A HIPAA violation puts the patient in peril and lands the nurse in hot water

A reader was reprimanded by a state board of nursing for violating HIPAA because she placed a document containing protected health information in an everyday garbage bin somewhat than within the required shredder container.

The nurse said her former employer couldn’t prove that non-public information had been “compromised”. She said such violations occur on a regular basis and she or he believes nurses are “weaker” and all the time face consequences for violations, while other healthcare providers don’t.

Patient confidentiality and privacy is an ethical and legal obligation that each healthcare provider must uphold. State privacy and confidentiality laws for health care providers have been in place for a few years.

Similarly, state practice statutes, including nursing practice statutes, authorize disciplinary motion against health care providers who violate patient privacy and/or confidentiality. The Health Insurance Portability and Accountability Act mandates such protection in health care. Its privacy principles set forth national standards governing when PHI could also be used and disclosed.

What exactly is PHI?

PHI, whether electronic, paper or oral, is information that conveys:

• An individual’s past, present or future physical or mental health or condition
• Providing health care to a person
• Past, present, or future payment for providing health care to a person.

Common examples of PHI include the person’s name, date of birth, full facial photos, Social Security number, and medical health insurance identification number.

Common HIPAA violations include verbal discussions of PHI in public areas of a health care facility, theft of laptops utilized in patient care, accessing PHI when the access will not be directly related to the patient or while providing patient care, and, within the case of this reader , placing the patient ID health care document within the regular trash.

Explore higher education opportunities at Nurse.com/Schools.

Applying HIPAA to this reader’s breach

There are many more details that we have no idea concerning the circumstances surrounding this nurse’s failure to follow policies and procedures governing the confidentiality and privacy of patient care. For example, who discovered its violation? When was she dismissed from her position? Did she mourn the termination by following the employer’s grievance policy? How does the nurse know that PHI has not been compromised? Despite these and other termination questions, it is evident that the patient’s PHI was not handled because it must have been. The documents might have been taken from the trash can and simply used or sold by identity thieves whose job it’s to sift through discarded trash for such information.

It can be clear that the nurse’s employer, after conducting an intensive risk evaluation of her failure to comply with HIPAA and its policies and procedures, had the proper to fireside her.

One incident may not end in the employer being held liable, and if the danger evaluation shows that the danger to the patient is low, the employer will not be liable. However, an employer’s failure to comply with HIPAA privacy rules may end in: civil monetary penalties. Such a violation can be problematic for the employer since it constitutes the so-called the person concerned have to be notified under HIPPA whose PHI was “obtained or reasonably believed to have been accessed, acquired, used or disclosed as a result of such a breach.” Notifying the patient may end in the patient not wanting to receive care at the power in the long run, filing a grievance with the state department of public health, sharing his or her unhappiness with friends and/or in public forums – e.g., a letter to the editor of the local newspaper, and even filing a lawsuit for breach of privacy and confidentiality under state law. As a result, most healthcare employers take any violations seriously and wish the corporate to totally comply with all laws governing the privacy and confidentiality of patients of their care. The reader didn’t share details about who filed the grievance against her with the State Board of Nursing, however it can have been the employer. Because the employer is obliged to notify secretary of the Department of Health and Human Services’ Office for Civil Rights a few breach of “unsecured protected health information,” that agency could have notified the state board of nursing.

What are you able to learn from this case?

All healthcare providers must take PHI, patient privacy and confidentiality seriously. Although a reader identified that nurses appear to bear the brunt of violations, this is probably going not true. A fast review of the literature available online indicates that every one healthcare providers, including physicians and physician assistants, have violated HIPAA and/or patient privacy and confidentiality.

If you’re suspected of violating HIPAA or other patient confidentiality and privacy laws and are facing termination, it will be significant to pursue termination in case your employer’s policies allow it. Failure to truthfully challenge an alleged violation will likely be a difficulty for you while you face skilled disciplinary proceedings by your state board of nursing. Silence means consent to such conduct.

It is crucial that you just contact a nurse or attorney in your area for advice (and representation, if possible) within the event of an employment-level grievance, in addition to advice and representation before the Nursing Hearing Board. The reader stated that she contacted a lawyer but felt that the fee for the firm to handle the case was too high. Legal representation is dear, but should you are unable to be employed in the long run resulting from a HIPAA violation or privacy/confidentiality breach, the expense could also be price it. It is significant to keep in mind that skilled disciplinary motion against you doesn’t require that you just cause harm to a patient. If the conduct involves a violation of the Nurse Practice Act’s mandate to guard patient privacy and confidentiality, the violation itself constitutes grounds for a lawsuit against you. It can be vital to recollect that a HIPAA violation is taken into account a violation unless proven otherwise, which is why a risk evaluation is crucial. In short, a HIPAA violation doesn’t necessarily cause any harm. Other guidelines to remove from this case may be present in my 2019 blog post, “RN Violates Patient Confidentiality Policy to Check Work Schedule.”

Take these courses to learn more about confidentiality and patient care:

The federal Health Insurance Portability and Accountability Act (HIPAA) was implemented in 1996 and has been amended since then. HIPAA may confer with guidelines that protect your ability to take care of medical health insurance when moving from job to job or from place to put (“portability”). HIPAA can also confer with efforts to simplify the administration of medical health insurance. However, perhaps probably the most common use of the term when referring to health care professionals involves protecting the confidentiality and privacy of health care information. In this course, you’ll find out about parts of HIPAA, especially those related to nurses and other health care professionals and the protection of health care information. Because you play a key role in creating health care information, you play a key role in protecting it. Nursing documentation is a vital element of comprehensive patient care. Although documentation has all the time been a vital a part of nursing practice, the increasingly complex health care environment, litigious society, and number of settings wherein patients receive care require that nurses pay greater attention to documentation. This continuing education module discusses the importance of documentation, different documentation formats and settings, and what nurses must document, including details about difficult situations. A growing body of research has shown that diverse patient populations experience decreased patient safety, poorer health outcomes, and lower quality of care based on race, ethnicity, language, disability, and sexual orientation. Effective communication with all patients is critical to making sure protected care. The health care team should strive to fulfill the unique communication, cultural, and familial needs of all patients.