Journal Logo

Department: Pearls

Managing a breach in patient confidentiality

Mehnke, Anne MSN, RN

Author Information
doi: 10.1097/01.CCN.0000384064.62455.66
  • Free

In Brief

Suppose a nurse purposely checks medical records of friends or family members and then acts on that information. When the nurse is subsequently caught, how should a nurse manager handle this breach in patient confidentiality?

Patient confidentiality and privacy rights are a serious matter in the eyes of the law. Access to patient information is for the people assigned to provide care, and is on a "need-to-know" basis.1 Each state's nursing practice act and the Centers for Medicare and Medicaid Services ensure the protection of patient privacy and rights. The Health Insurance Portability and Accountability Act (HIPAA) addresses patient confidentiality and protects patients and their medical records, including current and past medical treatment and past medical records, in addition to billing records.2 In instances where medical information is needed for something other than treatment, a written authorization or disclosure form must be obtained.

Each year, hospital staff members review policies that address patient and employee confidentiality. But our everyday world poses a challenge to patient confidentiality, from the common copy machine, to the trash, to conversations in the hallway, the elevators, and the cafeteria. Our technological environment, with multiple computer stations in every unit, presents new challenges to patient confidentiality. Staff who violate the HIPAA provisions may expect corrective action ranging from coaching to termination depending on the extent of the violation.

For example, what would happen if a nurse accessed a patient's medical record for his or her own personal use? Recently, a nurse knowingly accessed a neighbor's electronic medical record and acted on the information she found by confronting the patient. The nurse approached the patient in the perioperative waiting area before the surgery and asked what procedure she was undergoing.

In this breach of confidentiality, the nurse's manager contacted human resources, the nursing administrator, and the legal department for advice and guidance on the best way to investigate the issue. The manager met with the nurse involved to discuss the confidentiality breach. After careful consideration and in accordance with the corrective action policy, the nurse was suspended without pay until the investigation was completed. Once the investigation ended, all parties involved decided unanimously to fire the nurse due to the severity of the breach.

Although most breaches of confidentiality aren't a willful violation of policies, the nurse in this situation didn't consider the consequences of her actions before taking the path that breached patient confidentiality. As a result of this situation, the managers collaborated to prevent this from happening again. The scenario was developed into a teaching situation to assist staff in understanding what constitutes a breach of confidentiality and the consequences that can occur.


1. Simpson PB. Legal questions: patient confidentiality. Nursing. 2003;33(8):77–79.
2. Finkelstein P. Confidentiality, friends, family members and nurses. Minn Nurs Accent. 2007:3.
© 2010 Lippincott Williams & Wilkins, Inc.