HIPAA, PHI, and You

HIPAA, PHI, and You

Nurses can run into this situation every day: A friend or co-worker of a patient visits the hospital or clinic and wants to know health information about the patient. The friend wants to know dearly, but he or she may not be on the needs-to-know basis according to HIPAA, or the Health Insurance Portability and Accountability Act of 1996. This can put nurses in a tough spot, as nurses are often more accessible to patient friends and family than doctors.


It can be tough to quickly absorb the entirety of the HIPAA law, even after training and study. Here are some initial questions you can ask to ensure that you’re keeping patient information safe and secure:


For the day-to-day:

  1. Who needs to know the information about this patient?
  2. Do I need to know this information in order to do my job?
  3. Who in this patient’s family needs to know, and who is permitted to know?
  4. Could the information on this medicine bottle/IV/tray be seen by others?
  5. Can anyone who does not need to know overhear me when I speak with this patient about his/her condition or personal health?

For the tech world:

  1. Does this email contain PHI, or protected health information? Is this information identifiable with the patient’s name, email address, phone number, or birthday?
  2. Is this email sent over a secure patient portal, or a HIPAA-compliant server? 
  3. Could this computer ever be stolen?



Nurses have the advantage of having incredible empathy for patients; yet, even the most empathetic nurse may be making mistakes when it comes to HIPAA. In a perfect world, we’d all like to just do what is right, and the above checklist can help keep things easy and secure. If you are ever curious to learn more about HIPAA, we recommend checking out the official website, here.