Protected Health Information (PHI): Privacy, Security, and Confidentiality Best Practices

Prepare a 2-page interprofessional staff update on HIPAA and appropriate social media use in health care.

undefined

As you begin to consider the assessment, it would be an excellent
choice to complete the Breach of Protected Health Information (PHI)
activity. The will support your success with the assessment by creating
the opportunity for you to test your knowledge of potential privacy,
security, and confidentiality violations of protected health
information. The activity is not graded and counts towards course
engagement.

undefined

Health professionals today are increasingly accountable for the use
of protected health information (PHI). Various government and regulatory
agencies promote and support privacy and security through a variety of
activities. Examples include:

undefined

• Meaningful use of electronic health records (EHR).
• Provision of EHR incentive programs through Medicare and Medicaid.
• Enforcement of the Health Insurance Portability and Accountability Act (HIPAA) rules.
• Release of educational resources and tools to help providers and
  hospitals address privacy, security, and confidentiality risks in their
  practices.

undefined

Technological advances, such as the use of social media platforms
and applications for patient progress tracking and communication, have
provided more access to health information and improved communication
between care providers and patients.

undefined

At the same time, advances such as these have resulted in more risk
for protecting PHI. Nurses typically receive annual training on
protecting patient information in their everyday practice. This training
usually emphasizes privacy, security, and confidentiality best
practices such as:

undefined

• Keeping passwords secure.
• Logging out of public computers.
• Sharing patient information only with those directly providing
  care or who have been granted permission to receive this information.

undefined

Today, one of the major risks associated with privacy and
confidentiality of patient identity and data relates to social media.
Many nurses and other health care providers place themselves at risk
when they use social media or other electronic communication systems
inappropriately. For example, a Texas nurse was recently terminated for
posting patient vaccination information on Facebook. In another case, a
New York nurse was terminated for posting an insensitive emergency
department photo on her Instagram account.

undefined

Health care providers today must develop their skills in mitigating
risks to their patients and themselves related to patient information.
At the same time, they need to be able distinguish between effective and
ineffective uses of social media in health care.

undefined

This assessment will require you to develop a staff update for the
interprofessional team to encourage team members to protect the privacy,
confidentiality, and security of patient information.

undefined

Demonstration of Proficiency

undefined

By successfully completing this assessment, you will demonstrate
your proficiency in the course competencies through the following
assessment scoring guide criteria:

undefined

• Competency 1: Describe nurses’ and the interdisciplinary team’s
  role in informatics with a focus on electronic health information and
  patient care technology to support decision making.
  • Describe the security, privacy, and confidentially laws related
    to protecting sensitive electronic health information that govern the
    interdisciplinary team.
  • Explain the importance of interdisciplinary collaboration to safeguard sensitive electronic health information.
• Competency 2: Implement evidence-based strategies to effectively manage protected health information.
  • Identify evidence-based approaches to mitigate risks to patients
    and health care staff related to sensitive electronic health
    information.
  • Develop a professional, effective staff update that educates
    interprofessional team members about protecting the security, privacy,
    and confidentiality of patient data, particularly as it pertains to
    social media usage.
• Competency 5: Apply professional, scholarly communication to
  facilitate use of health information and patient care technologies.
  • Follow APA style and formatting guidelines for citations and references.
  • Create a clear, concise, well-organized, and professional staff
    update that is generally free from errors in grammar, punctuation, and
    spelling.

undefined

Preparation

undefined

To successfully prepare to complete this assessment, complete the following:

undefined

• Review the infographics on protecting PHI provided in the
  resources for this assessment, or find other infographics to review.
  These infographics serve as examples of how to succinctly summarize
  evidence-based information.
  • Analyze these infographics and distill them into five or six
    principles of what makes them effective. As you design your
    interprofessional staff update, apply these principles. Note:
    In a staff update, you will not have all the images and graphics that
    an infographic might contain. Instead, focus your analysis on what makes
    the messaging effective.
• Select from any of the following options, or a combination of options, the focus of your interprofessional staff update:
  • Social media best practices.
  • What not to do: social media.
  • Social media risks to patient information.
  • Steps to take if a breach occurs.
• Conduct independent research on the topic you have selected in
  addition to reviewing the suggested resources for this assessment. This
  information will serve as the source(s) of the information contained in
  your interprofessional staff update. Consult the BSN Program Library Research Guide for help in identifying scholarly and/or authoritative sources.

