Avoiding Liability Bulletin – October 15, 2011
As a nurse, you know the importance of a patient’s right to privacy and confidentiality. These rights are grounded in the law and in ethical principles that govern the nursing profession, including the American Nurses Association’s Code of Ethics for Nurses With Interpretive Statements (1).
Patient privacy and confidentiality in health care is essential. The right of privacy protects a patient from unwanted intrusions into his life and into information about his health, illness, and treatment. The protection of confidentiality ensures the patient that information obtained during treatment will be shared only with those who are providing health care, unless consent is given for others to receive the patient’s information or an exception to the protection of confidentiality applies (e.g., to protect the patient).
Moreover, the Health Insurance Portability and Accountability Act (HIPPA) (2) and its 2009 amendments, the Health Information Technology For Economic And Clinical Health Act (HITECH ACT) (3), along with state laws, provides additional privacy and security protections of personal identifiable health care information (PHI), with serious liability repercussions if the law is violated.
Social networking has become one of the main sources of communicating in today’s world. Whether it take place on sites such as Facebook ®, Linked In ®, Tweeter ®, or in the form of simply emailing or texting another on a computer or mobile device respectively, this form of communicating has set records of use far above almost any other form of communication in years past.
While such communication has its very positive sides—including the dissemination of information quickly and almost without bounds, the ability to easily connect with friends and colleagues at any time of the day or night, and the vast, instantaneous availability of nursing practice literature, nursing practice issues and research results, its use has major legal and ethical implications for nurses in the employment setting in regard to patient privacy and confidentiality.
It is important to remember that information, data, research or anything else placed on a social network can be seen by almost anyone unless the site has a controlled access. For you as a nurse, this means that a current or former patient, a current or former employer, or the state board of nursing and/or its investigators, as examples, can easily browse networking sites, web pages, and blogs.
Imagine, then, how many health care employers might review such sites for information posted by current employees on a regular basis, especially for information relating to their jobs and the patients for whom they provide care.
In fact, National Council of State Boards of Nursing (NCSBN) figures indicated that in 2010, 33 state boards of nursing received complaints against nurse licensees who violated patient privacy while using some form of social networking (4).
Regardless of the type of social networking you might use while at work and/or about work, there are several steps you can take to ensure that patient privacy and confidentiality are not compromised (which may result in liability for you and your employer) and, at the same time, you do not place yourself at risk for a disciplinary action by a state board of nursing. Some of those steps include:
- Know your employer’s policy on social networking and adhere to it;
- Review The Code For Nurses regularly and apply its provisions regarding patient privacy and confidentiality;
- Know the parameters of HIPAA’s Privacy and Security Rules and the HITECH Act’s amendments;
- Never post or discuss patient PHI online;
- Critically evaluate any interaction on line with patients, keeping in mind the obligation to maintain professional boundaries of the nurse-patient relationship;
- Be an active member of your workplace’s policy and procedure committee to order to provide input into the development of a social media policy if you do not have one;
- Don’t expect any privacy with on-line material when using an employer computer or other electronic device;
- Remember that simply changing a patient’s name, age, diagnosis or other facts about him or her may not prevent the patient from being identified by others, especially the patient’s family or friends and those with whom you work;
- Be prepared to report to administrators identified in your workplace policy those co-workers who breach patient privacy and confidentiality;
- Don’t lend your social networking devices to a co-worker for his or her use; and
- Don’t post pictures of any patient and/or his family (5).
1. American Nurses Association (2001). Code Of Ethics For Nurses With Interpretative Statements. Silver Spring, MD:
author. Available at www.nursingworld.org (Click on “Nursing Ethics” then “Code of Ethics” from drop down menu). Accessed October 5, 2011.
2. Health Insurance Portability And Accountability Act of 1966,
(HIPAA), 26 U.S.C. Section 294, 42 U.S.C. Sections 201,-
3. Public Law 111-5. A good resource for the HITECH Act is: Marilyn Lamar (2010), “HIPAA Privacy And Security Changes Under The HITECH Provisions of ARRA”, in 2010 Health Law Handbook. Alice Gosfield, Editor. Eagan, MN: Thomson Reuters/West, 401-437.
4. American Nurses Association (2011). Navigate Nursing: ANA Leadership Resources. Available at email@example.com . Accessed October 13, 2011.
5. See, American Nurses Association (2011). Principles For Social Networking And The Nurse: Guidance For Registered Nurses. Silver Spring, MD: author. Available at www.nursingworld.org (place name of publication in search bar, then click on link: ANA Releases Social Network Principles…..). Accessed September 8, 2011;
Kathleen Pagana ( August 22, 2011), “Facebook ® : Know The Policy Before Posting”, Nursing Spectrum Greater Chicago Edition, 20-25; Michael Smith (2011), “Social Networking Websites Dos And Don’ts”. Available at http://respiratory-care-sleep-medicine.advanceweb.com/Columns/Legally-Speaking/Social….”. Accessed September 28, 2011.