As nurses, we hear a lot about adhering to HIPAA policies in everything we say and do at or about our jobs. But what happens if we don’t follow policies? What happens to a nurse if they violate HIPAA?
Many of us won’t ever know the answer to that question firsthand. But as HIPAA violations can happen accidentally, even with the best of intentions, it’s useful to know now what to expect if you find yourself being disciplined for a violation.
Here are the basics of what to expect if you violate HIPAA as a nurse.
What Counts as a HIPAA Violation?
First, it helps to know exactly what it means to violate HIPAA. A violation can be intentional or accidental, but all violations are serious.
Facilities are required to have policies in place to detect and handle all types of violations, but if you come across one or accidentally commit one, report it immediately to whoever is in charge of HIPAA compliance for your company or a supervisor. Even if it seems like a small issue, each violation is important for protecting the safety and personal health information (PHI) of your patients.
Examples of HIPAA violations that nurses could come across include the following:
- Accessing a patient’s PHI when it isn’t part of your responsibilities or job, even if you are related to them
- Stealing PHI with the intent to sell it or use it for your own personal gain, like to secure another job
- Throwing away PHI inappropriately, like putting in into the regular garbage instead of shredding it
- Using PHI to blackmail a patient
- Sharing PHI with people who aren’t part of the patient’s direct care and don’t need it for the patient’s care or treatments; this includes through gossip
- Using a coworker’s login or letting a coworker use your login information to access PHI
- Leaving written PHI or your computer unlocked and out in the open where anyone could access it
- Leaving PHI-containing technology or documents, like flash drives or records, in a car or other area where they’re stolen
- Commenting on social media with knowledge regarding a patient that you learned from your job
- Positioning computer screens in such a way that a casual passerby or unauthorized person can read potential PHI on the screens accidentally
- Posting PHI, including photos or videos of patients, onto social media (even if the place you share it is set to private) or sharing them through private messaging.
What are the Consequences of Violating HIPAA?
Consequences for violating HIPAA vary based on the severity of what happened and the intent behind it. You’ll still be disciplined for an accidental, unintentional HIPAA violation, but for those issues that are deliberate and malicious, the consequence is much more severe.
Typical consequences for accidental HIPAA violations will vary based on your employer. Accidents happen, and as handling PHI is a huge part of our everyday jobs, it’s understandable that a violation may be done unintentionally. You may be required to undergo additional HIPAA training, or you may receive a writeup for your employee record.
For more serious infractions, even if they’re done without the intent to do harm, you could be fired from your job or face disciplinary action from your Board of Nursing. That could mean being put on probation or losing your license.
Then there are the most serious breaches, where you’ve intentionally and knowingly stolen or used PHI for your own personal gain, like selling the information to a competitor. With these violations, you could face criminal charges from the Department of Justice. These types of consequences often include hefty fines and jail time for up to 10 years.
What If I Violate HIPAA?
If you find yourself in a situation where you’ve accidentally violated HIPAA, don’t panic. Accidents happen, and facilities are prepared for when they do.
Don’t let the potential consequences scare you off from reporting an accidental HIPAA violation if you commit one. Speaking up can help prevent the issue from happening again, either with you or another nurse, by helping the company identify issues and introduce new procedures or training. Immediately report the violation to a supervisor or your company’s privacy officer.
How Do I Prevent HIPAA Violations?
The last thing you want to do is face a HIPAA violation, not only to protect yourself but your patients. Learn how to prevent an accidental violation from happening by doing the following:
- For electronic PHI, use tools that your software or computer have, like blackout screens or logging off when you’re not using the computer, even if you’re just planning on stepping away for a moment.
- When using technology to access PHI, angle them so people can’t accidentally see the information on the screen.
- Don’t gossip about work, even if you think you’re alone in a break room, elevator, or bathroom. You can easily and accidentally share identifiable information about a patient with people who aren’t authorized to know.
- Avoid posting or commenting about work on social media or in private messages, even if you’re doing so in private groups.
- Only access the records and PHI of patients for whom you are directly involved or responsible for their treatment or care. This includes not accessing patient records of family members.
Nobody is perfect, and even with all policies and procedures in place, there’s still a possibility for an accidental exposure to happen. But you can help reduce the frequency of those accidents by keeping mindful about how you use, access, and share PHI.