• Home
  • Tag: patient privacy

Security of Healthcare Records

Nurses’ Responsibility in Protecting Patient Information

In their everyday life nurses deal with private information from offices, nursing stations, patient bedsides, to the rooms of operation. Most often than not, they focus on the health of the patients, many become desensitized to the importance of protecting the patient information. There are several ways nurses can help in protecting the privacy of patient information regardless of what they are doing.

Situational Awareness

Discussing patient care in most cases is essential for nurses. While doing this there is the potential for the health information of an individual to be disclosed. Some minimum necessary procedures that nurses should be trained in include speaking quietly especially in public places when discussing a patient’s health information to their family (Borten, 2016).

Document handling

Although there has been an increase in the use of electronic health records, paper files are still heavily relied on in healthcare facilities. In a number of different situations, information exists in a hard copy whether it is information faxed over from a hospital or printed lab results. Nurses must not leave files or paper lying on their statins when they are handling hard copy documents. They should instead store them in a secure file cabinet or drawer. The rooms used for storing the records should remain locked; access should only be limited to the authorized and essential personnel. Nurses should properly dispose a file that is no longer needed for record purposes by shredding.

 Access to Electronic Systems

While digital medical records potentially improve the efficiency and quality of patient care, it can also be troublesome in maintaining the privacy and security of the records. A nurse’s desktop monitor or on their station or tab in an exam room makes information more accessible and easy to fall on the wrong hands. The threat of visual hacking increases with more information not being displayed on multiple screens. Nurses must ensure that their screens are locked when they leave their stations, and that there is no people looking over their shoulder.

HIT and Patient Privacy

Usually people ask whether any EHR can be made safe. Anyone looking for 100 percent guarantee on privacy then the answer is no. Paper records are not secure 100 percent either. There are cases of paper records disappearing in hospitals or paper records from the office of a doctor found in the dumpster. Usually, the paper records are available to any person with a badge or a white coat. One could easily masquerade as hospital staff and acquire the records. EHR on the other hand makes it more difficult for a person not authorized to gain access. They would need more than a badge and white coat. Health information systems require a password and a login name. There is also accountability in HIS since they record the audit trails of who accessed what record, and the part of the record which was accessed (Thede, 2010). The paper records do not give information whether the person accessing the information is known or what record was accessed.

Security Issues in the use of portable devices

Mobile devices are small and lightweight making convenient for pickpockets and thieves. Laptops and tablets are also easy enough to steal (Jain & Shanbhag, 2012). If a device is stolen and it did not have any form of security, say a password, biometrics or lock screen, then anyone who holds the device gets unauthorized access to all the information in it. If the device uses a weak password it could easily be brute forced.

Mobile Malware

The number of malicious code designed for the mobile environment continue to increase. Malware is now concealed in games, utilities and applications that seem otherwise legitimate. A popular choice for cybercriminals is the ransomware with additional focus on using spyware and key loggers (Ozair et al., 2015). These enable the attackers to record the activities of users and gather confidential data. The use of mobile devices in storing health information is risky unless safety precautions are taken into consideration and implemented.

Area of Improvement: Eliminate Shared accounts

It is common for the nurses and physicians on my organization to use one set of credentials. This occurs mostly in the emergency rooms where the health practitioners use one PC to gain access to vital information. One generic account is often used to avoid spending time logging into the application. To eliminate the risks associated with sharing login credentials, physicians and nurses should all have their own credentials. To ease the process of remembering the credentials, the employees could all share the same username but different passwords (Becker, 2012). This could be combined with smartcards to make the process more efficient.


Borten, K. (2016). The Role of Nurses in HIPAA Compliance, Healthcare Security. Retrieved from https://healthitsecurity.com/news/the-role-of-nurses-in-hipaa-compliance-healthcare-security.

Becker. (2012). 5 Ways Hospitals Can Improve Information Security. Retrieved from https://www.beckershospitalreview.com/healthcare-information-technology/5-ways-hospitals-can-improve-information-security.html

Ozair, F. F., Jamshed, N., Sharma, A., & Aggarwal, P. (2015). Ethical issues in electronic health records: a general overview. Perspectives in clinical research, 6(2), 73. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4394583/

Thede, L. (2010). Informatics: Electronic Health Records: A Boon or Privacy Nightmare?. OJIN: The Online Journal of Issues in Nursing, 15(2). http://ojin.nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/OJIN/Columns/Informatics/Electronic-Health-Records-and-Privacy.html

Jain, A. K., & Shanbhag, D. (2012). Addressing Security and Privacy Risks in Mobile Applications. IT Professional, 14(5), 28-33.