1

Protected Health Information (PHI): Privacy, Security, and Confidentiality Best

Practices

Student’s Name

Institutional Affiliation

Course

Professor

Date

Protected Health Information (PHI) Privacy, Security, and Confidentiality

PHI is an acronym for protected health Concerns

information, which entails all individual health, Various privacy, security, and confidentiality

including medical histories, tests, demographic issues are associated with using technology. For

data, insurance information, or any other instance, hackers can gain unauthorized access to a

material employed to identify a patient for the hospital’s electronic health information system and

delivery of healthcare services. In this case, publicly disclose PHI. Furthermore, authorized
 2

“protected” implies that the information falls personnel has been social engineering targets,

under the Health Insurance Portability and where people with malicious intent exploit human

Accountability Act (HIPAA). This federal law error to gain access to PHI, which poses a

defines privacy rules for the disclosure and significant threat to patient information. Besides,

sharing of PHI by healthcare providers, health lost or misplaced mobile devices represent an

plans, and business associates, also called enormous security risk. Any device used to access

covered entities (Tariq & Hackert, 2021). an organization’s network becomes a liability once

Privacy, Security, and Confidentiality it falls into the wrong hands (Argaw et al., 2020).

Chapple (2021) define privacy within healthcare as The Importance of Interdisciplinary

the authorized and reasonable use of a patient’s Collaboration

PHI, such as test results and insurance information. Interprofessional team members need to work

Privacy allows patients to determine how covered together to safeguard PHI. In most scenarios,

entities collect, share and store PHI (Chapple, healthcare systems are centralized, implying that a

2021). On the other hand, security involves using breach at a single location makes the entire system

various safeguards such as password protection, vulnerable. Interdisciplinary collaboration will

data encryption, and physical security to guarantee ensure that all parties involved in patient care are

the confidentiality and integrity of PHI. Lastly, familiar with HIPAA privacy rules and follow

confidentiality is the expectation that medical organizational guidelines to safeguard patients’

practitioners will protect PHI from unauthorized sensitive information (Jarrin & Parakh, 2021). It

access or disclosure to unapproved parties (Bhuyan will also ensure that other care team members are

et al., 2020). For instance, practitioners are not punished for the mistakes of others.

expected to limit the sharing of sensitive patient Evidence-Based Strategies to Prevent HIPAA

information within the perimeters of healthcare. Violation

Essential Evidence for Interprofessional Team Healthcare organizations leverage various

Members evidence-based strategies to ensure HIPAA

While there is no publicly available data on the compliance. For instance, training all hospital staff
 3

total number of nurses fired for violating HIPPA who come into contact with PHI on HIPAA

rules on PHI, several news outlets have shown that guidelines regarding sharing patients’ confidential

such cases are rampant. For example, in 2019, information. Hospitals also identify and respond to

about 50 healthcare staff including nurses at a anticipated threats to the integrity and security of

hospital in Chicago, were fired for improperly PHI through various policies, such as restricting

reviewing a patient’s health record (Wofford, access to PHI on a need-to-know basis, conducting

2019). In another case, a nurse at a Florida hospital internal audits, and ensuring all employees use

was fired after posting photos of a newborn on secure passwords. Hospitals also ensure the safe

Facebook without parents' consent (Acevedo, disposal of documents containing PHI, for example

2021). In addition to employment termination, pulping and shredding to minimise chances of

there are sanctions and financial penalties for reconstruction (Tariq & Hackert, 2021).

violating social media policies. This includes

written letters of reprimand, suspensions,

probation, and fines of up to $250,000, depending

on the nature of the violation.

References
 4

Acevedo, N. (2021. October 2). Florida nurse fired after posting photos of baby born with birth defect

on social media. NBC News. https://www.nbcnews.com/news/us-news/florida-nurse-fired-

after-posting-photos-baby-born-birth-defect-n1280627.

Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M. V., Calcavecchia, F., Anderson, D., &

Flahault, A. (2020). Cybersecurity of Hospitals: discussing the challenges and working

towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1), 1-10.

https://doi.org/10.1186/s12911-020-01161-7

Bhuyan, S. S., Kabir, U. Y., Escareno, J. M., Ector, K., Palakodeti, S., Wyant, D., & Dobalian, A.

(2020). Transforming healthcare cybersecurity from reactive to proactive: current status and

future recommendations. Journal of Medical Systems, 44(5),

1-9.https://doi.org/10.1007/s10916-019-1507-y

Chapple, M. (2021, October 28). Security, privacy and confidentiality: What’s the difference?

EdTech. Retrieved October 8, 2022, from

https://edtechmagazine.com/higher/article/2019/10/security-privacy-and-confidentiality-

whats-difference

Jarrin, R., & Parakh, K. (2021). Digital health regulatory and policy considerations. Digital Health,

191-207. https://doi.org/10.1016/b978-0-12-820077-3.00011-0

Snell, E. (2017, December 8). Training employees to avoid Healthcare data security threats.

HealthITSecurity. Retrieved October 8, 2022, from

https://healthitsecurity.com/features/training-employees-to-avoid-healthcare-data-security-

threats

Tariq, R., & Hackert, P. (2021). Patient confidentiality. NIH. Retrieved 8 October 2022, from

https://www.ncbi.nlm.nih.gov/books/NBK519540/.

Wofford, P. (2019). Jussie smollett case: 50 hospital workers fired for alleged HIPAA violations.

Nurse.org. Retrieved 8 October 2022, from https://nurse.org/articles/smollett-hospital-

workers-fired/.
5