FAQContact usTerms of servicePrivacy Policy

What's an older nurse to do when adjusting to electronic health records, and does the RN have any recourse when charged with a HIPAA violation?

Wednesday October 24, 2012
Printer Icon
Select Text Size: Zoom In Zoom Out
Share this Nurse.com Article
rss feed

Dear Nancy,

What should an RNs response be if he or she is called in by the hospital compliance officer concerning a perceived violation of the Health Insurance Portability and Accountability Act? For example the RN was new to the job, the hospital and the computer system, and kept a small notebook with her personal access codes, notes, phone numbers and other items necessary for work. In addition, while adjusting to the new system, this nurse kept notes on patients for reports, medications and treatments to transcribe into the computer system at the nurses station. The book was left overnight in the nurses station, was found and turned over to the compliance officer because it contained patient information. The book never left the department, was in the nurse's possession during the shift and secured in a locker at the end of the shift. It would have been thrown into the secured shredder when no longer needed. It was used as a learning tool and no patient information was ever compromised. The hospital said it was a security violation, as the nurse's personal codes were in the book. What's an older nurse to do when adjusting from a paper system to electronic health records, and how far are hospitals taking HIPAA? Does the RN have any recourse when charged with a HIPAA violation?


Nancy Brent replies:

Dear Frank,

The RN in your question would need to retain a nurse attorney or attorney to represent him or her in this matter. HIPAA violations are serious, and there are criminal and civil penalties, but the law contains exceptions to an alleged violation for example, if a violation was for reasonable cause and not due to willful neglect (for a civil violation).

As you know, HIPAA is composed of the Security Rule and the Privacy Rule. Although the notebook found in the nurses station contained protected health information, it also contained the nurse's codes. This is where the real issue may exist, for if anyone did discover the notebook and wanted to access personal health information of anyone in the computer, he or she could do so. It does not sound as though there was a release of PHI to anyone other than the staff person who discovered the notebook.

The attorney with whom you consult can discuss these matters in more detail and suggest how their representation should proceed. In addition to the potential breach of the security rule, there exists the nurse's violation of the employer's code of conduct in relation to patient information, the protection of the employee's computer code and other policies. The attorney can help you with these employment issues also.


Nancy J. Brent, RN, MS, JD, is an attorney in private practice in Wilmette, Ill. This information is for educational purposes only and is not intended as legal or any other advice. The reader is encouraged to seek the advice of an attorney or other professional when an opinion is needed.