Nurses have a legal and ethical responsibility to maintain patient privacy and confidentiality. Social media and new technology create additional challenges, as disclosing information is often unintentional. Creating a heightened awareness can help you be more diligent in protecting yourself, your patients and your employer.

What Is HIPAA?

HIPAA, or the Health Insurance Portability and Accountability Act, was passed by Congress in 1996 in order to better protect patient privacy, and it outlines Privacy, Security and Breach Notifications Rules. According to the California Department of Health Care Services, HIPAA requires that “health care providers and organizations, as well as their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared.”

What does this mean for you as a nurse? Simply put, all forms of PHI (paper, electronic or oral) must be kept confidential and secure, and you should only use the minimum health information necessary to your practice. HIPAA violations can have serious consequences. Nurses can face fines, sanctions or even loss of license, and employers can face fines up to $1.5 million.

What does a HIPAA Violation Look Like?

HIPAA violations come in many forms — some of which may be unexpected. Here are just a few situations to illustrate how violations can happen:

Social Media: Nurses, patients and caregivers form close bonds, so it’s only natural that they reach out to connect through social media. Unfortunately, it is very easy to blur the lines between a professional and personal relationship. Think about information on your social media — your friends, family, opinions, activities and photos — that may influence their opinion of you as their nurse.

Now, think about patient information on social media. Suppose your patient goes out drinking this weekend and alcohol interacts with their medication. Now that you have that information, do you report it? Or is that a breach of patient confidentiality as well? The legal and ethical considerations can quickly become murky.

Social media may negatively impact future employment as workplace discrimination still occurs. Sharing a patient photo with a caption like “Why I love nursing” or “Finishing chemotherapy” may cause harm years later, even if the patient consented. Although you may feel your social media is appropriately private, it is incredibly easy to send screenshots from one person to another. To protect your hard-earned nursing license and to follow the law, consider what downstream effects your social media presence could cause.

Overheard Conversations: Have you ever been to the doctor’s office and seen or heard other patients’ names or medical information? It can make you feel uncomfortable and think that your private information may also be at risk. When discussing patient health information, it is always important to keep in mind the setting you are in — hallway, elevator, nurses’ station or cafeteria, for example.

Technological Mishaps: We’ve all left our phones somewhere or our computers unlocked. Nurses need to watch how and where they view patient information. Be cautious about accessing patient information on home devices such as personal computers or tablets to avoid putting yourself at risk for a HIPAA violation.

5 Tips to Avoid Violating HIPAA Regulations

Now that you know a few of the areas of concern, here are a few ways to prevent HIPAA violations.

  1. Double check authorization requirements. HIPAA requires written consent from the patient before the use or disclosure of information (other than treatment, payment, healthcare operations or Privacy Rule-exempt). Always pause and double-check before providing information, especially to co-workers not caring for the patient.
  2. Watch where you discuss patient information. Nurses are busy, and often it is easiest to catch a colleague or caregiver in passing to relay patient information. Make every effort possible to control the environment to reduce the risk of HIPAA violations.
  3. Mind your technology. Technology has made information sharing easier than ever, but it also comes with risks. Sharing login credentials or passwords, leaving portable devices unattended, and texting patient information are all easy ways to commit a HIPAA violation. Use caution when discussing or viewing confidential information on devices and use your workplace healthcare messaging platform instead of regular text messaging.
  4. Unfriend/unfollow/block current patients and caregivers. If you are already connected with patients or caregivers on social media, now is a good time to break that link. Let them know you will be “un-friending” or unfollowing, not because you don’t value the relationship, but because you are concerned about professional boundaries. Make your social media profiles private and block patients from seeing your public social media.
  5. Politely decline friend/follow requests. If a patient or caregiver sends you a friend or follow request, politely decline it. Explain that it would be in violation of your employer’s social media policies. Not sure if your employer has a policy? Most do. If not, the National Council of State Boards of Nursing (NCSBN) and the American Nurses Association (ANA) do.

Does your employer have good policies in place or do they need updating? Consider starting or joining a team to help. An online RN to BSN program can teach you the leadership skills you need to become an effective agent for change at your place of employment.

Learn more about Eastern Michigan University’s online RN to BSN program.


California Department of Health Care Services: Health Insurance Portability & Accountability Act

HIPAA Journal: How Employees Can Help Prevent HIPAA Violations

Becker’s Healthcare: 10 Common HIPAA Violations and Preventative Measures to Keep Your Practice in Compliance

NCSBN: A Nurse’s Guide to the Use of Social Media

American Nurses Association: ANA’s Principles for Social Networking and the Nurse