NUR 514 Review HIPAA, protected health information (PHI), and requirements for privacy and confidentiality in EHRs
NUR 514 Review HIPAA, protected health information (PHI), and requirements for privacy and confidentiality in EHRs
Health Insurance Portability and Accountability Act (HIPAA), Protected Health Information (PHI), and requirements for privacy and confidentiality in Electronic Health Records (EHRs) have become critical issues and a requirement of deep knowledge from the healthcare professionals using them since 1996 (DeNisco & Barker, 2019). “To protect the privacy and security of health information, two sets of federal regulations were implemented (McGonigle & Mastrian, 2022).” With the HIPAA privacy rule, patients are able to expect that healthcare professionals are maintain strict privacy and limit the use and knowledge of their private health information to only people that are part of the treating team. With the Security Rule, the healthcare provider treating the are required to protect their patients’ private health information from inappropriate use or exposure, preserve the integrity of the knowledge, and guarantee its availability (McGonigle & Mastrian, 2022). Ethical and legal concerns are easy to come by when a healthcare team member unintentionally or intentionally share this PHI when they are not supposed to. In nursing one ethical issues that we are held to is autonomy, which could be compromised if the patients PHI is shared to someone not involved in the care and without their consent or understanding (McGonigle & Mastrian, 2022). Legal concerns could be many with HIPAA and PHI on EHRs, but a breach in either of these could mean fines or even jail time, as they are considered very serious offenses (McGonigle & Mastrian, 2022). Measures that I can take in my own practice to protect patient confidentiality is simple: 1) When walking away from the computer, make sure my screen is logged off, so no one can see information that is not intended for them, 2) Never share my password with another individual, 3) Never share private medical information with a caregiver who is not directly involved in the patients care, 4) When sending secure patient information over email, use least amount of identifying patient information possible, such as MRN, and use the secure email functions and identifiers.
DeNisco, S. M., & Barker, A. M. (2019). Advanced practice nursing: Essential knowledge for the profession (4th ed.). Burlington, MA: Jones & Bartlett Learning. ISBN-13: 9781284072570
McGonigle, D., & Mastrian, K. G. (2022). Nursing Informatics and the foundation of knowledge. Jones & Bartlett Learning.
The health insurance portability and accountability act (HIPAA) public law 104-191, was enacted into federal law to ensure that that patient medical data remains private and secure (Tariq & Hackert, 2022). There are two main sections of the law, the privacy rule which addresses the use and disclosure of individuals’ health information, and the security rule which sets national standards for protecting the confidentiality, integrity, and availability of electronically protected health information (Tariq & Hackert, 2022). As an advanced registered nurse practicing in a leadership position, it is imperative to provide teaching and continual reinforcement of ensuring the security, privacy, and protection of patients’ healthcare data. This is critical for all healthcare personnel and institutions in this age of fast-evolving information technology. The use of the internet based EMR’s is perhaps the biggest threat to data leaks that may occur intentionally by someone deliberately entering the chart of a patient they are not caring for, but have socially interacted with. This is a direct violation of HIPAA. This breach in patient confidentiality can result in employee termination and fines. An unintentional breach of HIPAA happens when the clinical staff leave their computer screens open in-between caring for patients. This is still a violation of patient confidentiality and could also result in employee discipline. Both of these violations will have to be evaluated by the advanced practicing registered nurse in the role of a Risk Management. Another area that could possibly cause a breach is transmitting data over the internet, the hospital IT department and the advanced practicing registered nurse working as the organizations Informative Nurse must ensure that data is being transferred thought encrypt transmission systems to ensure that it remains private. Today, encryption of healthcare records is standard practice, and uses software programs such as MBMD to send messages to providers and All Scripts to transfer information to home care agency for aftercare. The role of nursing leader, risk management, and informatics nurses assist in implementing and auditing the record transmission process..
Tariq, R., & Hackert, P. (2022, September 25). Patient Confidentiality. Retrieved from StatPearls: https://www.ncbi
Click here to ORDER an A++ paper from our Verified MASTERS and DOCTORATE WRITERS NUR 514 Review HIPAA, protected health information (PHI), and requirements for privacy and confidentiality in EHRs:
The Health Insurance Portability and Accountability Act (HIPAA) is a federal health care policy aimed at ensuring that providers and organizations adhere to set health information security protocols and usage, especially sharing of patient protected information. The protected health information (PHI) requires providers not to disclose any personal information of their patients without their express consent (Cohen et al., 2018). The privacy and confidentiality requirements implore providers to ensure that such information is not disclosed to other individuals as it is unethical and illegal. The privacy and confidentiality requirements imply that the entities cannot change the information but can store it in different formats that include paper and electronic files.
