How to Avoid HIPAA Violations

This article was last updated on March 06, 2019.

Nurses learn about the Health Insurance Portability and Accountability Act (HIPAA) in an RN to BSN online program because it is crucial to have a good understanding of patient privacy laws. With the proliferation of electronic devices, sensitive records are at risk of being stolen. Nurses must follow HIPAA guidelines to ensure that a patient’s private records are protected from any unauthorized distribution. Although it is not always easy, nurses have to stay vigilant so they do not violate any rules.

What is HIPAA?

In 1996, HIPAA was introduced as a federal law to uphold a national set of standards for the confidential and secure electronic exchange of personal health information by the healthcare industry. HIPAA’s four rules are:

  • The HIPAA Privacy Rule safeguards the type of data shared
  • The HIPAA Security Rule protects databases and data by keeping them secure
  • The HIPAA Enforcement Rule contains procedures for enforcement, hearing and penalties
  • The HIPAA Breach Notification Rule requires healthcare providers to notify individuals when a breach occurs

Who is Required to Follow HIPPA?

The rules allow for using, storing, maintaining or transferring medical information among the necessary healthcare professionals. Since nurses are privy to personal health information, they are required to comply with HIPAA rules. The law states that those who must follow the HIPAA regulations are called “covered entities.” These covered entities are:

Covered Entities Description
Health Plans Health insurance companies, HMOs, company health plans, Medicare and Medicaid
Healthcare Providers Physicians, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, dentists and entities that conduct business electronically, such as insurance billing companies
Healthcare Clearing Houses Any entity that receives and processes nonstandard health information into a standard electronic format or data content or does the reverse

Additionally, business associates of covered entities must adhere to HIPAA rules. They are considered third parties that are part of a covered entity’s workforce. Typically, they are companies and professionals that work as contractors or subcontractors, such as:

  • Billing companies
  • Insurance companies
  • Companies that store or destroy health records

What Information is Covered by HIPAA?

The Privacy Rule categorizes protected health information (PHI) as any content about a patient that is kept or transmitted by a covered entity. The PHI consists of individually identifiable health information, which is any data that may point to the identity of a patient. This can include the following patient information:

  • Name
  • Address
  • Birth date
  • Social Security Number
  • Physical or mental health in the past and present, as well as an updated status
  • Provision of healthcare
  • Payment for provision of healthcare

What Are the Consequences of Violating HIPAA?

The U.S. Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) enforce the HIPAA Privacy and Security Rules. For covered entities that fail to comply, there is the possibility of civil or criminal penalties.

The OCR investigates complaints and conducts compliance reviews, and they also provide programs to instruct covered entities about HIPAA compliance. If a covered entity does not resolve a violation within 30 days, it may be fined civil money penalties (CMPs). The secretary of HHS determines the amount of the penalty. The penalties can range from a minimum of $100 to $50,000 per violation, to an annual maximum penalty of $1.5 million.

The Department of Justice (DOJ) looks into criminal violations. The penalties for criminal violations are decided based on three levels of intent.

Criminal Violation Penalty
Knowingly obtaining or disclosing individually identifiable health information Fine up to $50,000 with one year in prison
Acquiring information under false pretenses Fine may be increased to $100,000 with up to five years in prison
Selling, transferring or using individually identifiable health information for financial gain or malicious harm Fine $250,000 and up to ten years in prison

How Can Nurses Prevent HIPAA Violations?

Conversation is a natural part of the work environment. However, nurses need to stay mindful about not sharing any information about patients unless it falls under HIPAA rules. Nurses need to refrain from actions such as:

  • Gossiping
  • Giving in to curiosity
  • Disclosing information without patient’s permission
  • Leaving electronic information unprotected or paper documentation out in the open

Nurses are exposed to private patient information everyday. To protect themselves, nurses need to ensure that their mobile devices are properly password protected. And, they have to remain careful or abstain from posting comments or pictures about their workplace. Most importantly, nurses should be aware of the security policies and procedures involved in the proper handling of information.

Learn more about Northeastern State University’s online RN to BSN program.


NurseLabs: 4 Common HIPAA Violations and Tips to Prevent Them

The Balance: HIPAA Law and the Privacy Rule to Protect Your Medical Information

AMA: HIPAA Violations & Enforcement

Becker’s Health IT and CIO Review: 10 Common HIPAA Violations and Preventive Measures to Keep Your Practice in Compliance

Healthcare Compliance Pros: Posting with Caution: The DO’s and DON’Ts of Social Media and HIPAA Compliance Summary of the HIPAA Privacy Rule Your Rights Under HIPAA

HealthIT Security The Role of Nurses in HIPAA Compliance, Healthcare Security

Related Articles

Have a question or concern about this article? Please contact us.

Our Commitment to Content Publishing Accuracy

Articles that appear on this website are for information purposes only. The nature of the information in all of the articles is intended to provide accurate and authoritative information in regard to the subject matter covered.

The information contained within this site has been sourced and presented with reasonable care. If there are errors, please contact us by completing the form below.

Timeliness: Note that most articles published on this website remain on the website indefinitely. Only those articles that have been published within the most recent months may be considered timely. We do not remove articles regardless of the date of publication, as many, but not all, of our earlier articles may still have important relevance to some of our visitors. Use appropriate caution in acting on the information of any article.

Report inaccurate article content:


Submit this form, and an Enrollment Specialist will contact you to answer any questions.

Or call 844-351-6656

Dots graphic

Ready to Get Started?

Start your application today!

OR CALL 844-351-6656 844-351-6656

for help with any questions you have.

Dots graphic