Examples of HIPAA Violations by Nurses

HIPAA legislation applies to all those who work in the healthcare sector. Thus, as well as doctors, dentists, administrative staff etc., nurses must also abide by HIPAA. The failure for any covered entity (CE), including all of their staff, to comply with HIPAA legislation can result in severe consequences, including fines and even jail sentences.

However, accidents do happen, even when the utmost care is taken to avoid them. If a nurse causes a HIPAA violation, the breach must be reported to the Privacy Officer. Each CE has such an officer whose job it is to oversee HIPAA compliance within the organisation. Regardless of whether the violation was intentional, serious breaches will result in some sort of action from the Board of Nursing. This may include mandatory HIPAA training courses or even termination of employment.

If it is discovered that the HIPAA violation was intentional, the negligent party may be criminally prosecuted. Any HIPAA-related complaint can be submitted to the Department of Health and Human Services’ Office for Civil Rights. If appropriate, they can then be passed on to the Department of Justice. In the most severe cases – for example, where protected health information (PHI) was sold for financial gain – the perpetrator can receive jail sentences of up to ten years.

Examples of HIPAA Violations

  • Accessing the PHI of patients you are not required to treat
  • Disclosing information about specific patients to family, friends & colleagues
  • Disclosing PHI to anyone not unauthorized individuals
  • Taking PHI to a new employer
  • Use of PHI to cause harm
  • Improper disposal of PHI – Discarding protected health information with regular trash
  • Leaving PHI in a location where it can be accessed by unauthorized individuals
  • Disclosing excessive PHI
  • Using the credentials of another employee to information
  • Sharing PHI on social media networks

With the rise of social media, it is perhaps unexpected that this has caused a surge in cases of PHI being inappropriately disclosed on such platforms. This is a serious HIPAA violation: if any information or image is shared on Facebook, WhatsApp, Skype etc. – even in private groups – it must only be done with the patient’s prior consent. Thus, it is safer to avoid sharing information on social media sites altogether.

Regrettably, there have been some cases of nurses sharing images of patients that not only violate HIPAA legislation, but human dignity. These include taking photos of patients in embarrassing or degrading situations or even recording abuse of patients. In January of 2017, a nursing assistant lost their job for sharing abuse of an Alzheimer’s patient on Snapchat. After the patient filed a criminal complaint, the nursing assistant now faces a jail sentence if convicted. There have been around 35 cases of such incidents using Snapchat.