undefined

Instructions

undefined

In this assessment, assume you are a nurse in an acute care,
community, school, nursing home, or other health care setting. Before
your shift begins, you scroll through Facebook and notice that a
coworker has posted a photo of herself and a patient on Facebook. The
post states, “I am so happy Jane is feeling better. She is just the best
patient I’ve ever had, and I am excited that she is on the road to
recovery.”

undefined

You have recently completed your annual continuing education
requirements at work and realize this is a breach of your organization’s
social media policy. Your organization requires employees to
immediately report such breaches to the privacy officer to ensure the
post is removed immediately and that the nurse responsible receives
appropriate corrective action.

undefined

You follow appropriate organizational protocols and report the
breach to the privacy officer. The privacy officer takes swift action to
remove the post. Due to the severity of the breach, the organization
terminates the nurse.

undefined

Based on this incident’s severity, your organization has established a task force with two main goals:

undefined

• Educate staff on HIPAA and appropriate social media use in health care.
• Prevent confidentiality, security, and privacy breaches.

undefined

The task force has been charged with creating a series of interprofessional staff updates on the following topics:

undefined

• Social media best practices.
• What not to do: Social media.
• Social media risks to patient information.
• Steps to take if a breach occurs.

undefined

You are asked to select one or more of the topics and create the content for a staff update containing a maximum of two content pages. When distributed to interprofessional team members, the update will consist of one double-sided page.

undefined

The task force has asked team members assigned to the topics to
include the following content in their updates in addition to content on
their selected topics:

undefined

• What is protected health information (PHI)?
  • Be sure to include essential HIPAA information.
• What are privacy, security, and confidentiality?
  • Define and provide examples of privacy, security, and
    confidentiality concerns related to the use of the technology in health
    care.
  • Explain the importance of interdisciplinary collaboration to safeguard sensitive electronic health information.
• What evidence relating to social media usage and PHI do interprofessional team members need to be aware of? For example:
  • How many nurses have been terminated for inappropriate social media use in the United States?
  • What types of sanctions have health care organizations imposed
    on interdisciplinary team members who have violated social media
    policies?
  • What have been the financial penalties assessed against health care organizations for inappropriate social media use?
  • What evidence-based strategies have health care organizations
    employed to prevent or reduce confidentiality, privacy, and security
    breaches, particularly related to social media usage?

undefined

Notes

undefined

• Your staff update is limited to two double-spaced content pages.
  Be selective about the content you choose to include in your update so
  you can meet the page length requirement. Include need-to-know information. Omit nice-to-know information.
• Many times people do not read staff updates, do not read them
  carefully, or do not read them to the end. Ensure your staff update
  piques staff members’ interest, highlights key points, and is easy to
  read. Avoid overcrowding the update with too much content.
• Also, supply a separate reference page that includes two or three
  peer-reviewed and one or two non-peer-reviewed resources (for a total of
  3–5 resources) to support the staff update content.

undefined

Additional Requirements

undefined

• Written communication: Ensure the staff update is free from errors that detract from the overall message.
• Submission length: Maximum of two double-spaced content pages.
• Font and font size: Use Times New Roman, 12-point.
• Citations and references: Provide a separate
  reference page that includes 2–3 current, peer-reviewed and 1–2 current,
  non-peer-reviewed in-text citations and references (total of 3–5
  resources) that support the staff update’s content. Current mean no
  older than 5 years.
• APA format: Be sure your citations and references adhere to APA format. Consult the Evidence and APA page for an APA refresher.

undefined