By now, most nurses have probably been introduced to the Health Insurance Portability and Accountability Act, better known simply as HIPAA. The name itself is intimidating, but once nurses take a closer look and abide by a few guiding principles, it will start to be part of their everyday life.

Nurses are well aware of the need to draw curtains and close doors to promote the physical privacy of patients. And we've been trained not to discuss patient information in public areas such as elevators and cafeterias. Nevertheless, questions remain regarding the need for nurses to dig deeper concerning HIPAA and, specifically, the privacy rules.

It is extremely important (in fact it is the law) for nurses to attend training courses covering these privacy rules. Nurses also need to know specific policies and procedures their organization has drafted to guide employees toward compliance with the privacy rules.

In the remainder of this article, I will relate some of the HIPAA privacy rules to real-world workplace scenarios for nurses.

The Organized Nurse

Following completion of your shift, you are taking a few minutes to look over your notes on the patients in your care. The notes contain patients' names and notations of their complaints, concerns, treatments, medications and symptoms.

Note the following points:

• Healthcare information used to identify an individual can take many forms. Under HIPAA, this type of information is referred to as protected health information (PHI), which can be written on paper or in a chart, spoken in person or on the phone, stored in a computer or PDA, or sent by e-mail or fax.
  
• Sometimes this information is limited in note form. However, if that note identifies an individual in any way (age, name, address, medical record number, Social Security number, date of admission or any of many other identifiers) and is connected with health information (diagnosis, treatments, medications, etc.), it must be kept confidential. It is your responsibility to protect all PHI and dispose of it properly. Dispose of all notes or documents containing PHI by placing them in locked shredding bins or directly shredding the material.

The Concerned Nurse

Earlier in the week, you took care of your neighbor while she was in the ED. After initial treatment, the doctor admitted her to the ICU. You would like to see how she is doing now. You can access her lab results on the computer system, and you know several nurses in the ICU.

Noteworthy points:

• Keep in mind that the minimum necessary standard requires that the healthcare provider make reasonable efforts to limit disclosure of PHI to the minimum amount necessary to accomplish the intended purpose of its use. Your institution will need to establish a policy identifying which practitioners and staff will have access to patient information - and under which circumstances. The standard does not apply to disclosures to providers for treatment purposes or to the individual patient.
  
• While you were caring for the patient in the ED, you had a need to know PHI in order to care for the patient. You may still have access to information about this patient, but you no longer need to know this information.
  
• The best course of action is to visit your neighbor and ask her how she is doing. You should not ask the nurses in the ICU to share this information with you; sharing that information would constitute a breach of privacy committed by the ICU nurses and you.