Nurse HIPAA violation examples are not as widely reported as violations by HIPAA covered entities, yet they can have just as serious consequences for patients, employers, and nurses themselves.
The reason why nurse HIPAA violation examples are not as widely reported as violations by HIPAA covered entities is that, when an unauthorized disclosure of Protected Health Information occurs, only notifications of breaches affecting five hundred or more individuals are added to HHS’ Office for Civil Rights “Wall of Shame” .
Most HIPAA violations by nurses affect fewer than five hundred individuals. Therefore, nurse HIPAA violations notified to HHS’ Office for Civil Rights are rarely in the public domain. It is most often only when an unauthorized disclosure results in a court case or other event of “public interest” that it is reported by HHS or the media.
In addition, when a nurse violates HIPAA, and the violation does not result in an unauthorized disclosure of Protected Health Information (i.e., if a nurse fails to provide a patient with a Notice of Privacy Practices prior to the first service delivery), the violation is not notifiable. In these cases, it is most likely to be addressed internally.
What Happens When a Nurse Violates HIPAA?
What happens when a nurse or nursing student violates HIPAA depends on a number of factors. These include (but are not limited to) the nature of the violation, the motive for the violation, and the consequences of the violation. The nurse’s previous compliance history can also impact what sanctions are administered for a HIPAA violation.
With regards to nursing students, the amount of HIPAA training they have received can also impact what sanctions are administered. For example, if a student nurse has just started their medical training, and has not yet received HIPAA training, the violation might be attributed to the employer if a complaint is made to HHS’ Office for Civil Rights.
In most cases, employers operate a tiered sanctions policy. This means that a minor violation of HIPAA that was thoughtless or accidental and resulted in minimal harm will be addressed with a verbal warning and/or further HIPAA training. Most serious or sinister violations will most likely be addressed with a written warning.
However, if a serious violation is repeated, or the motive for the violation was personal gain, a nurse can be suspended, terminated and/or reported to law enforcement authorities. Nurses can – and have – been sacked, lost their license to practice, and served prison time for HIPAA violations – a few examples of which are listed below.
Nurse HIPAA Violation Examples
In May 2013, a patient of the Norton Audubon Hospital in Louisville, KY, filed a complaint alleging that Registered Nurse Dianna Hereford had verbally disclosed sensitive information in earshot of other patients and staff. Following an investigation, Hereford was fired. The nurse appealed the decision to the Jefferson Circuit Court; and, when her case was dismissed, she escalated it to the Kentucky Court of Appeals. Read More … … …
In April 2015, a nurse practitioner formerly working at URMC, NY, impermissibly disclosed the Protected Health Information of 3,403 patients when she shared a spreadsheet she had obtained under false pretenses with a new employer. The nurse’s license was suspended for one year and she was given two years probation for when she returned to work. Her former employer was also fined $15,000 for the HIPAA violation. Read More … … …
In January 2016, a nursing assistant at the Parkside Manor assisted living center in Kenosha, WI, was fired for posting a video of a semi-naked resident suffering with Alzheimer’s on Snapchat. A criminal investigation looked into whether the breach of privacy constituted an. impermissible disclosure of individually identifiable health information. The nurse was charged and sentenced to 30 days in jail in September 2016. Read More … … …
In January 2018, a former staff nurse of a care home in Tallahassee, FL, was sentenced to sixty months in jail for the theft of patient information and tax fraud. The nurse – Tangela Lawson-Brown from Midway, FL – had used patients’ personally identifiable information and information acquired from other sources to submit 105 fraudulent tax returns. Lawson-Brown is also required to refund $141,790 to the IRS. Read More … … …
How to Reduce HIPAA Violations by Nurses
It is not possible to eliminate every nurse HIPAA violation because nurses can work in extremely difficult environments in which the desire to provide the best level of care for patients overrides everything else – including HIPAA compliance. However, it is possible to reduce HIPAA violations by nurses by providing regular HIPAA training.
The provision of regular HIPAA training should ideally be supported by compliance monitoring. This will enable healthcare organizations to identify when compliance shortcuts are being taken by nurses and nursing students, so the shortcuts can be stopped before they become the norm and deteriorate into a culture of non-compliance.
Although the provision of regular HIPAA training and compliance monitoring uses resources that could be used elsewhere, it is important to be aware that HIPAA requires covered entities to assess risks to the privacy of Protected Health Information and implement measures to reduce the risks to a reasonable and appropriate level.
Healthcare organizations that fail to conduct risks assessments, that fail to identify the risk of a nurse HIPAA violation, or that fail to implement appropriate measures are in violation of HIPAA. If a complaint is made to HHS’ Office for Civil Rights by a victim of a nurse HIPAA violation, the organization may be found liable for the violation rather than the nurse.
