Healthcare workers deal with private patient information daily. From nursing stations and offices to exam rooms, patient bedsides and operating rooms, we are surrounded by private patient information. However, due to the focus on patient health and our constant contact with patient data, we may become desensitized to the importance of HIPAA compliance and the importance of protecting both electronic and paper documentation as well as verbal information.

As a healthcare provider, it is your responsibility to know the rules of HIPPA and do everything reasonably possible to protect the privacy of patients and residents you care for. Be familiar with your facilities policies. Ask questions or visit for a complete review of HIPPA rules and regulations.

For nurses and other healthcare workers, discussing patient care is essential in most cases, and the potential exists for an individual’s health information to be disclosed accidentally. You may prevent this by speaking quietly when discussing patient information, removing yourself from public areas such as hallways and open nurses’ stations and discussing information in private break rooms or at the bedside. You must also ensure that you are doing everything reasonably possible to protect patient health information (PHI) in the form of electronic or paper data.

Never Share your Password – Never share or allow anyone else to use your login or password, always logout of workstations

Learn About Proper PHI Disposal Method – Do not leave paper documents with patient information on desks or counters. All paper information with PHI (patient health information) should be kept at the nurses’ station or at your individual work station in a chart or turned upside down so no one is able to see or disposed of. If you are not familiar with how to dispose of paper documents with PHI (patient health information), ask your facility to share their policy on shredding or disposing of documents in a secure container.

Report All Inappropriate Disclosures ASAP – If you become aware that a co-worker has violated HIPPA or you accidentally violate HIPPA, please report these incidents. If a nurse or another healthcare worked violates HIPAA by accident, it is vital that the incident be reported to the person responsible for HIPAA compliance in your organization – the Privacy Officer, if your organization has appointed one – or your supervisor. The failure to report a minor violation could have major consequences.

Never Post on Any Social Media Sites – “Posting any protected health information on social media websites, even in closed Facebook groups, is a serious HIPAA violation. The same applies to sharing PHI including photographs and videos of patients via messaging apps such as WhatsApp, Skype, and Facebook Messenger. Unless prior authorization has been received from a patient, in writing, nurses should avoid sharing photographs and videos of patients (or any PHI) on social media sites. The National Council of State Boards of Nursing (NCSBN) has released a useful guide for nurses on the use of social media.”

What happens if I violate HIPAA:
Serious violations of HIPAA Rules, even when committed without malicious intent, are likely to result in disciplinary action, including termination and punishment by the board of nursing or accrediting body. Termination for a HIPAA violation does not just mean loss of current employment and benefits. It can make it very hard for a nurse to find alternative employment. HIPAA-covered entities are unlikely to recruit a nurse that has previously been fired for violating HIPAA Rules.

The list of possible HIPAA violations by nurses is long, although the most common nurse HIPAA violations are listed below.
• Accessing the PHI of patients that you are not treating
• Gossiping – Talking about specific patients and disclosing their health information to family, friends & colleagues
• Disclosing PHI to anyone not authorized to receive the information
• Taking PHI to a new employer
• Theft of PHI for personal gain
• Use of PHI to cause harm
• Improper disposal of PHI – Discarding protected health information with regular trash
• Leaving PHI in a location where it can be accessed by unauthorized individuals
• Disclosing excessive PHI and violating the HIPAA minimum necessary standard
• Using the credentials of another employee to access EMRs/Sharing login credentials
• Sharing PHI on social media networks

Lalah Landers, BSN, RN
Clinical Nurse Supervisor
Clinisight, LLC