Introduction
Health care providers today must develop their skills in mitigating risks to their patients and themselves related to patient information. At the same time, they need to be able distinguish between effective and ineffective uses of social media in health care.
This assessment will require you to develop a staff update for an interprofessional team to encourage team members to protect the privacy, confidentiality, and security of patient information.
Professional Context
Health professionals today are increasingly accountable for the use of protected health information (PHI). Various government and regulatory agencies promote and support privacy and security through a variety of activities. Examples include:
- Meaningful use of electronic health records (EHR).
- Provision of EHR incentive programs through Medicare and Medicaid.
- Enforcement of the Health Insurance Portability and Accountability Act (HIPAA) rules.
- Release of educational resources and tools to help providers and hospitals address privacy, security, and confidentiality risks in their practices.
Technological advances, such as the use of social media platforms and applications for patient progress tracking and communication, have provided more access to health information and improved communication between care providers and patients.
At the same time, advances such as these have resulted in more risk for protecting PHI. Nurses typically receive annual training on protecting patient information in their everyday practice. This training usually emphasizes privacy, security, and confidentiality best practices such as:
- Keeping passwords secure.
- Logging out of public computers.
- Sharing patient information only with those directly providing care or who have been granted permission to receive this information.
Today, one of the major risks associated with privacy and confidentiality of patient identity and data relates to social media. Many nurses and other health care providers place themselves at risk when they use social media or other electronic communication systems inappropriately. For example, a Texas nurse was recently terminated for posting patient vaccination information on Facebook. In another case, a New York nurse was terminated for posting an insensitive emergency department photo on her Instagram account.
Preparation
Scenario
In this assessment, imagine you are a nurse in one of the health care settings described in the following resource:
- Assessment 02 Supplement: Protected Health Information [PDF]Download Assessment 02 Supplement: Protected Health Information [PDF]
Before your shift begins, you scroll through Facebook and notice that a coworker has posted a photo of herself and a patient on Facebook and described how happy she is that her patient is making great progress. You have recently completed your annual continuing education requirements at work and realize this is a breach of your organization’s social media policy. Your organization requires employees to immediately report such breaches to the privacy officer to ensure the post is removed immediately and that the nurse responsible receives appropriate corrective action.
You follow appropriate organizational protocols and report the breach to the privacy officer. The privacy officer takes swift action to remove the post. Due to the severity of the breach, the organization terminates the nurse.
Based on this incident’s severity, your organization has established a task force with two main goals:
- Educate staff on HIPAA and appropriate social media use in health care.
- Prevent confidentiality, security, and privacy breaches.
The task force has been charged with creating a series of interprofessional staff updates on the following topics:
- Social media best practices.
- What not to do: Social media.
- Social media risks to patient information.
- Steps to take if a breach occurs.
Instructions
First, select one of the health care settings described in the following resource:
- Assessment 02 Supplement: Protected Health Information [PDF]Download Assessment 02 Supplement: Protected Health Information [PDF]
As a nurse in this setting, you are asked to create the content for a staff update containing a maximum of two content pages that address one or more of these topics:
- Social media best practices.
- What not to do: social media.
- Social media risks to patient information.
- Steps to take if a breach occurs.
This assessment is not a traditional essay. It is a staff educational update about PHI. Consider creating a flyer, pamphlet, or one PowerPoint slide (not an entire presentation). Remember it should not be more than two pages (excluding a title and a reference page).
The task force has asked team members assigned to the topics to include the following content in their updates in addition to content on their selected topics:
- What is protected health information (PHI)?
- Be sure to include essential HIPAA information.
- What are privacy, security, and confidentiality?
- Define and provide examples of privacy, security, and confidentiality concerns related to the use of technology in health care.
- Explain the importance of interdisciplinary collaboration to safeguard sensitive electronic health information.
- What evidence relating to social media usage and PHI do interprofessional team members need to be aware of? For example:
- What are some examples of nurses being terminated for inappropriate social media use in the United States?
