A nurse is caring for a patient who is a local celebrity. A colleague on a different unit asks the nurse about the patient's diagnosis. The nurse should:

Decline to share any information about the patient. HIPAA requires disclosure only to those with a need to know for treatment purposes. A colleague on a different unit with no care responsibility has no legitimate need for this information. Sharing any information, even confirming admission, would be a HIPAA violation.

A patient requests a copy of their medical record. The nurse should:

Provide the patient with information about how to request their records. Under HIPAA, patients have the right to access their medical records. The nurse should explain the facility's process for requesting records, which typically involves completing a form and may involve a small copying fee. Patients do not need court orders or provider permission.

While in the cafeteria, two nurses discuss a patient's condition using the patient's room number instead of name. This action is:

A HIPAA violation because the discussion was in a public area. Discussing patient information in public areas is a HIPAA violation regardless of whether names are used. Room numbers, diagnoses, or other identifying information could allow listeners to identify the patient. Patient discussions should occur only in private, clinical areas.

2.4 Client Advocacy and Rights (HIPAA) | NCLEX-RN (Registered Nurse) | Free Exam Prep

Client Advocacy and Rights (HIPAA)

Advocacy is the active support of a patient's rights and best interests. The RN serves as a patient advocate in every interaction, protecting privacy, ensuring informed decision-making, and intervening when safety is compromised.

HIPAA: The Privacy Rule

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule protects patients' Protected Health Information (PHI). PHI includes any individually identifiable health information in any form (verbal, written, electronic).

What Constitutes PHI?

PHI Includes	Examples
Identifiers	Name, address, SSN, medical record number
Health status	Diagnoses, treatments, medications
Healthcare provision	Dates of service, provider names
Payment information	Insurance details, billing records

HIPAA Requirements for Nurses

Requirement	Action
Confidentiality	Do not discuss patients in public areas
Minimum Necessary	Access only information needed for your care
Proper Disposal	Shred documents, secure computer screens
Secure Communication	Use encrypted channels for electronic PHI
Authorized Access	Do not access records of patients not in your care

Common HIPAA Violations

Violation	Example
Elevator discussions	Discussing patient care in public spaces
Curiosity access	Looking at records of friends, family, celebrities
Computer left unlocked	Screen visible with patient information
Social media posts	Sharing patient stories, even without names
Improper disclosure	Sharing information without authorization

Key Point: Looking at records of patients you are not caring for is a HIPAA violation, even if you don't share the information.

Patient Rights Under HIPAA

Right	Description
Access	Patients can view and obtain copies of their records
Amendment	Request corrections to inaccurate information
Accounting	Know who has accessed their information
Restriction	Request limits on how information is used
Confidential communication	Request information be sent to specific address

The Nurse as Advocate

Advocacy extends beyond privacy to encompass all aspects of patient rights:

Advocacy Responsibilities:

Protecting patient safety
Ensuring continuity of care
Supporting informed decision-making
Respecting cultural and religious beliefs
Speaking up when care is compromised

Patient Bill of Rights

Key rights that nurses must protect:

Right	Nursing Action
Considerate and respectful care	Treat all patients with dignity
Information about care	Explain procedures in understandable terms
Refuse treatment	Support patient autonomy
Privacy	Maintain confidentiality
Review records	Facilitate access to medical information
Informed consent	Ensure patient understanding

Refusal of Treatment

A competent adult has the absolute right to refuse treatment, including life-sustaining treatment. The nurse's advocacy role includes:

Ensuring the patient is informed of consequences
Verifying the decision is voluntary
Documenting the refusal clearly
Respecting the patient's autonomous choice

Cultural Advocacy

Nurses advocate for culturally competent care:

Use interpreter services (not family members for medical interpretation)
Respect cultural preferences for decision-making
Accommodate religious practices when possible
Recognize cultural expressions of pain and illness

Reporting Violations

Situation	Reporting Pathway
Quality of care concerns	Supervisor, charge nurse, risk management
HIPAA violations	Privacy officer, compliance department
Impaired colleague	Supervisor, peer assistance program
Fraud or abuse	Compliance hotline, regulatory agency

On the NCLEX

Expect questions about:

Appropriate vs. inappropriate disclosures of information
Patient rights regarding access to records
When HIPAA permits disclosure without consent
Advocacy actions in ethical dilemmas

Exam Tip: HIPAA permits disclosure without consent for treatment purposes, payment, and healthcare operations. It also allows disclosure to prevent serious harm to the patient or others.

NCLEX-RN

1Introduction

2Chapter 2: Management of Care

3Chapter 3: Safety and Infection Prevention and Control

4Chapter 4: Health Promotion and Maintenance

5Chapter 5: Psychosocial Integrity

6Chapter 6: Basic Care and Comfort

7Chapter 7: Pharmacological and Parenteral Therapies

8Chapter 8: Reduction of Risk Potential

9Chapter 9: Physiological Adaptation

Key Takeaways