{"id":61536,"date":"2020-09-02T18:01:39","date_gmt":"2020-09-02T18:01:39","guid":{"rendered":"https:\/\/www.mometrix.com\/academy\/?page_id=61536"},"modified":"2026-03-25T12:43:54","modified_gmt":"2026-03-25T17:43:54","slug":"what-is-hipaa","status":"publish","type":"page","link":"https:\/\/www.mometrix.com\/academy\/what-is-hipaa\/","title":{"rendered":"What is HIPAA?"},"content":{"rendered":"\n\t\t\t<div id=\"mmDeferVideoEncompass_Qi6aTPCK1IU\" style=\"position: relative;\">\n\t\t\t<picture>\n\t\t\t\t<source srcset=\"https:\/\/www.mometrix.com\/academy\/wp-content\/uploads\/2023\/01\/circle-play-duotone.webp\" type=\"image\/webp\">\n\t\t\t\t<source srcset=\"https:\/\/www.mometrix.com\/academy\/wp-content\/uploads\/2023\/01\/circle-play-duotone.png\" type=\"image\/jpeg\"> \n\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" loading=\"eager\" id=\"videoThumbnailImage_Qi6aTPCK1IU\" data-source-videoID=\"Qi6aTPCK1IU\" src=\"https:\/\/www.mometrix.com\/academy\/wp-content\/uploads\/2023\/01\/circle-play-duotone.png\" alt=\"What is HIPAA? Video\" height=\"464\" width=\"825\" class=\"size-full\" data-matomo-title = \"What is HIPAA?\">\n\t\t\t<\/picture>\n\t\t\t<\/div>\n\t\t\t<style>img#videoThumbnailImage_Qi6aTPCK1IU:hover {cursor:pointer;} img#videoThumbnailImage_Qi6aTPCK1IU {background-size:contain;background-image:url(\"https:\/\/www.mometrix.com\/academy\/wp-content\/uploads\/2023\/02\/586-HIPAA-1-2.webp\");}<\/style>\n\t\t\t<script defer>\n\t\t\t  jQuery(\"img#videoThumbnailImage_Qi6aTPCK1IU\").click(function() {\n\t\t\t\tlet videoId = jQuery(this).attr(\"data-source-videoID\");\n\t\t\t\tlet helpTag = '<div id=\"mmDeferVideoYTMessage_Qi6aTPCK1IU\" style=\"display: none;position: absolute;top: -24px;width: 100%;text-align: center;\"><span style=\"font-style: italic;font-size: small;border-top: 1px solid #fc0;\">Having trouble? <a href=\"https:\/\/www.youtube.com\/watch?v='+videoId+'\" target=\"_blank\">Click here to watch on YouTube.<\/a><\/span><\/div>';\n\t\t\t\tlet tag = document.createElement(\"iframe\");\n\t\t\t\ttag.id = \"yt\" + videoId;\n\t\t\t\ttag.src = \"https:\/\/www.youtube-nocookie.com\/embed\/\" + videoId + \"?autoplay=1&controls=1&wmode=opaque&rel=0&egm=0&iv_load_policy=3&hd=0&enablejsapi=1\";\n\t\t\t\ttag.frameborder = 0;\n\t\t\t\ttag.allow = \"autoplay; fullscreen\";\n\t\t\t\ttag.width = this.width;\n\t\t\t\ttag.height = this.height;\n\t\t\t\ttag.setAttribute(\"data-matomo-title\",\"What is HIPAA?\");\n\t\t\t\tjQuery(\"div#mmDeferVideoEncompass_Qi6aTPCK1IU\").html(tag);\n\t\t\t\tjQuery(\"div#mmDeferVideoEncompass_Qi6aTPCK1IU\").prepend(helpTag);\n\t\t\t\tsetTimeout(function(){jQuery(\"div#mmDeferVideoYTMessage_Qi6aTPCK1IU\").css(\"display\", \"block\");}, 2000);\n\t\t\t  });\n\t\t\t  \n\t\t\t<\/script>\n\t\t\n<p><script>\nfunction kTf_Function() {\n  var x = document.getElementById(\"kTf\");\n  if (x.style.display === \"none\") {\n    x.style.display = \"block\";\n  } else {\n    x.style.display = \"none\";\n  }\n}\n<\/script><\/p>\n<div class=\"moc-toc hide-on-desktop hide-on-tablet\">\n<div><button onclick=\"kTf_Function()\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.mometrix.com\/academy\/wp-content\/uploads\/2024\/12\/toc2.svg\" width=\"16\" height=\"16\" alt=\"show or hide table of contents\"><\/button><\/p>\n<p>On this page<\/p>\n<\/div>\n<nav id=\"kTf\" style=\"display:none;\">\n<ul>\n<li class=\"toc-h2\"><a href=\"#What_is_HIPAA\" class=\"smooth-scroll\">What is HIPAA?<\/a><\/li>\n<li class=\"toc-h2\"><a href=\"#Disclosure_and_Patient_Rights\" class=\"smooth-scroll\">Disclosure and Patient Rights<\/a><\/li>\n<li class=\"toc-h2\"><a href=\"#Security,_Breaches,_and_Violations\" class=\"smooth-scroll\">Security, Breaches, and Violations<\/a><\/li>\n<li class=\"toc-h2\"><a href=\"#Review_Questions\" class=\"smooth-scroll\">Review Questions<\/a><\/li>\n<\/ul>\n<\/nav>\n<\/div>\n<div class=\"accordion\"><input id=\"transcript\" type=\"checkbox\" class=\"spoiler_button\" \/><label for=\"transcript\">Transcript<\/label>\n<div class=\"spoiler\" id=\"transcript-spoiler\">\n<p>Welcome, and thank you for joining me for this video review of HIPAA.<\/p>\n<p>In this video, we will cover what HIPAA is, the purpose it serves, what it requires, and to whom it applies to. As a reminder, this video is for educational purposes only, and does not constitute comprehensive training or legal advice. <\/p>\n<h2><span id=\"What_is_HIPAA\" class=\"m-toc-anchor\"><\/span>What is HIPAA?