Privacy laws are a serious matter. Regardless of the patient’s status, no patient—including public figures—should ever be subjected to a privacy violation. Yet many have. The health records of Tammy Wynette, Britney Spears, and Farrah Fawcett, for example, were sold to the media. In another incident, a former researcher at the UCLA School of Medicine accessed high-profile patient files, including the records of Sharon Osbourne, Barbara Walters, Elizabeth Banks, and Leonardo DiCaprio, and was sentenced to four months in a federal penitentiary. Last summer, five health care workers and a student research assistant were fired by Cedars-Sinai Medical Center and permanently barred from accessing patient records after they peered into the private medical records of Kim Kardashian. Three physicians were also involved because they violated hospital policy by handing off log-on information to access confidential patient records.
The privacy of every patient—famous or not—is protected by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA laws cover a wide range of health care communications, including physician orders, laboratory results, faxes, medication administration records, and even content written on whiteboards or posted on computer screens. Patient privacy is viewed as a serious legal right, so access to patient information is carefully guarded and restricted to only those who are directly responsible for providing care. Moreover, each state’s nurse practice act and the Centers for Medicare and Medicaid Services also protect patient privacy. Violations can lead to fines or even criminal charges and put a health care worker’s job on the line. Although many breaches of patient privacy aren’t deliberate, even an inadvertent slip up can result in serious consequences.
In today’s world, even the most well-intentioned care provider can be challenged by the complexity of protecting patient privacy and the pitfalls that lurk everywhere—from the copy machine, fax machine, and trash container to multiple computer stations perched in every unit, along with careless conversations in the hallway, elevator, and cafeteria. Not to mention plain old curiosity. These all present an opportunity for a confidentiality breach.
Because of the pitfalls, each nurse needs to be aware of the risks and take steps to ensure that only those who have a need to know are privy to a patient’s protected health information. Some important guidelines that will help protect your patient’s privacy include:
- Never talk about protected health information in any public area. This includes hallways, elevators, stairways, waiting areas, and restrooms. Close doors or privacy curtains before having a discussion about any confidential health information.
- Don’t walk away from your computer screen and leave patient information exposed. Be sure to log out before you leave your computer workstation.
- Never use your facility’s computers for personal use, such as social networking, surfing the Internet, or chatting online.
- Never share your employee badge or computer log-in information with a coworker or vendor.
- Don’t toss notes that contain protected health information into a trash container or recycle bin. Be sure that you shred any confidential information.
- When someone asks about a patient, verify that person’s identity to be sure you can discuss the patient’s condition before releasing any information.
- Never leave medical records or private information unattended on a countertop or table.
- Remember to enforce all privacy safeguards when disclosing patient information over the phone or via fax, and verify the fax number before sending any confidential information.
- If a staff member resigns or is terminated, notify IT personnel immediately to prevent that staff member from continuing to access protected health information.
- Curb your curiosity. Access information only when you need to know to provide patient care. And keep that information to yourself.