PRIVACY ISSUES 5
and mitigate risk, attest to use of security related objective and monitor audit and update security
on an ongoing basis” ("Privacy and security of electronic health information," n.d., Chapter 6).
In conclusion, the implication is that nurses are the highest ranked gatekeeper for EHR,
and they are directly connected to the management of information security and privacy.
PRIVACY ISSUES 6
References
Harman, L. B., Flite, C. A., & Bond, K. (2012, November 9). Electronic health records: privacy,
professionals/privacy/laws-regulations/
Michele, M., & Nancy, S. (2011, January). Electronic health records and the implication for
Samadbuk, K., Zahara, G., Masomeh, K., & Masoud, R. (2015, February). Managing the security
of nursing data in the electronic Health Records. Journal of Academy of Medical Science,
Sewell, J., & Thede, L. (2013). Informatics and Nursing Opportunities and Challenges (4th ed.).
http:www.hhs.gov/ocr/privacy/hippa/understanding/index.html