Running head: PRIVACY ISSUES 1

Privacy Issues

Elaine Dean & Nichelle Floyd

Jacksonville University

Information Systems and Technology for Improved Healthcare

NUR 516

Dr. Teresa MacGregor

May 16, 2016

PRIVACY ISSUES 2

Privacy Issues

Introduction

What is HIPPA? The term means Health Insurance Portability and Accountability Act.

The Department of Health and Human Services (HHS) enacted this law in 1996. The Office of

Civil Rights (OCR), which operates under the umbrella of (HHS), is responsible for

implementing and enforcing these rules. HIPPA Laws protect all individually identifiable health

information held or transmitted by a covered entity. An entity is any source that is engaged with

protected health information. These include health plans, health care providers, health care

clearing houses, business associates and business associates contracts. The laws remain the same

whether the mode of transmission is electronic, oral or paper. Protected Health Information

(PHI) cannot be disclosed without the written authorization of the individual except where

permitted by the law such as payment, treatment and administrative purposes ("Summary of the

HIPPA rule," n.d., para. 1).

A Summary of the presentation activities

This executive summary will address current HIPPA guidelines for electronic security

and information management. It will also identify the implications in nursing practice for the

staff nurse and the advance practice nurse. A case study will give insight into HIPPA violations

that can result in breach in confidentiality.

Implications for staff nursing practice

A major responsibility for the nursing staff is to document accurately in the Electronic

Health Record (EHR), preserve the integrity of the data, educate patient about their rights under

the HIPPA Law and protect individuals’ health information. The nursing staff make up a big

bulk of the professionals who access PHI therefore nurses are at the forefront of guarding PHI.
PRIVACY ISSUES 3

The task has become more difficult and challenging with the changes and advancement in

computerized technology. Patient care now includes the use of smart phones and other mobile

devices throughout the healthcare continuum. The nursing community is aware of the increased

risk of “medical identity theft” (Harman, Flite, & Bond, 2012, 1). The ongoing process in

providing high quality healthcare involves rapid exchange of data to other healthcare facilities,

non-facility providers and reporting to government agencies e.g. Center for Medicare and

Medicaid Services (CMS). The current HIPPA guidelines requires that individuals’ health

information is properly protected while allowing for the flow of health information needed to

provide and promote high quality health care and to protect the public’s health and well being.

("Privacy, security and electronic health records," n.d.)

According to the National Institute of Standards and Technology efficient management of

information security can be approached using the acronym “CIA”, confidentiality, integrity and

availability (Harman et al., 2012, para. 12). In all health practices and processes, Nurses need to

be vigilant in protecting patient confidentiality, computers should be positioned out of the public

view, and shields can be added to screens for reduced visibility. Nurses should not engage in

activities that would potentiate hacking, manipulation or destruction of data and possible

infestation by viruses and worms. High caution should be given to personal password and login

to mainframe Electronic Medical Record (EMR) systems and other points of PHI access.

Information integrity should be maintained by performing chart review to ensure health data

accuracy. Staff nurses should also be aware of default/backup system should main system fail.

The patient should be educate on their rights to access their personal health records, medical

records are available according to the facility policy and procedure for release of information.

Patient can request amendment of health information that is incorrect or incomplete. Telephonic
PRIVACY ISSUES 4

exchange of patient information should be restricted to what is permissible under the HIPPA

Laws. A pin or code should be given to surrogates authorized by the patient to receive telephonic

PHI.

Implications for advanced nursing practice

The advanced practice nurse identifies risk and vulnerabilities, create action plan and

execute the action plan in a timely manner. Staff training is to be optimized, administrative

safeguards need to be developed, implemented and maintained to protect PHI. Organizational

standards should be enforced according to the facilities contracts or other written agreement

during the transfer or transport process e.g. shredding of PHI. PHI also needs to be protected

from natural and environmental hazards. The advance practice nurse should monitor that policies

and procedures are observed and followed. Offices should be locked, screens used, computers

are logged off completely and unauthorized sites are not visited by staff. Audits trails should be

performed frequently to identify any illegal system or chart access. In-service of staff regarding

organizational changes and updates in response to PHI security should be performed by the

advance practice nurse or any other auxiliary as mandated by the facility. Monitoring of the use

of encryption capabilities by staff nurses and other allied health care personnel should also be

done by the advance practice nurse ("Privacy and security of electronic health information," n.d.,

Chapter 6)

There are several tools available to accomplish the goal of optimal information privacy.

One such tool is the Medicare and Medicaid Meaningful Use Core Objectives that addresses

privacy and security. This can be a very effective and efficient tool for the advance practice

nurse to employ in the task of managing the security of PHI: “lead the culture, document the

process, findings and actions, review existing security of PHI, develop an action plan, manage
PRIVACY ISSUES 5

and mitigate risk, attest to use of security related objective and monitor audit and update security

on an ongoing basis” ("Privacy and security of electronic health information," n.d., Chapter 6).

In conclusion, the implication is that nurses are the highest ranked gatekeeper for EHR,

and they are directly connected to the management of information security and privacy.
PRIVACY ISSUES 6

References

Harman, L. B., Flite, C. A., & Bond, K. (2012, November 9). Electronic health records: privacy,

confidentiality, and security. AMA Journal of Ethics, 14, 712-719.

Health information privacy. (n.d.). Retrieved from http:/www.hhs.gov/hippa/for-

professionals/privacy/laws-regulations/

Health information technology. (n.d.). Retrieved from https:www.healthit.gov

Michele, M., & Nancy, S. (2011, January). Electronic health records and the implication for

nursing practice. Journal of Nursing Regulations, 1(4), 55-60.

Samadbuk, K., Zahara, G., Masomeh, K., & Masoud, R. (2015, February). Managing the security

of nursing data in the electronic Health Records. Journal of Academy of Medical Science,

23(1), 39-43. Retrieved from http:/www.ncbi.nlm.nil.gov

Sewell, J., & Thede, L. (2013). Informatics and Nursing Opportunities and Challenges (4th ed.).

Philadelphia, PA: Lippincott Williams & Wilkins.

Your rights under HIPPA. (n.d.). Retrieved from

http:www.hhs.gov/ocr/privacy/hippa/understanding/index.html