<\/h2>\n<p>\nHIPAA is an acronym that stands for <strong>H<\/strong>ealth <strong>I<\/strong>nsurance <strong>P<\/strong>ortability and <strong>A<\/strong>ccountability <strong>A<\/strong>ct. HIPAA is a US federal law that encompasses several aspects of healthcare related to streamlining the communication of health information while respecting patient privacy.<\/p>\n<p>HIPAA has five sections, called titles, that each regulate different aspects of healthcare. Sections within titles are called rules. Two of the rules with the greatest impact on nursing practice are the Privacy Rule and the Security Rule. <\/p>\n<h2><span id=\"Disclosure_and_Patient_Rights\" class=\"m-toc-anchor\"><\/span>Disclosure and Patient Rights<\/h2>\n<p>\nThe HIPAA Privacy Rule was designed to protect the health information of patients. Because health information is often sensitive, an individual may not want details to be publicly shared. This part of HIPAA describes the types of information that are protected, whom this rule applies to, and how this information can be used.<\/p>\n<p>Protected Health Information, or PHI, is any and all individually identifiable health information, or details about a person that can be traced back to that person. PHI includes common patient identifiers, such as name and date of birth, and a broad range of other information, including demographic data and details about a patient\u2019s condition and care.<\/p>\n<p>All covered entities, or anyone involved in the transmission of PHI within the healthcare system, must follow HIPAA. This includes individual people who work in healthcare settings, as well as broader organizations like hospitals or health insurance companies.<\/p>\n<p>PHI can be disclosed among healthcare professionals when it is necessary to provide care. Communications such as nursing shift handoffs or nursing reports are necessary to provide continuity of care for patients, and are therefore reasonable and allowed. PHI must also be shared if required by law, such as a court order or a report to the federal government.<\/p>\n<p>Patients may purposefully disclose their own PHI to anyone, and can authorize in writing the sharing of their PHI with others. Patients are also entitled to access information within their medical records by submitting a formal request.<\/p>\n<h2><span id=\"Security,_Breaches,_and_Violations\" class=\"m-toc-anchor\"><\/span>Security, Breaches, and Violations<\/h2>\n<p>\nThe HIPAA Security Rule focuses on electronic protected health information, or ePHI. EPHI is protected health information that exists digitally, like the electronic medical record. This part of HIPAA sets specific standards for keeping electronic data safe as the use of technology in healthcare increases.<\/p>\n<p>Under the HIPAA Security Rule, healthcare organizations are responsible for taking measures to protect patient information, such as encrypting data and requiring logins and usernames and passwords to access ePHI. All healthcare employees with authorized access to ePHI are responsible for guarding their login credentials, as misuse could lead to unauthorized access.<\/p>\n<p>A breach occurs when PHI is used or shared improperly, in a way that violates its security or privacy. Breaches vary widely in size and characteristics, but they all involve unauthorized access to or sharing of information. Any suspected or potential breach, such as a missing laptop containing PHI, should be reported immediately to the appropriate supervisor, who can then determine further action. <\/p>\n<p>A HIPAA violation occurs when any part of HIPAA is broken, regardless of whether an actual breach occurs. HIPAA violations may be actions or instances of neglect and can occur at an organizational or individual level. <\/p>\n<p>Potential HIPAA violations or breaches are serious, and even unintentional sharing of PHI must be avoided. Violations can have significant consequences, including employer-imposed sanctions and criminal or civil penalties. \t<\/p>\n<p>It\u2019s important to remember that respecting patient privacy and confidentiality is an essential part of ethical nursing practice. Laws such as HIPAA are in place to protect patients\u2019 rights, and compliance helps make sharing PHI safer and more efficient.<\/p>\n<hr>\n<h2><span id=\"Review_Questions\" class=\"m-toc-anchor\"><\/span>Review Questions<\/h2>\n<p>\nLet\u2019s go over a few scenarios to put this knowledge into action.<\/p>\n<p>1. You are caring for an 86-year-old man who has been admitted for pneumonia. He is mentally alert and oriented, and has signed a document to disclose his PHI to his wife. You receive a call from his wife during your shift asking for a status update. It is most appropriate for you to:<\/p>\n<ol style=\"list-style: upper-alpha;\">\n<li>Verify her identity and the patient\u2019s identity before providing information.