Violation of HIPAA; Confidentiality

Violation of HIPAA; Confidentiality


We live in an era where the health care system is gradually but surely embracing patient-centered care.  One of the fundamental pillars of patient care is confidentiality. Information regarding the patients’ health should be kept private and confidential and only shared when it is necessary i.e. when sharing will aid in improving the health status of any given patient. So critical is the concept of patient privacy and confidentiality that bills has been passed in congress and senate to enforce this practice among health care professionals.  This paper will describe one such law; the Health Insurance Portability and Accountability Act (HIPAA) with a goal of raising the awareness of nurses regarding their responsibility and roles in upholding patient confidentiality (Beebe et al., 2011). In this paper, a head nurse will discuss with junior nurses their specific responsibilities and the consequences that may arise in case they fail in their responsibility to keep the patient’s information private in her nurse-led health care facility.

Health Insurance Portability and Accountability Act HIPAA

The HIPAA Act of 1996, Public Law 104-191, was enacted on the 21st of August 1996.  Within the HIPAA Act are sections 261-264 that require the Department of Health and Human Services (DHHS) Secretary to make public the electronic exchange standards the security and privacy of health information. The HIPAA is a Federal Law in the United States that has provisions for the privacy of information and safety for the safeguarding of a patient’s medical information. The Department has since 1996 received over 11,000 comments  sourced from public input for the modification of the Act. The latest changes made to the HIPAA Act were made on the 14th of August 2002. Anyone including you nurses can access the adjustments that can be found at 45 CFR Pat 160 and Part 164, Subparts A and E (Journal, 2017).

Targeted Employee Group; Nurses

Among the most significant people covered by the privacy are the rule is nurses who come under the health care providers who at any point of their service transmit patient information in electronic form. The Act was primarily enacted to limit the ability of an employer to deny coverage by health insurance to employees who have preexisting medical conditions. What’s more, the HIPAA law gave directives to the U.S. DHHS to create privacy rules that included but not limited to the utilization of electronic medical records. Despite the fact that the law has increased patient confidentiality, it also increased the financial burden, including the cost of personnel in healthcare. The nurse takes the forefront position in the push to resolve the dilemma between patient privacy and the expediency of health care (Journal, 2017). Due to the crucial role that nurses have to play it is of great importance that they understand their responsibilities concerning the HIPAA regulations.

Nurses handle private information on a daily basis from the offices to nursing stations to examination rooms to operating theaters and patient’s bedsides. Due to their preoccupation with the health of the patient, they often become desensitized to the vitality of complying with HIPPA and protecting the physical and digital paper trail. For that reason, nurses are the focus of this sensitization. The HIPAA and particularly the Privacy and Security Rules guide how individuals including nurses at entities that are covered should gather, utilize and deal with protected health information (PHI).  The privacy rule requires the entities that are included  reduce to a minimum the instances where PHI may be used or disclosed (Beebe et al., 2011).

The Security Law requires that “appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.” There are many simple ways to which nurses can assist in improving safety and privacy of the patient’s information regardless of what they are doing in the clinical area.

Responsibilities of Nurses in Upholding the HIPAA Act; Confidentiality

  1. Improved Situational Awareness

To begin with is situational awareness, the most significant adjustment that goes beyond all tasks responsibilities and facilities is better situational awareness (SA). SA among most nurses having discussions regarding patient care is often necessary. During this time there is always the potential for disclosure of a patient’s health information incidentally. However, as stipulated in the disclosure clause of the privacy rule, some related provisions and disclosures of protected health information are allowed to happen. This is when the covered entity has put in place reasonable safeguards and minimum necessary policies and procedures that protect the patient’s privacy (Caring for Patients While Respecting Their Privacy, 2017).

A nurse working in Guthrie Clinic Steubed in New York, was sued by a man after she informed the girlfriend that he had STD. the nurse was charged in court and awaits sentencing.

Allowances could be inclusive of speaking in low tones when sharing patient’s information with a colleague or the family of the client especially in an area that has public access. It may as well be inclusive of use of privacy filters the screens of devices to aid in the protection of the individual’s information being seen on display by someone passing by (Journal, 2017).



  1. Better Document Handling

Secondly, the nurses can better at their document handling. Despite an upsurge in the use of electronic health records by health care facilities, there are still some health care services that rely heavily on the paper files. The paper files could be the printed lab results. Physical safeguards should not be assumed when nurses are working towards complying with the HIPAA rules (Colorafi & Bailey, 2016). When nurses are dealing with paper containing the patient’s information, the nurse should not leave them lying on the nurse’s station. What the nurse should do is to store it in a secure drawer away from the roaming eye of bystanders. The storage rooms and record room should be kept safely locked whenever they are not in use. It is the responsibilities of the nurse managers in charge  of units to ensure that entry into those rooms is only be allowed for authorized personnel. Whenever the nurse establishes that the physical document is no longer in use and is not needed for storage services, they should dispose of properly for instance by shredding (“Caring for Patients While Respecting Their Privacy”, 2017).

