ASSIGNMENT

ON
NURSING INFORMATICS

QUESTION: WRITE AN ESSAY ON HOW YOU WILL EITHER

(A) PREVENT AND PROTECT PATIENT’S DATA
AS A NURSE.

WRITTEN BY

ONWE FABULOUS UGADU

MATRIC. NO: 20/021145263TR
DEPARTMENT OF NURSING SCIENCE
FACULTY OF ALLIED MEDICAL SCIENCES
UNIVERSITY OF CALABAR, CALABAR.

SUBMITTED TO

MR. NDUKAKU NWAKWUE (COURSE LECTURER)

DEPARTMENT OF NURSING SCIENCE
FACULTY OF ALLIED MEDICAL SCIENCES
UNIVERSITY OF CALABAR, CALABAR.

IN PARTIAL FULFILLMENT OF THE COURSE REQUIREMENT:

NURSING INFORMATICS (NSC 371)

JULY, 2024.
HOW TO PREVENT AND PROTECT PATIENT’S DATA AS A
NURSE

Confidentiality and privacy are critical aspects in system development.

Confidentiality is related to the privacy of information being disclosed
and ethical usage of that information only for original purpose. Privacy is
the right of individual and organization to decide for themselves when,
how, and to what extent information about them is transmitted to
others.

Nurses ask patients to share information related to their health

conditions to create the most reliable plan of care. The quality of nursing
care delivered is based on the knowledge and information from the
patient that provides an access to underpin their clinical decision making
process. Informatics based system are a primary tool to support access
to the information. It is important in healthcare that trust exists that
healthcare providers will ensure the privacy and security of a person’s
health-related information. As health IT systems continue to be
implemented at an ever-expanded rate, this issue becomes of more
concern. Protecting access to health related data must be balanced with
ensuring that the data can easily be shared between professionals and
patients. Nurses have a particular important role in protecting the
privacy and security of data in health information system. Nurses are
usually at line of data access, working and interacting not only with the
technology but interfacing with the patient as well. Nurses are the
interface to inform patient on what is about to happen. Obtain their
consent, and at the same time teach patients about information privacy
and security.

1
Nursing informatics is increasingly becoming an integral aspect of
healthcare delivery. It helps organizations select, implement and
evaluate health information technologies. Informatics nurses ensure that
the implemented information technologies support patient centered,
high-quality and safe care (Mc Gcyle & Mastrian, 2018). They also
ensure that organizations adhere to HIPAA (Health Insurance Portability
and Accountability Act) by implementing security measures to protect
patient’s sensitive and confidential information. Some of these measures
include using of passwords and encryption techniques.

The HIPAA (Health Insurance Portability and Accountability Act) requires

health professionals to enhance the security and confidentiality of
protected health information. The Act outlines three safeguards that
professional must adopt to protect patient’s information, including
technical safeguards, physical safeguards and administrative safeguards.
(Kruse et al., 2017). Informatics nurses can train other health
professionals about the use of firewall. Software to protect patients’
sensitive and confidential information. Additionally, informatics nurses
can advise healthcare professionals on the use of PINs, Passwords and
encrypt techniques to limit unauthorized access to patient’s information.

Nurse informatics in collaboration with other medical professionals can

implement various types of controls to enhance the security of protected
health information. These controls include access controls, local controls,
administrative control and physical control. Physical control entails the
supervision of computing facilities and work, environment and locks to
protect confidential and sensitive information (Cohen & Mello, 2018).
Administrative control include designing guidelines, standards and
policies for workplace computer systems. Informatics nurses must also

2
educate healthcare workers on the use of data and software to control
access to computer system and information (Cohen & Mello, 2018).

Healthcare workers must be aware of significance of password and user

authentication. The use of access controls will limit individuals’ access to
information based on their functions and roles in the organization.
Adoption of these strategies will assist nurses and interdisciplinary to
safeguard protected health information.