<\/li>\n<li>State, \u201cI don\u2019t have a patient by that name today.\u201d<\/li>\n<li>Notify her that although you are caring for the patient, you cannot provide an update over the phone. <\/li>\n<li>Forward her call to the nurses\u2019 station so the unit assistant can answer her question.<\/li>\n<\/ol>\n<div style=\"text-align: center; margin-bottom: 20px;\">\n   <button class=\"buttontranscript\" onClick=\"toggle('Answer1')\">Show Answer<\/button>\n<\/div>\n<div id=\"Answer1\" class=\"showanswer\">\n   <strong>The correct answer is A.<\/strong><\/p>\n<p style=\"text-align: left;\"> A signed document indicates that it is appropriate to share a status update with the patient\u2019s wife, and you should ensure you are releasing the information to the correct person.<\/p>\n<\/div>\n<p>\n&nbsp;<br \/>\n2. Which of the following is a potential HIPAA violation? Select all that apply.<\/p>\n<ol style=\"list-style: upper-alpha;\">\n<li>The nurse leaves a computer workstation logged into an electronic medical record when going to answer a patient\u2019s call light.<\/li>\n<li>The nurse takes paper report sheets home at the end of the shift.<\/li>\n<li>The nurse tells a story at a party about a patient but doesn\u2019t use the patient\u2019s name.<\/li>\n<li>During their lunch break in the hospital cafeteria, two nurses talk about their assigned patients for the shift.<\/li>\n<li>The nurse asks the pharmacist about a well-known patient on a different nursing unit.<\/li>\n<\/ol>\n<div style=\"text-align: center; margin-bottom: 20px;\">\n   <button class=\"buttontranscript\" onClick=\"toggle('Answer2')\">Show Answer<\/button>\n<\/div>\n<div id=\"Answer2\" class=\"showanswer\">\n   <strong>The correct answers are A, B, C, D, and E<\/strong>\u2014they are all potential HIPAA violations.<\/strong><\/p>\n<\/div>\n<p>\n&nbsp;<br \/>\n3. Which of the following would be appropriate for a nurse to post on social media? Select all that apply.<\/p>\n<ol style=\"list-style: upper-alpha;\">\n<li>A selfie with a patient in the background being discharged after an extended hospital stay.<\/li>\n<li>A status that states \u201cI had a long day at work today.\u201d<\/li>\n<li>A short story about an inspirational patient that omits the patient\u2019s name.<\/li>\n<li>A photo of a patient\u2019s wound that does not show the patient\u2019s face.<\/li>\n<li>A stock photo of a dog wearing a scrub top and a stethoscope.<\/li>\n<\/ol>\n<div style=\"text-align: center; margin-bottom: 20px;\">\n   <button class=\"buttontranscript\" onClick=\"toggle('Answer3')\">Show Answer<\/button>\n<\/div>\n<div id=\"Answer3\" class=\"showanswer\">\n   <strong>The correct answers are B and E.<\/strong><\/p>\n<p style=\"text-align: left;\">The other answers include PHI and are potential HIPAA violations.<\/p>\n<\/div>\n<p>\n&nbsp;<br \/>\nThanks for watching and happy studying! <\/p>\n<\/div>\n<\/div>\n\n<p><script>\nfunction toggle(obj) {\n          var obj=document.getElementById(obj);\n          if (obj.style.display == \"block\") obj.style.display = \"none\";\n          else obj.style.display = \"block\";\n}\n<\/script><\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":95491,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":{"0":"post-61536","1":"page","2":"type-page","3":"status-publish","4":"has-post-thumbnail","6":"page_category-safe-and-effective-care-environment","7":"page_type-video","8":"subject_matter-nursing"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.mometrix.com\/academy\/wp-json\/wp\/v2\/pages\/61536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mometrix.com\/academy\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.mometrix.com\/academy\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.mometrix.com\/academy\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mometrix.com\/academy\/wp-json\/wp\/v2\/comments?post=61536"}],"version-history":[{"count":5,"href":"https:\/\/www.mometrix.com\/academy\/wp-json\/wp\/v2\/pages\/61536\/revisions"}],"predecessor-version":[{"id":246754,"href":"https:\/\/www.mometrix.com\/academy\/wp-json\/wp\/v2\/pages\/61536\/revisions\/246754"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mometrix.com\/academy\/wp-json\/wp\/v2\/media\/95491"}],"wp:attachment":[{"href":"https:\/\/www.mometrix.com\/academy\/wp-json\/wp\/v2\/media?parent=61536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}