One Ms. A, 29 years of age, had been employed by a midsize regional clinic for five years. Her husband was being sued by the people in the other car after they were involved in a motor vehicle accident. As she flipped through the medical charts she came across the plaintiff’s name, she then took more interest in the file and even jotted down some notes. Later that night, while her husband was complaining about the impending lawsuit and the financial consequences that would accompany it, she gave him the piece of information from the plaintiff’s file. Her husband called the plaintiff the next day to tell him that he had medical information that would weaken the man’s case; he further suggested that the plaintiff drops the case (Ann W. Latner, 2017).

After hanging up, the patient called the hospital and the District Attorney who forwarded it to the State Prosecutor. She ended up losing her job, was indicted with her husband and the State Board of Nursing is seeking to revoke her license. She was charged with violating the HIPAA Act and with “conspiracy to wrongfully disclose individual health information for personal gain with maliciously harmful intent in a particular dispute.” She is awaiting sentencing and she faces up to 10 years of jail time with a fine of up to $250,000 (Ann W. Latner, 2017).


  1. Improved efficiency of Electronic systems information sharing

Electronic systems of sharing and storing information could improve the efficiency and quality of patient care by readily availing patient information to other caregivers. It, however, also poses significant challenges to the privacy of patient information. Sharing of patient information from desktops on the nurse’s station to the large screens in the operating rooms can leave that information open to visual hacking (Colorafi & Bailey, 2016). HIPAA states that “physical measures, policies, and procedures to protect confidential electronic information systems from unauthorized intrusion” must be enforced by the nurses. In 2010 at Tri-City Medical Centre in Oceanside fired 5 nurses for discussing the patients on Facebook, this situation came five years after the more nurses had been fired for taking photographs of a suicidal patients. The nurses were later to be charged in court for breach of confidentiality.

Nurses could also play as a team in protecting the patients and their PHI. All nurses and health care worker should work as a team to create the first line of defense in the protection of private and confidential information from unnecessary and unwarranted exposure (Journal, 2017).


General Consequences of violating the HIPAA Act

There are consequences of nurses failing to uphold the HIPAA Act; the consequences for violating HIPAA could be civil or criminal. For the crime covered entities and specified individuals who could be nurses that knowingly obtain or disclose individually identifiable health information in violation of the Administrative Simplification regulations could be slapped with a fine of up to $50,000 plus imprisonment of up to one year.  If the offenses have been committed under false pretenses, it allows the penalties to be extended to $100,000 fine plus a jail time of up to five years (Colorafi & Bailey, 2016). Lastly, offenses that have been committed with the intention of selling, transferring, or using individually identifiable health information for commercial advantage, personal gains or for malicious harm permit a fine of $250,000 and a jail time and imprisonment for up to ten years.

Some nurses have been charged with violating the HIPAA Act. Something that started as minor file maintenance ended up in jail time for a nurse who shared a patient’s medical information with her spouse (Ann W. Latner, 2017).


In summary this paper has described the responsibilities of nurses in upholding the HIPAA Act. Nurses are in a position to ensure privacy and securities of individual medical information are kept confidential. They can do this by the secure handling of documents, teamwork, situational awareness and safe handling of electronic information. Finally, the paper has highlighted the consequences that may arise from violation of the HIPAA Act and even given a real life scenario of the same. Nurses should do all they can to protect the security and privacy of the patient’s information as stipulated by the HIPAA Act.




Ann W. Latner, J. (2017). Staff Nurse Faces Jail Time for HIPAA ViolationsRenal and Urology News. Retrieved 15 February 2017, from

Beebe, T., Ziegenfuss, J., St. Sauver, J., Jenkins, S., Haas, L., Davern, M., & Talley, N. (2011). Health Insurance Portability and Accountability Act (HIPAA) Authorization and Survey Nonresponse Bias.Medical Care49(4), 365-370.

Caring for Patients While Respecting Their Privacy. (2017). Medscape. Retrieved 15 February 2017, from

Colorafi, K. & Bailey, B. (2016). It’s Time for Innovation in the Health Insurance Portability and Accountability Act (HIPAA). JMIR Medical Informatics4(4), e34.

Journal, H. (2017). What are the Penalties for HIPAA Violations?HIPAA Journal. Retrieved 15 February 2017, from