FPX4040 Assessment 2 Instructions: Protected Health Information (PHI): Privacy, Security, and Confidentiality Best Practices

Prepare a 2-page interprofessional staff update on HIPAA and appropriate social media use in health care.

As you begin to consider the assessment, it would be an excellent choice to complete the Breach of Protected

Health Information (PHI) activity. The will support your success with the assessment by creating the opportunity for

you to test your knowledge of potential privacy, security, and confidentiality violations of protected health

information. The activity is not graded and counts towards course engagement.

Health professionals today are increasingly accountable for the use of protected health information (PHI). Various

government and regulatory agencies promote and support privacy and security through a variety of activities.

Examples include:

Meaningful use of electronic health records (EHR).

Provision of EHR incentive programs through Medicare and Medicaid.

Enforcement of the Health Insurance Portability and Accountability Act (HIPAA) rules.

Release of educational resources and tools to help providers and hospitals address privacy, security, and

confidentiality risks in their practices.

Technological advances, such as the use of social media platforms and applications for patient progress tracking and

communication, have provided more access to health information and improved communication between care

providers and patients.

At the same time, advances such as these have resulted in more risk for protecting PHI. Nurses typically receive

annual training on protecting patient information in their everyday practice. This training usually emphasizes privacy,

security, and confidentiality best practices such as:

Keeping passwords secure.

Logging out of public computers.

Sharing patient information only with those directly providing care or who have been granted permission to

receive this information.

Today, one of the major risks associated with privacy and confidentiality of patient identity and data relates to social

media. Many nurses and other health care providers place themselves at risk when they use social media or other

electronic communication systems inappropriately. For example, a Texas nurse was recently terminated for posting

patient vaccination information on Facebook. In another case, a New York nurse was terminated for posting an

insensitive emergency department photo on her Instagram account.

Health care providers today must develop their skills in mitigating risks to their patients and themselves related to

patient information. At the same time, they need to be able distinguish between effective and ineffective uses of

social media in health care.

This assessment will require you to develop a staff update for the interprofessional team to encourage team

members to protect the privacy, confidentiality, and security of patient information.

Demonstration of Proficiency

By successfully completing this assessment, you will demonstrate your proficiency in the course competencies

4/30/2021 Assessment 2 Instructions: Protected Health Information (PHI):...

through the following assessment scoring guide criteria:

Competency 1: Describe nurses' and the interdisciplinary team's role in informatics with a focus on electronic

health information and patient care technology to support decision making.

Describe the security, privacy, and confidentially laws related to protecting sensitive electronic health

information that govern the interdisciplinary team.

Explain the importance of interdisciplinary collaboration to safeguard sensitive electronic health

information.

Competency 2: Implement evidence-based strategies to effectively manage protected health information.

Identify evidence-based approaches to mitigate risks to patients and health care staff related to

sensitive electronic health information.

Develop a professional, effective staff update that educates interprofessional team members about

protecting the security, privacy, and confidentiality of patient data, particularly as it pertains to social

media usage.

Competency 5: Apply professional, scholarly communication to facilitate use of health information and patient

care technologies.

Follow APA style and formatting guidelines for citations and references.

Create a clear, concise, well-organized, and professional staff update that is generally free from errors

in grammar, punctuation, and spelling.

Preparation

To successfully prepare to complete this assessment, complete the following:

Review the infographics on protecting PHI provided in the resources for this assessment, or find other

infographics to review. These infographics serve as examples of how to succinctly summarize evidence-based

information.

Analyze these infographics and distill them into five or six principles of what makes them effective. As

you design your interprofessional staff update, apply these principles. Note: In a staff update, you will

not have all the images and graphics that an infographic might contain. Instead, focus your analysis on

what makes the messaging effective.

Select from any of the following options, or a combination of options, the focus of your interprofessional staff

update:

Social media best practices.

What not to do: social media.

Social media risks to patient information.

Steps to take if a breach occurs.

