A nurse posted the following comment on her social media page: “Can this shift be any longer? It started out with a waiting room full of nagging people that don’t seem to know what “emergency” means. Then I had to deal with the drama of trying to transfer a 400 lbs. (no joke) intubated COPD patient down the hall to the ICU, those ICU nurses are such divas and I wasn’t in the mood for their whining. Someone help!
- Describe the privacy and security issues related to this social media posting.
First, an effective nurse-patient relationship requires trust, dignity, and respect. Social media can be used in many forms by either shedding a positive or negative light on a place or situation. What is acceptable and not acceptable relies on how it is portrayed on the social media platform. Posts on social media that include patient identifiers are considered a violation of HIPPA laws. The HIPPA law, federal law ensures that patient medical data remains private and secure.
In this scenario, we do not see the use of pictures or names but online comments and descriptions of a healthcare organization and staff will violate patient privacy and the institutions’ policy. Edemekong et al (2021) explain the differences in HIPAA privacy rules, usage, and disclosure of information. Privacy rules require patient consent on how personal information is disclosed, whereas usage shows how information is used in healthcare organizations and, the disclosure of the information is regulated on who it is shared with outside of the healthcare setting. The privacy rule covers the nurse known as the “covered entities” to discuss patient health but the disclosure of information was unethical, unprofessional, and did not uphold the HIPPA regulations. The nurse violated patient privacy and security by using the patients’ description, health condition, and location within the hospital. As a healthcare provider, it was disclosure of a patient health status viewed to the public that can be deemed identifiable.
A nurse educator is preparing a presentation poster for an infectious disease conference. She includes pictures of varying stages of a client’s lesions in the poster.
- Describe the privacy and security issues related to the inclusion of patient information on the poster.
The HIPAA Privacy Rule prohibits the disclosure of patient health information on any social media without the consent of patients. This rule includes text, pictures, videos, or any images that can determine the patient’s identity. Kayaalp (2018) and Nettrour et al (2018) state that the use of clinical photographs that are de-identified in accordance with HIPAA/Privacy Rule is not considered a breach to patients. HIPPA regulatory framework is intended to provide a balance between protecting patient health information and as well as permitting access for secondary use by de-identification methods. The nurse educator may use pictures of lesions in varying stages for educational purposes by excluding the 18 identifiers known as the Safe Harbor Method or the expert determination method which entails analysis and review by an expert in statistics. The use of patient health information, in this case, would require authorization from the patient. No identifiable areas of the patient’s body should be revealed in the poster and only patient lesions may be used. In my educational journey, I have seen different wounds of patients in wound care conferences used to explain and describe stages of pressure injuries.
- Marcus was admitted to the hospital from a long-term care facility. He was diagnosed with dehydration and delirium. He is expected to return to the facility. The charge nurse at the facility calls for an update regarding his status.
- Describe the privacy and security issues related to sharing this information with the long-term care facility.
According to the U.S Department of Health and Human Services (2020), a privacy rule is to verify organizations take reasonable actions and steps to identify those individuals seeking discharge plans and that permitted access to patient information. This scenario happens all the time and I usually defer to the social worker and primary team by taking a name and call back number. It is very challenging to verify who is on the other end of a call to protect the patients’ information. An update to the facility is usually done by the social workers and or care coordinator managers in an in-patient setting caring for the patient. Verification can be made by these healthcare workers to ensure the right information is given to the right patient in the long-term care facility which is usually done electronically. This will ensure the patients’ privacy and security are not violated.
Department of Health and Human Services (2020). Individuals’ Right under HIPAA to Access their Health Information. Retrieved from
Edemekong, P. F., Annamaraju, P., & Haydel, M. J. (2021). Health Insurance Portability and Accountability Act. In StatPearls. StatPearls Publishing.
Kayaalp, M. (2018). Patient Privacy in the Era of Big Data. Balkan Medical Journal, 35(1), 8–17. https://doi.org/10.4274/balkanmedj.2017.0966 (Links to an external site.)
Nettrour, J. F., Burch, M. B., & Bal, B. S. (2018). Patients, pictures, and privacy: managing clinical photographs in the smartphone era. Arthroplasty Today, 5(1), 57–60. https://doi.org/10.1016/j.artd.2018.10.001