What Happens When a Nurse Breaches Patient Confidentiality?

Kathy Quan RN BSN PHN - 03/12/19

Confidentiality is a major issue in health care. It not only builds a strong trust between patient and provider as well as the entire health care team including nurses, aides, therapists, social workers, administrative personnel, and students. Confidentiality also ensures the confidence of the community to respect and trust the health care providers. Without this respect, the health care system could be compromised, and care adversely affected.

Improper disclosure of private health care information can damage the reputation of the patient as well as the provider. Information contained in medical records incudes both personal and public information which can be based on objective data and/or subjective data. This data can be highly sensitive information about tests and diagnostics as well as the patient’s lifestyle, recreational activities and habits.

What is HIPAA?

  • To maintain the privacy of health information
  • Ensure the security of electronic records
  • Simplify administrative tasks
  • Allow for insurance portability from one job to another

HIPAA also provides for standardized codes for diagnostics and transactions. It ensures physical, technical and administrative safeguards are in present for all health care records. And employees are able to maintain their health insurance even in the event they lose their job or decide to change jobs.

Need to know

One of the most important aspects of HIPAA is the need to know premise. This ensures that no health care professional will access a patient’s medical records unless they have direct need to know the information. Exceptions include such things as the information poses a threat to public health or safety, military personnel are a threat to his/her job or the safety of the national security, law enforcement issues are involved, worker’s compensation cases, essential government functions, etc.

One of the more common issues under HIPAA is for instance, a celebrity is admitted to your facility. Natural curiosity would give rise to looking up the chart to see why this person was admitted. Other information such as demographic or contact information might be nice to know along with the room number the patient is currently staying in. Under HIPAA, unless that patient in under your direct care, and you need to access the chart to document, you are forbidden from perusing the information and may be reprimanded, punish or even fired for doing so depending on the infraction. Your employer may designate who needs to access the information if it is deemed permissible. 

Take it further. You are assigned to care for the patient, and you are a huge fan. An autograph or selfie would be the best thing ever. A new scoop or a couple of photos might even bring in some extra money that you could certainly use. Or just to be able to post to social media will make your friends take notice of you and express some jealousy. To do any of this is totally unprofessional and again could get you written up or fired. Either could also cause a lawsuit against you and your facility. Your facility may not have your back and often cases against the facility are dropped citing the nurse knew what s/he was doing was wrong. Depending on the severity, you could even face suspension or loss of your license.

It doesn’t have to be a celebrity. All patients and their information are off limits unless you have a need to know, and only then do you have the right to access information that pertains to your reason to look at the chart unless otherwise directed. The circumstances could be about a friend, a relative, an enemy, or just someone who lives down the street from you. If you don’t have a need to know, you have no right to access patient information. And this also means you cannot use the information and you certainly may not disclose the information to anyone.

Social media posting

Social media posting is the fastest way to find yourself breaching patient confidentiality. Even if the patient encourages you to take a selfie or just to take their photo, thank them nicely and explain it’s not acceptable.

In addition, posting about your child, your spouse, parents, siblings or other relatives and their experiences in health care situations can be a clear violation of HIPAA. If they give you permission to post information or photos, be sure to indicate you have their permission. And remember, unless you have it in writing it is a possibility, they can deny giving you permission.

If you have something important to share, be sure to change up the identifying facts, or avoid mentioning them. If it’s plastered all over your site where you work and the news has announced a celebrity sighting at such and such facility, then use common sense and don’t post!

Guard medical records with your life. This is especially true if you work in a field such as home health or hospice where you create electronic records on a laptop, or paper records to turn in later in the week. Secure them in your car out of sight and out of reach of family members. Think about what might happen to your paperwork if you got into an accident. Would it get strewn all over the road? Or did you drop some of it while trying to get into your car? Be aware at all times and safeguard your patient information.


Honest mistakes happen to anyone, and when least expected. Those can be forgiven, but sometimes even a mistake will bring about a reprimand or write up because the patient or loved one is making a stink and your employer is obligated to “do something.” Nurses are expected to know, understand and follow patient privacy laws within their jurisdiction for practice. Staying abreast of changes or expansion of laws and regulations is part of a nurse’s responsibilities. Continuing education for nurses helps nurses stay up to date on all changes in regulations and laws. More severe violations or repeat offenses can end up in your termination for cause. This can make it harder to find another job. Some offenses are considered felonies and carry strong monetary fines, termination and possible loss of your license. If your employer is caught in a lawsuit or made to pay fines, be assured the trouble is going to fall on your shoulders as well.

Think about yourself and your lifestyle, your habits, your medical conditions. Would you want just anyone or everyone knowing all about them? What about your loved ones? Consider your patients to be as important and significant as you or anyone in your circle of friends and family. Care for them as you would want to be cared for or to have your loved ones cared for. Protect them from any harm including disclosure of information.