Conduct independent research on the topic you have selected in addition to reviewing the suggested

resources for this assessment. This information will serve as the source(s) of the information contained in your

interprofessional staff update. Consult the BSN Program Library Research Guide for help in identifying

scholarly and/or authoritative sources.

Instructions

In this assessment, assume you are a nurse in an acute care, community, school, nursing home, or other health care

setting. Before your shift begins, you scroll through Facebook and notice that a coworker has posted a photo of

herself and a patient on Facebook. The post states, "I am so happy Jane is feeling better. She is just the best patient

I’ve ever had, and I am excited that she is on the road to recovery."

You have recently completed your annual continuing education requirements at work and realize this is a breach of

your organization's social media policy. Your organization requires employees to immediately report such breaches

4/30/2021 Assessment 2 Instructions: Protected Health Information (PHI):...

to the privacy officer to ensure the post is removed immediately and that the nurse responsible receives appropriate

corrective action. You follow appropriate organizational protocols and report the breach to the privacy officer. The privacy officer takes

swift action to remove the post. Due to the severity of the breach, the organization terminates the nurse.

Based on this incident's severity, your organization has established a task force with two main goals:

Educate staff on HIPAA and appropriate social media use in health care.

Prevent confidentiality, security, and privacy breaches.

The task force has been charged with creating a series of interprofessional staff updates on the following topics:

Social media best practices.

What not to do: Social media.

Social media risks to patient information.

Steps to take if a breach occurs.

You are asked to select one or more of the topics and create the content for a staff update containing a maximum of

two content pages. When distributed to interprofessional team members, the update will consist of one double-

sided page.

The task force has asked team members assigned to the topics to include the following content in their updates in

addition to content on their selected topics:

What is protected health information (PHI)?

Be sure to include essential HIPAA information.

What are privacy, security, and confidentiality?

Define and provide examples of privacy, security, and confidentiality concerns related to the use of the

technology in health care.

Explain the importance of interdisciplinary collaboration to safeguard sensitive electronic health

information.

What evidence relating to social media usage and PHI do interprofessional team members need to be aware

of? For example:

How many nurses have been terminated for inappropriate social media use in the United States?

What types of sanctions have health care organizations imposed on interdisciplinary team members

who have violated social media policies?

What have been the financial penalties assessed against health care organizations for inappropriate

social media use?

What evidence-based strategies have health care organizations employed to prevent or reduce

confidentiality, privacy, and security breaches, particularly related to social media usage?

Notes

Your staff update is limited to two double-spaced content pages. Be selective about the content you choose

to include in your update so you can meet the page length requirement. Include need-to-know information.

Omit nice-to-know information.

Many times people do not read staff updates, do not read them carefully, or do not read them to the end.

Ensure your staff update piques staff members' interest, highlights key points, and is easy to read. Avoid

overcrowding the update with too much content.

Also, supply a separate reference page that includes two or three peer-reviewed and one or two non-peer-

reviewed resources (for a total of 3–5 resources) to support the staff update content.

Additional Requirements

Written communication: Ensure the staff update is free from errors that detract from the overall message.

Submission length: Maximum of two double-spaced content pages.

Font and font size: Use Times New Roman, 12-point.

4/30/2021 Assessment 2 Instructions: Protected Health Information (PHI):...

Citations and references: Provide a separate reference page that includes 2–3 current, peer-reviewed and 1–

2 current, non-peer-reviewed in-text citations and references (total of 3–5 resources) that support the staff

update's content. Current mean no older than 5 years.

APA format: Be sure your citations and references adhere to APA format. Consult the Evidence and APA

ANSWER

With the ease of using electronic health records comes the risk of exposing patient information. Therefore, health care workers are required to work towards ensuring the security of patient information is maintained. The first general rule under Health Insurance Portability and Accountability Act (HIPAA) is that before using or disclosing patient data to other entities, the patient has to authorize the procedure. The patient has a right to view or request copies of his or her information. However, the laws permit the use and disclosure of health information in cases of public health issues.

