Letter to the Editor by Cheryl W. Owens to “HIPAA: Past, Present and Future Implications for Nurses

HIPAA: How Our Health Care World Has Changed

Response by Cheryl W. Owens to “HIPAA: Past, Present and Future Implications for Nurses” by Joe Flores, RN, MSN, JD; and Andrea Dodier, Paralegal (May 31, 2005).

Dear Editor:

Since the introduction of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, nurses have become the frontline defenders of patient privacy. The 2013 revisions to HIPAA, known as the Final Omnibus Rule added requirements to existing regulations. The new HIPAA and HITECH changes make no allowance for lack of knowledge. Violations of the new revisions will result in sanctions and fines up to $1.5 million per violation (“Ten Tips”, 2013). Even for accidental breaches, fines and penalties can be severe. It is critical that nurses continue to stay updated on HIPAA changes and the effect on delivery of healthcare (Flores & Dodier, 2005).

Three changes in the final rule related to protected health information (PHI) are important for nurses to understand. Under the 2013 changes, a patient has the right to receive an electronic copy of their record,rather than a paper copy, if they prefer (Dunlap & Frigy, 2013). Medical information on patients deceased more than 50 years is not considered protected and not subject to HIPAA regulations (Dunlap & Frigy, 2013).

In states that require proof of immunization to school admission, immunization records can be released with a verbal consent from the parent or guardian (Dunlap & Frigy, 2013). A child over 18 or an emancipated minor can provide his or her own consent (Dunlap & Frigy, 2013). Nurses are still responsible for ensuring the appropriate verbal consent has been obtained and documented prior to releasing information (Dunlap & Frigy, 2013).

Unfortunately, one situation that made the stricter sanctions necessary was due to a nurse accessing social security numbers of almost 1,000 patients over four years (“HIPAA Breach”, 2014). Any healthcare worker who obtains PHI under false pretenses or who sells, transfers, or uses the information for personal gain can also face imprisonment (Fremgen, 2012). This includes review of patient records by healthcare workers who should not have access to that PHI, and discussing patient issues in public areas or around members of the healthcare team not involved in the patient’s care (Cataletto, 2011; Durning, 2014).

Perhaps the most important change relates to the Health Information Technology for Economic and Clinical Health Act (HITECH) and transmission of PHI on electronic devices. Nurses should never use a personal email account or text messaging to transmit any PHI, even to another healthcare provider (Gonzales, 2014). Posting photo or information about patients; the nurse’s employer or policies, or co-workers on a social media account breaches this standard (Gonzales, 2014; Spector & Kappel, 2012).

The United States Department of Health and Human Services Office of Civil Rights is combining increased enforcement through HIPAA audits and increased sanctions to ensure that healthcare workers and facilities comply with the new regulations. Nurses with a thorough understanding of their role in assuring compliance with the final rule changes will help their employers and themselves avoid costly financial and legal consequences. (Heylman, 2013; “Ten Tips”, 2013).

Cheryl W. Owens, CNM, MN, MPH
Assistant Professor of Nursing
Dalton State College
650 College Drive
Sequoya 110
Dalton, GA 30720


Cataletto, M. (2011, May/June). Highlights of HIPAA for nurses. Nursing Made Incredibly Easy9(3), 6-8. http://dx.doi.org/doi: 10.1097/01.NME.0000396003.87676.52

Dunlap, E. F., & Frigy, R. L. (2013, May/June). The wait is over:  The HIPAA final rule has arrived. Journal of Health Care Compliance, 5-10.

Durning, M. (2014). HIPAA privacy rule & patient confidentiality. Retrieved from http://nursinglink.monster.com/education/articles/2370-hipaa-privacy-rule-patient-confidentiality?page=2

Flores, J. A., & Dodier, A. (2005). HIPAA: Past, present and future implications for nurses. OJIN: Online Journal of Issues in Nursing. Retrieved from www.nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/OJIN/TableofContents/Volume102005/No2May05/tpc27_416020.aspx

Fremgen, B. F. (2012). Medical law and ethics (4th ed.). Upper Saddle River, NJ: Pearson.

Gonzales, E. (2014, January/February). Complying with HIPAA: Avoid financial penalties by following these steps. Long Term Living: For the Continuing Care Professional, 16-19.

HIPAA breach that set the compliance ball rolling. (2014, March 17). PR Newswire.

Heylman, S. R. (2013, July). Coming: HIPAA revisions, greater enforcement. HR Magazine, 10.

Spector, N., & Kappel, D. (2012, September 30). Guidelines for using electronic and social media: The regulatory perspective.  OJIN: The Online Journal of Issues in Nursing, 17. Retrieved from www.nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/OJIN/TableofContents/Vol-17

Ten tips to help comply with the HIPAA omnibus rule. (2013, November). Health Care Registration: The Newsletter for Health Care Registration, 5-6.