HIPAA (Health Insurance Portability and Accountability Act)

Definition

HIPAA is a 1996 U.S. federal law that establishes standards for protecting sensitive patient health information (Protected Health Information, PHI). It sets rules for how healthcare providers, insurers, and their business associates may use and disclose patient data.

Key Rules

• Privacy Rule: Establishes standards for use and disclosure of PHI.
• Security Rule: Requires administrative, physical, and technical safeguards for electronic PHI.
• Breach Notification Rule: Requires notification of affected individuals, HHS, and sometimes media in the event of a data breach.

What Counts as PHI

Names, addresses, dates, phone numbers, email, Social Security numbers, medical record numbers, photos, and any information that can identify the patient in conjunction with health data.

Nursing Responsibilities

• Never discuss patients in public areas (elevators, cafeterias).
• Log out of computers; use unique credentials.
• Only access records of patients you are caring for (minimum necessary rule).
• Never post about patients on social media, even with no names.
• Verify identity before releasing information.
• Obtain patient authorization before disclosing to non-covered entities.

Penalties

Violations can result in civil fines ($100 to $50,000 per violation), criminal penalties, termination, and licensure action.

NCLEX Relevance

HIPAA appears in Ethics/Legal and Safety questions. Never share patient information with unauthorized parties, even family members, without patient consent.