Patient data may be disclosed without patient authorization in some exceptional cases.  The first cases are when the law requires the data. It can also be used without patient authorization in a matter of a public health concern (Public Health Law, 2021). This may include a case of communicable diseases when reporting to the public health authority for control of the disease. This is done to ensure public health safety. A covered entity may access the patient data if they do so after obtaining a documentation of waiver of individual authorization by an institutional review board or the privacy board. They may also access if the data is necessary for the research or if the research uses the PHI of descendants. 

Disclosure of PHI may also be done if data is de-identified. This means that it is free of the 18types of data aggregation or identification. De-identification limits the use of data in surveillance or routine clinical data (Public Health Law, 2021). It, however, allows reidentification using randomized patient source codes. This is done in case the data indicates a public health threat or interest.

Patient data could also be disclosed when limited. This is known as a limited data set. It includes dates and zip codes (Public Health Law, 2021). In this case, patients’ codes are also used for reidentification. This data is used for purposes like institutional learning.

The role of data protection does not occur in an individual or a department. It is the role of all specialties working in a hospital. Interdisciplinary collaborations are therefore significant in ensuring that the electronic health data is protected. As the above laws state, data use and disclosure are limited and require authorization. This is, however, not the only data threat there is for patient information. Electronic systems are liable to cyber threats. Therefore, nurses need to collaborate with IT specialists to prevent such breeches (Vos et al., 2020). They do so by performing vulnerability and penetration tests, encrypting the data on the hospital systems, and other strategies.

 Collaboration with nurse informaticists is also critical when protecting electronic health data. This is because they identify system failures and provide mitigation strategies before damage is done. They also understand the data and recommend the best system to use for data entry and ways to enhance data protection. Protecting patient data also involves other teams like physicians, receptionists, management administration (Vos et al., 2020). It is vital to collaborate with nurse informaticists because they educate the whole organization and the newbies on the importance of data protection and the rules around this issue. 

The first strategy in preventing risks of sensitive health data is providing employee training. This is a very effective method of ensuring data security is maintained. This is because education on using the system prevents a range of medical errors and other patient risks. The second strategy is encrypting data. Safeguarding sensitive data could be achieved by converting the data into encoded texts (Nguyen, 2017). the data is therefore unreadable without decoding it. This is a safe way of protecting sensitive data from unauthorized people. The final strategy is the regular assessment of the system (Nguyen, 2017). Changes in a health care institution in different sectors may pose a threat to the electronic system. Therefore, it is essential to conduct regular assessments to ensure the changes or any other factors cause no threats.

The boundaries between the appropriate and the inappropriate, personal and professional in the career of nursing is very blur. This makes management of privacy risks challenging. For example, posting a photo with a patient online without their consent is a violation of the patient’s privacy therefore health care workers should consider the following guidelines. First is setting of limitations on the photographic use of cell phones. Members should also be fully aware on the HIPAA and state laws privacy laws. They should learn on the consequences of violating the laws by posting social media content. The posted content should not include patient details or identifying information.  Members should sign an agreement of confidentiality. Every health care worker should maintain a signed copy. Every member should ensure they gain consent from a patient before posting identifiable information to the institution’s website. Health care workers need to be careful when responding to a review or a patient post on social media. This is because they might violate the HIPAA. 

References

Nguyen. (2017, March 24). 3 ways to mitigate risk of healthcare data breaches. PreCheck. https://www.precheck.com/blog/3-ways-mitigate-risk-healthcare-data-breaches

Public Health Law. (2021). Centres for Disease Control and Prevention. https://www.cdc.gov/phlp/docs/datasharing-laws.pdf

Vos, J. F., Boonstra, A., Kooistra, A., Seelen, M., & Van Offenbeek, M. (2020). The influence of electronic health record use on collaboration among medical specialties. BMC Health Services Research, 20(1). https://doi.org/10.1186/s12913-020-05542-6