The Top 8 Most Common HIPAA Violations Made by Nurses

HIPAA is one of the most important acronyms in medicine. It refers to the Health Insurance Portability and Accountability Act of 1996 and regulates the handling of identifiable patient information. Every year, the Office for Civil Rights investigates more than 1,000 separate HIPAA violations. In 2013, which had the most violations of any year to date, almost 4,500 incidents were investigated.

Because HIPAA is so complex, nurses can easily violate its terms without being aware of doing so. But that doesn’t exempt them from consequences; HIPAA violation penalties for nurses can be severe and can result in excessive fines and jail time. It’s best to stay informed and prepared to ensure you can do your best work while remaining confident in your choices.

Nurses and HIPAA Violations: Common Mistakes and How to Avoid Them

1. Unauthorized Disclosure of Patient Information

In some professions, it’s common for coworkers to vent to each other in detail about their clients. In the medical world, that’s illegal.

Patient information is protected by HIPAA and cannot be shared with anyone who is not directly involved with that patient’s care. HIPAA even applies in cases where nurses are overheard while sharing information with approved third parties. Be sure you are in a secure location before divulging patient medical information, and when possible, leave that exchange to notes in their medical chart.

Compassionate Disclosures

Most of the time, a nurse’s compassion is an asset, but violations can occur when family members or friends of patients ask about their loved ones’ prognoses. If a patient has not explicitly authorized disclosure to those individuals, disclosing the requested information is a HIPAA violation. Nurses should take the time to check patients’ records for signed release and authorization forms. A person not named in such a form cannot be privy to protected health information.

2. Improper Protection of Medical Records

It’s very easy for a nurse to leave a monitor active and walk away to complete another task, leaving their patient’s information visible to passersby. Nurses can protect themselves from accidents like these by getting into the habit of logging out of all programs whenever they leave a room or step away from a device.

3. Allowing Records to Be Lost or Stolen

If a device for electronic medical records or a file leaves a nurse’s hands, the nurse is liable for that misplaced information. Maintain a chain of custody for files if needed, and be sure to only leave medical information in secure, designated storage areas.

4. Unsecured Storage of Health Records

Any records that contain protected health information must be stored in a secure area. Nurses can be fined for violating HIPAA for oversights as simple as forgetting to lock a filing cabinet, neglecting to shred a handwritten note about a patient or dropping off records in an unsecured area.

Nurses should know what their employers’ policies are regarding the transfer of paper and electronic records. If no policy is in place, nurses are responsible for making sure records are locked away or supervised at all times.

5. Sharing Patient Data Outside Approved Channels

Developers of medical software are aware of HIPAA regulations and design their products with sufficient security protections to make them compliant. HIPAA requires that medical professionals transmit records using these certified programs. Although it may be convenient to text a coworker or call a home number to ask about a patient’s case, nurses must restrict themselves to approved software.

6. Improper Disposal of Health Records

HIPAA requires medical professionals to securely dispose of any protected health information. Instances of carelessly forgetting to shred a form or delete a file can easily cause a violation. Other errors are harder to avoid. Secure disposal requires that every copy of a record be destroyed, and that can be difficult when information is backed up across multiple devices. The data must be destroyed in an approved manner by physically destroying the device or magnetic media, overwriting the data or permanently encrypting the record. Any encryption must be recorded and backup copies have to be stored securely according to HIPPA’s legal requirements.

7. Failure to Report Violations

HIPAA requires nurses and other health care professionals to report any violations they witness, even if they recognize it was accidental. Reports can be filed either through internal channels or electronically through the Department of Health and Human Services. Nurses who are unclear on whether a particular piece of information is protected can refer to the guide published by the National Institutes of Health or ask a supervisor.

8. Failure to Participate in Training

Health care organizations are required to provide training in HIPAA confidentiality, and staff members are required to participate. What is covered during that training is at the discretion of the health care facility. To ensure you have the most up-to-date and extensive training in HIPAA policies, patient care techniques, and more, consider earning your RN to BSN online. These online programs are designed with working nurses in mind so you can balance your education with your busy life.

The online RN to BSN program from Bethel University focuses on treating patients in a holistic way that touches the body, mind, and spirit. The program is about providing meaningful care that promotes the health of people from diverse families, communities, and systems.

If you already have your BSN, consider becoming part of the team that develops the training in your healthcare facility. With an online MSN degree, you’ll be prepared to take on roles as a nurse leader in administration and education. The online MSN program at Bethel, which is accredited by the Accreditation Commission for Nursing Education, can be completed in two years and includes Nurse Administrator and Nurse Educator tracks, allowing you to specialize your education for your specific career goals.