Clinical Corner: HIPAA in a Nutshell

Clinical Corner

by Joe Bryowsky RN, CCRN – Clinical Manager

What is HIPAA?

In 1996 the U.S. government enacted the Health Insurance Portability and Accountability Act. This law is meant to keep a patient’s medical information private.

What constitutes a HIPAA violation?

  • Showing or sharing the information to an unauthorized person: If any health-care provider shares medical information about a patient without the patient’s consent, that is a HIPAA violation. This includes telling people about the patient’s condition, discussing the patient’s condition in public, or using the patient’s information in a medical brief without the patient’s consent. This would also apply to today’s technology which includes cell phones that take pictures, Facebook, texting, etc.
  • Excessive Views: Too many looks at a medical record or more often than needed, can constitute a violation of the law. Sometimes this happens when a patient with an abnormal condition comes into the hospital or because people are simply curious.
  • Health discrimination: Sometimes employers violate HIPAA. If an official from the company you work for reads your medical information and uses it to make a decision about you, that is a violation.
  • Improper disposal: Hospitals, Medical offices and Clinics are required to shred, and dispose of, any medical records. The violation would be against any one of these entities due to neglect if records were disposed of improperly.

These are all important points for all healthcare workers to be knowledgeable in. One of these points however is the one most frequently overlooked and that is the first bullet point above:

Showing or sharing the information to an unauthorized person: Under the privacy rule, a healthcare provider may “disclose to a family member, other relative, or a close personal friend of the individual, or any other person identified by the individual,” the medical information directly relevant to such person’s involvement with the patient’s care or payment related to the patient’s care.

Uses and disclosures for involvement in the individual’s care and notification purposes are clearly permitted. Right?

Here’s the catch, and it’s the one that most healthcare workers fail to think about at one time or another. The rule states that if the patient is present, the healthcare provider may disclose medical information to such people if the patient does not object. If the patient is unable to agree or object to disclosure because of incapacity or an emergency circumstance, the covered entity may determine whether the disclosure is in the best interests of the patient.

How many times have we gone into a patients room, friends and/or family members are present, and the patient asks us a question about their care, treatment modalities, diagnosis, etc.? Just about every day, right? And how many times have we just answered their question and thought nothing about it? After all that’s just part of delivering excellent patient care, right?

Think again. HIPAA violation!! All healthcare workers must remember to always ask the patient if it is OK to share that information in front of anyone in the room that is not a healthcare worker who is directly involved in the patient’s care.


Always remember: “Protect the patient and protect yourself”!

For more information go to:

  • Subscribe to the Medical Solutions Blog

    Get updates sent to your inbox

  • This field is for validation purposes and should be left unchanged.