One ethical issue associated with the use of electronic health records (EHRs) based on HIPAA provisions is ensuring confidentiality of the information (PHI) and never disclosing it without informed consent. Another aspect is the legal issue where the privacy of an individual is paramount, including their health information (Keshta & Odeh, 2021). Consequently, providers cannot alter information or share it without the express informed consent of the individual or patient. The implication is that an advanced practice registered nurse (APRN) should adhere to these provisions and comply with all the legal aspects of care provision.
Telehealth is playing a critical role in care delivery for patients in remote locations and with resource limitations. The use of EHRs and telehealth can improve the health of the underserved and those with chronic conditions. However, providers must share such information using EHRs and increased interoperability. Such systems may compromise patient data, especially mobile applications that access such information (McBride et al., 2018). As such, it is essential to institute measures like enhanced data security and limiting authorization based on the level of expertise of the provider. It also requires organizational policies on data security and patient health information management to avoid any possible violations or breaches that can lead to legal actions against the facility.
Cohen, I. G., & Mello, M. M. (2018). HIPAA and protecting health information in the 21st
century. Jama, 320(3), 231-232. DOI:10.1001/jama.2018.5630.
Keshta, I., & Odeh, A. (2021). Security and privacy of electronic health records: Concerns and
challenges. Egyptian Informatics Journal, 22(2), 177-183. https://doi.org/10.1016/j.eij.2020.07.003
McBride, S., Tietze, M., Robichaux, C., Stokes, L., & Weber, E. (2018). Identifying and
addressing ethical issues with use of electronic health records. Online Journal of Issues in Nursing, 23(1), 1-4. DOI: 10.3912/OJIN.Vol23No01Man05
According to Shindell (2016) HIPPA provides privacy for oral, written, and electronic health information with two rules that govern privacy and security. He says the privacy rule focuses on an individual’s right to control the use of personal health information. The security rule refers to a healthcare provider’s responsibility to prevent unauthorized disclosure, destruction, or loss of electronic protected health information (Shindell, 2016).
An ethical issue would be a provider leaving their unencrypted laptop on their desk and it gets stolen. Thieves can now access patient’s insurance information to gain health services or medical benefit in another person’s name with the victim risking incorrect information being placed in their actual medical records. The person who took the computer now has access to the patient’s social security numbers, health insurance information, financial information, disability codes and much more (Shindell, 2016).
When providers are practicing telehealth it is critical that they give special consideration to patient’s privacy and confidentiality. Informed consent releases to receive telehealth services are a vital first step. Informed consent should be treated as a process and not just a one time event. This consent should be obtained from all persons living in the home due to potential privacy considerations (McGonigle & Mastrian, 2018).
In order to provide protection and privacy for patient’s, efforts must be made by agencies to upgrade their information systems to always have that highest level of data security. All providers must adhere to all data privacy and confidentiality guidelines and be sure all staff is trained in privacy and confidentiality. It’s also important the patient’s know their medical information will be secured over telephone or communication lines (McGonigle & Mastrian, 2018).
McGonigle & Mastrian (2018). Nursing Informatics and the Foundation of Knowledge. (4th ed).
Shindell, R (2016). Hippocrates & HIPPA: What’s the Ethical Involvement? https://www.hmpgloballearningnetwork.com
With the advancement of technology, we also have seen the advancements that occur in healthcare. With these advancements and the advantages that are associated, they also come with disadvantages. Electronic Health Records, allow for patient care to be seamless. Physicians, and advanced practice nurses, have the ability to view a patient’s chart from anywhere in the facility, occasionally, facilities also have remote access for physicians that work in telemedicine. With this advancement, there are less occurrences of delay in patient care. Protecting a patients health information, can be done in a similar matter to the protection of other data. Performing risk assessments, can help in ensuring the protection and security of patient health information, as well as the overall technology and programing within a healthcare facility. Ensuring that audits are done according policy, and utilizing updates to technology, is also recommended. By completing these tasks according to facility policy, it can help prevent things such as hackers or any release of information that goes against HIPAA (Li;, et al, 2022). When accessing patient information from outside a facility, it is imperative to ensure that the information is encrypted, because it is easier for technology to be accessed when it does not meet facility standards.
Li, H., Yang, X., Wang, H., Wei, W., & Xue, W. (2022). A Controllable Secure Blockchain-Based Electronic Healthcare Records Sharing Scheme. Journal of healthcare engineering, 2022, 2058497. https://doi.org/10.1155/2022/2058497