HJBR Mar/Apr 2020

HEALTHCARE JOURNAL OF BATON ROUGE I  MAR / APR 2020 31 Karen C. Lyon, PhD APRN, NEA Chief Executive Officer Louisiana State Board of Nursing information (PHI), as explained in the Privacy Rule. The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a cov- ered entity creates, receives, maintains, or transmits in electronic form. The Se- curity Rule calls this information “elec- tronic protected health information” (e-PHI). https://www.hhs.gov/sites/ default/files/ocr/privacy/hipaa/under- standing/summary/privacysummary. pdf l General Rules: - Ensure the confidentiality, integrity, and availability of all e-PHI they cre- ate, receive, maintain, or transmit; - Identify and protect against reason- ably anticipated threats to the securi- ty or integrity of the information; - Protect against reasonably antici- pated, impermissible uses or disclo- sures; and - Ensure compliance by their work- force. (45 CFR 164.306(a)) HHS updated enforcement rules in 2013. “HHS updated enforcement rules in 2013. A HIPAA breach can re- sult in severe sanctions, includ- ing termination of employment, fines, prison time, loss of nursing license, and exposure of self and employer to litigation. 1 ” A HIPAA breach can result in severe sanc- tions, including termination of employ- ment, fines, prison time, loss of nursing license, and exposure of self and employer to litigation. 1 Louisiana is a right to work state, which means that nurses work at the will of the employer, and can be ter- minated at any time for any reason. If the nurse is terminated for HIPAA violations, both the Board of Nursing and potential future employers can be notified by HHS. Additionally, they can face up to $50,000 fines, and imprisonment for one (1) year. If the breach is intentional, the fine can be up to $100,000, and the imprisonment up to five (5) years. Some of the greatest risks to patient PHI is from insiders, and hospitals and healthcare organizations must be vigilant in keeping patients’ health information private. Nurses are in constant contact with patients, and present most of the time when patients receive care. We must remain respectful of our patients’ privacy. When discussing patient care or accessing medical records, nurses must avoid care- less mistakes such as looking at records of patients for whom they have not been as- signed care, discussing patient care in hall- ways, elevators, or any other public spaces, and especially being aware of all the ways that HIPAA can be violated through social media. Make it a regular practice to keep updated on the Louisiana Nurse Practice Act (http://legis.la.gov//legis/Law.aspx- ?d=94502) and the Louisiana Administra- tive Code for Registered Nurses (http:// www.lsbn.state.la.us/NursingPractice/ Laws,Rules.aspx). n References 1 DeSimone, DM. (2019). When is accessing med- ical records a HIPAA breach? Journal of Nurs- ing Regulation. 10(3), pp. 34-36. doi:https//doi. org/10.1016/S2155-8256(19)30146-2 2 U.S. Department of Health & Human Services. (2013). Summary of the HIPAA Security Rule. https://www.hhs.gov/hipaa/for-professionals/se- curity/laws-regulations/index.html 3 National Archives and Records Administration, Office of the Federal Register & Government Publishing Office (2019). Code of Federal Reg- ulations (Annual Edition). https://www.govinfo . gov/app/collection/cfr/2019/