- What types of sanctions have health care organizations imposed on interdisciplinary team members who have violated social media policies?
- What have been the financial penalties assessed against health care organizations for inappropriate social media use?
- What evidence-based strategies have health care organizations employed to prevent or reduce confidentiality, privacy, and security breaches, particularly related to social media usage?
Notes
- Your staff update is limited to two double-spaced content pages. Be selective about the content you choose to include in your update so you can meet the page length requirement. Include need-to-know information. Omit nice-to-know information.
- Many times people do not read staff updates, do not read them carefully, or do not read them to the end. Ensure your staff update piques staff members’ interest, highlights key points, and is easy to read. Avoid overcrowding the update with too much content.
- Also, supply a separate reference page that includes two or three peer-reviewed and one or two non-peer-reviewed resources (for a total of 3–5 resources) to support the staff update content.
Additional Requirements
- Written communication: Ensure the staff update is free from errors that detract from the overall message.
- Submission length: Maximum of two double-spaced content pages.
- Font and font size: Use Times New Roman, 12-point.
- Citations and references: Provide a separate reference page that includes 2–3 current, peer-reviewed and 1–2 current, non-peer-reviewed in-text citations and references (total of 3–5 resources) that support the staff update’s content. Current means no older than 5 years.
- APA format: Be sure your citations and references adhere to APA format.
Competencies Measured
By successfully completing this assessment, you will demonstrate your proficiency in the following course competencies and scoring guide criteria:
- Competency 1: Describe nurses’ and the interdisciplinary team’s role in informatics with a focus on electronic health information and patient care technology to support decision making.
- Describe the security, privacy, and confidentially laws related to protecting sensitive electronic health information that govern the interdisciplinary team.
- Explain the importance of interdisciplinary collaboration to safeguard sensitive electronic health information.
- Competency 2: Implement evidence-based strategies to effectively manage protected health information.
- Identify evidence-based approaches to mitigate risks to patients and health care staff related to sensitive electronic health information.
- Develop a professional, effective staff update that educates interprofessional team members about protecting the security, privacy, and confidentiality of patient data, particularly as it pertains to social media usage.
- Competency 5: Apply professional, scholarly communication to facilitate use of health information and patient care technologies.
- Follow APA style and formatting guidelines for citations and references.
- Create a clear, concise, well-organized, and professional staff update that is generally free from errors in grammar, punctuation, and spelling.
-
Protected Health Information (PHI): Privacy, Security, and Confidentiality Best Practices Scoring Guide
CRITERIA NON-PERFORMANCE BASIC PROFICIENT DISTINGUISHED Describe the security, privacy, and confidentially laws related to protecting sensitive electronic health information that govern the interdisciplinary team. Does not describe the security, privacy, and confidentially laws related to protecting sensitive electronic health information that govern the interdisciplinary team. Attempts to identify the security, privacy, and confidentially laws related to protecting sensitive electronic health information that govern the interdisciplinary team. Describes the security, privacy, and confidentially laws related to protecting sensitive electronic health information that govern the interdisciplinary team. Provides a comprehensive and insightful summary of confidentially laws related to protecting sensitive electronic health information that govern the interdisciplinary team. Explain the importance of interdisciplinary collaboration to safeguard sensitive electronic health information. Does not explain the importance of interdisciplinary collaboration to safeguard sensitive electronic health information. Explains interdisciplinary collaboration to safeguard sensitive electronic health information, but the explanation lacks detail or is missing critical information. Explains the importance of interdisciplinary collaboration to safeguard sensitive electronic health information. Explains in detail, and with professional insight, the importance of interdisciplinary collaboration to safeguard sensitive electronic health information. Identify evidence-based approaches to mitigate risks to patients and health care staff related to sensitive electronic health information. Does not identify evidence-based approaches to mitigate risks to patients and health care staff related to sensitive electronic health information. Attempts to identify evidence-based approaches to mitigate risks to patients and health care staff