Protected Health Information: Best Practices

Laws Protecting Sensitive Electronic Health Information

Protecting patient information is concerned with privacy, confidentiality, and security. Privacy refers to the individual’s right to decide how his/her personal data can be used and shared. Confidentiality means healthcare professionals’ obligation not to disclose any patient information they possess. Security means restraining strangers from gaining access to sensitive health information. The federal law protecting patients’ privacy is Health Insurance Portability and Accountability Act (HIPAA), passed in 1996. This law introduced the notion of protected health information (PHI), defined as any patient information related to the patient’s past, present, or future health condition, received healthcare, or payment for medical services (EveryNurse, 2018). Within HIPAA, there are Privacy, Security, and Breach Notification Rules protecting patient information. The Privacy Rule regulates the disclosure of patient information by healthcare providers (Sherman, 2018). The Security Rule applies to electronic health information and sets physical, administrative, and technical standards for ensuring patient privacy (Sherman, 2018). Under the Breach Notification Rule, healthcare providers should notify the HHS of any impermissible disclosure of PHI.

Privacy, Security, and Confidentiality Concerns Related to Social Media Use

The use of social media by healthcare professionals poses several risks to patient information. First, communication between healthcare providers and patients on social media blurs professional boundaries and can compromise sensitive information shared via such media (Lefebvre et al., 2020). Second, social media notifications distract nurses from their work and negatively affect their productivity, memory, and concentration on tasks (Lefebvre et al., 2020). Sharing patient information, such as photos or videos in which patients can be identified, is another concern. When such content is posted, the person who did this no longer controls the spread of this information (Hennessy et al., 2019). According to NCSBN (2018), even if the nurse deletes the post containing patient information, it will remain on the server, thus making it available for retrieval. In addition, users can make screenshots of impermissible posts and spread them further uncontrollably.

The Importance of Interdisciplinary Collaboration

Interdisciplinary collaboration is crucial for ensuring the security of PHI because different healthcare professionals caring for the same patient have to share patient information among them. In this sharing process, the interprofessional team should prevent the third party from gaining access to PHI. Healthcare professionals no longer engaged in the care of a particular patient are considered the third party and should not be given information about this patient (NCSBN, 2018). If the interprofessional team fails to maintain the confidentiality of PHI, its members can be punished with fines, suspension, exclusion from the nursing school, loss of license, employment termination, or jail time (EveryNurse, 2018). For example, in 2019, 50 healthcare workers at Northwestern Memorial Hospital, Chicago, were fired for viewing Jessie Smollett’s medical records (EveryNurse, 2018).

Evidence-Based Strategies: What Not to Do on Social Media

To prevent confidentiality breaches, healthcare providers should refrain from posting any patient-related information, even if the patient has given oral consent to it. Deleting the posted content or marking it as private will not help as it will still be stored on servers. Even if the nurse does not state the name of the patient on social media, such details as the health condition, the room number, or a nickname can help identify the patient, so disclosing them will be a breach of privacy (NCSBN, 2018). Taking photos or videos of patients on personal devices is also prohibited (NCSBN, 2018). Healthcare professionals should not disparage patients on social media even if patients’ identities are not disclosed (NCSBN, 2018). Healthcare workers are also discouraged from communicating with patients via social media to maintain professional boundaries and ethics.


EveryNurse. (2018). How nurses should be using social media. Web.

Hennessy, C. M., Smith, C. F., Greener, S., & Ferns, G. (2019). Social media guidelines: a review for health professionals and faculty members. The Clinical Teacher, 16(5), 442-447. Web.

Lefebvre, C., McKinney, K., Glass, C., Cline, D., Franasiak, R., Husain, I., Pariyadath, M., Roberson, A., McLean, A., & Stopyra, J. (2020). Social media usage among nurses: Perceptions and practices. The Journal of Nursing Administration, 50(3), 135-141. Web.

National Council of State Boards of Nursing [NCSBN]. (2018). A nurse’s guide to the use of social media. Web.

Sherman, J. (2018). Double secret protection: Bridging federal and state law to protect privacy rights for telemental and mobile health users. Duke Law Journal, 67(5), 1115-1153.

Find out your order's cost