This article was last updated on March 06, 2019.
Nurses learn about the Health Insurance Portability and Accountability Act (HIPAA) in an RN to BSN online program because it is crucial to have a good understanding of patient privacy laws. With the proliferation of electronic devices, sensitive records are at risk of being stolen. Nurses must follow HIPAA guidelines to ensure that a patient’s private records are protected from any unauthorized distribution. Although it is not always easy, nurses have to stay vigilant so they do not violate any rules.
What is HIPAA?
In 1996, HIPAA was introduced as a federal law to uphold a national set of standards for the confidential and secure electronic exchange of personal health information by the healthcare industry. HIPAA’s four rules are:
- The HIPAA Privacy Rule safeguards the type of data shared
- The HIPAA Security Rule protects databases and data by keeping them secure
- The HIPAA Enforcement Rule contains procedures for enforcement, hearing and penalties
- The HIPAA Breach Notification Rule requires healthcare providers to notify individuals when a breach occurs
Who is Required to Follow HIPPA?
The rules allow for using, storing, maintaining or transferring medical information among the necessary healthcare professionals. Since nurses are privy to personal health information, they are required to comply with HIPAA rules. The law states that those who must follow the HIPAA regulations are called “covered entities.” These covered entities are:
Covered Entities | Description |
---|---|
Health Plans | Health insurance companies, HMOs, company health plans, Medicare and Medicaid |
Healthcare Providers | Physicians, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, dentists and entities that conduct business electronically, such as insurance billing companies |
Healthcare Clearing Houses | Any entity that receives and processes nonstandard health information into a standard electronic format or data content or does the reverse |
Additionally, business associates of covered entities must adhere to HIPAA rules. They are considered third parties that are part of a covered entity’s workforce. Typically, they are companies and professionals that work as contractors or subcontractors, such as:
- Billing companies
- Insurance companies
- Companies that store or destroy health records
What Information is Covered by HIPAA?
The Privacy Rule categorizes protected health information (PHI) as any content about a patient that is kept or transmitted by a covered entity. The PHI consists of individually identifiable health information, which is any data that may point to the identity of a patient. This can include the following patient information:
- Name
- Address
- Birth date
- Social Security Number
- Physical or mental health in the past and present, as well as an updated status
- Provision of healthcare
- Payment for provision of healthcare
What Are the Consequences of Violating HIPAA?
The U.S. Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) enforce the HIPAA Privacy and Security Rules. For covered entities that fail to comply, there is the possibility of civil or criminal penalties.
The OCR investigates complaints and conducts compliance reviews, and they also provide programs to instruct covered entities about HIPAA compliance. If a covered entity does not resolve a violation within 30 days, it may be fined civil money penalties (CMPs). The secretary of HHS determines the amount of the penalty. The penalties can range from a minimum of $100 to $50,000 per violation, to an annual maximum penalty of $1.5 million.
The Department of Justice (DOJ) looks into criminal violations. The penalties for criminal violations are decided based on three levels of intent.
Criminal Violation | Penalty |
---|---|
Knowingly obtaining or disclosing individually identifiable health information | Fine up to $50,000 with one year in prison |
Acquiring information under false pretenses | Fine may be increased to $100,000 with up to five years in prison |
Selling, transferring or using individually identifiable health information for financial gain or malicious harm | Fine $250,000 and up to ten years in prison |
How Can Nurses Prevent HIPAA Violations?
Conversation is a natural part of the work environment. However, nurses need to stay mindful about not sharing any information about patients unless it falls under HIPAA rules. Nurses need to refrain from actions such as:
- Gossiping
- Giving in to curiosity
- Disclosing information without patient’s permission
- Leaving electronic information unprotected or paper documentation out in the open
Nurses are exposed to private patient information everyday. To protect themselves, nurses need to ensure that their mobile devices are properly password protected. And, they have to remain careful or abstain from posting comments or pictures about their workplace. Most importantly, nurses should be aware of the security policies and procedures involved in the proper handling of information.
Learn more about Northeastern State University’s online RN to BSN program.
Sources:
NurseLabs: 4 Common HIPAA Violations and Tips to Prevent Them
The Balance: HIPAA Law and the Privacy Rule to Protect Your Medical Information
AMA: HIPAA Violations & Enforcement
HHS.gov: Summary of the HIPAA Privacy Rule
HHS.gov: Your Rights Under HIPAA
HealthIT Security The Role of Nurses in HIPAA Compliance, Healthcare Security