related to sensitive electronic health information; however, omissions and errors exist. Identifies evidence-based approaches to mitigate risks to patients and health care staff related to sensitive electronic health information. Identifies multiple appropriate and well-researched evidence-based approaches to mitigate risks to patients and health care staff related to sensitive electronic health information. Develop a professional, effective staff update that educates interprofessional team members about protecting the security, privacy, and confidentiality of patient data, particularly as it pertains to social media usage. Does not develop a professional, effective staff update that educates interprofessional team members about protecting the security, privacy, and confidentiality of patient data, particularly as it pertains to social media usage. Attempts to develop a staff update that educates interprofessional team members about protecting the security, privacy, and confidentiality of patient data, particularly as it pertains to social media usage. Develops a professional, effective staff update that educates interprofessional team members about protecting the security, privacy, and confidentiality of patient data, particularly as it pertains to social media usage. Develops a comprehensive, professional, and effective staff update that educates interprofessional team members about protecting the security, privacy, and confidentiality of patient data, particularly as it pertains to social media usage. Follow APA style and formatting guidelines for citations and references. Does not follow APA style and formatting guidelines for citations and references. Partially adheres to APA style and formatting guidelines for citations and references. Formatting inhibits effective communication or detracts from good scholarship. Follows APA style and formatting guidelines for citations and references. Academic citations and references are largely error-free. Follows flawless APA style and formatting guidelines for citations and references. Create a clear, concise, well-organized, and professional staff update that is generally free from errors in grammar, punctuation, and spelling. Does not create a clear, concise, well-organized, and professional staff update that is generally free from errors in grammar, punctuation, and spelling. Creates a staff update that contains errors in grammar, punctuation, and spelling that distract from good scholarship. Staff update is more than two pages of content. Creates a clear, concise, well-organized, and professional staff update that is generally free from errors in grammar, punctuation, and spelling. Creates a clear, concise, well-organized, and professional staff update that is generally free from errors in grammar, punctuation, and spelling. Adheres to all applicable disciplinary and scholarly writing standards.
Remember that your assessment will be graded according to the Scoring Guide Rubric. Please review it to help you most fully address the scoring criteria in your staff update. The format you select for your update is up to you, but be sure you fully address each scoring criterion. Special formatting, colors and fonts, and graphics will not contribute to your score, so don’t invest a great deal of time into that. Many students submit their updates as a regular WORD document, which is fine. In order to fully address each scoring criterion you will likely need to exceed the suggested 2-page format, which is perfectly fine.
- Criterion #1 – HIPAA was the original security, privacy and confidentiality law relating to PHI. More recently, the HITECH Act reinforced HIPAA and increased the severity of penalties for non-compliance. I would encourage you to check out these two governmental resources:
https://www.healthit.gov/sites/default/files/pdf/privacy/onc_privacy_and_security_chapter4_v1_022112.pdfLinks to an external site. and https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.htmlLinks to an external site.
Criterion # 2 – Focus on INTERDISCIPLINARY collaboration related to sensitive ELECTRONIC health information, not just to social media. The Vos and Kruse articles recommended for Assessment 1 provides some great information that will help you address this criterion.
Criterion #3 – This criterion requires you to “Identify evidence-based approaches to mitigate risks to patients and health care staff related to sensitive electronic health information.” Evidence-based approaches refers here to specific tools, procedures, methods and protocols used to protect sensitive electronic health information. The Kruse article from Assessment 1 identifies the “3 pillars of HIPAA” and addresses a number of specific approaches within each pillar. The “healthit” document suggested above also addresses some great methods. Simply providing a “Do and Don’t” list of social media practices is not sufficient.
Vos, Boonstra, Kooistra, Seelen & van Offenbeck. (2020). The influence of electronic health record use on collaboration among medical specialties. BMC Health Services Research.
Kruse, Smith, Vanderlinden & Nealand. (2017). Security techniques for the electronic health records. Journal of Medical Systems, 41(8), 127.