Informatics nurses are competent in interpreting technology from

multiple viewpoints like information technology, nursing workflow and
patient care. They add value to healthcare facilities by integrating
knowledge and information system to boost efficiency and patient
experience with care delivery. Nurse informatics assist healthcare
workers in applying various technologies like computerized provider
order entry and electronic medical records in care delivery. They also
work with multiple stakeholders in healthcare sector to bridge the gap
between technical and clinical perspectives while maintaining the
patients’ safety.

13 ways to prevent a health data care breach

1. Analyze the current security risk.
2. Have an incident response plan.
3. Never stop educating your staff.
4. Limit access to health records.
5. Create subnetworks: consider dividing your wireless network into
separate subnetworks for different user groups and medical
devices. In other words, provide public Wi-Fi access to guest

3
 which is separate from your secured network where patients’ data
is circulating.
6. Limit use of personal devices.
7. Avoid using outdated IT infrastructure.
8. Update your software regularly.
9. Review service level agreements.
10. Encrypt data.
11. Set and enforce retention schedules.
12. Destroy sensitive information properly.
13. Invest more in your security.

Protecting patient’s data is a herculean task for healthcare organizations,

as protections must be in place for internal and external threats. On top
of that, HIPAA regulations add in a layer of required parameters that
healthcare organizations must have in place to be compliant and not
face penalties. HIPAA has two types of rules to protect patient’s
information that must be followed; the Privacy Rule and the Security
Rule. The Privacy Rule protects what is known as Personally Identifiable
Information or PII, and who may have access to it, while the Security
Rule protects all Personal Health Information (PHI). A covered entity
creates; receives, maintains or transmits in electronic form, known as a
PHI and ensures that only authorized users have access to that
information. The biggest difference is the Privacy Rule also protects
written or oral communication of PII, while the Security Rule does not.
The electronic systems within your healthcare organization hold the
most valuable information, so compliance with the Security Rule is a key
step in how to protect patient’s data.

4
Conduct a full risk analysis of how you currently protect
patients’ data
The first step of protecting patients’ data is conducting a full risk
analysis to determine what systems your organization has and which
ones need to be the most protected. Not all systems contain sensitive
information and they might not need the same safeguards as something
like your EMR system. With a risk analysis laid out, you can start looking
into what processes should be implemented and system safeguards that
need to be put in place for each system. For example, patients’ data is
one of the most sought after type of information, so protecting against
inappropriate access to your organization’s EMR system is a necessary
safeguard.

Utilizing patient privacy monitoring system that does the work for you
can help streamline this process and ensure any suspicious access to
patients’ information are flagged and reviewed in a timely manner.

Be mindful of what is posted on social media, be aware of possible

unintentional disclosure.

Provide education to staff regarding potential areas of misuse when it

comes to patient information. Policies regarding improper use should be
implemented. These policies should include email use, personal
electronic data devices, and electronic transmission of data.

Refrain from speaking about patients or their private information in

areas where information can be overheard, such as cafeterias, hallways,
elevators, waiting rooms.

Ensure that policies are reviewed and updated periodically or as needed

to reflect current healthcare laws and guidelines.

5
Many medical organizations such as the American Nurses Association
(ANA) and the American Medical Associations (AMA) often create
position statements to reflect the organization's overall stance and
thoughts on a specific topic. These positions may be used to guide
education, policies, or individual opinions on the topic.

The ANA released a statement regarding patient privacy and

confidentiality. As mentioned before, the ANA believes that the patient-
provider relationship is important, and confidentiality is essential in that
relationship. The organization supports legislation, standards, and
policies that protect patient information. In the professional statement
document, the ANA goes on to give the following recommendations
regarding the protection of patient information.

“Nurses should advocate for policies that ensure individuals’ right to

privacy and protect against unwanted, unnecessary, or unwarranted
intrusion into a person’s life.”

“In the course of advocating for patients, nurses act to ensure privacy in
the care environment as fully as possible so that patient privacy and
confidentiality can be maintained.”

“The patient’s right to confidentiality of individually identifiable health

information is established statutorily with specific exceptions. Nurses
should follow organizational policies that safeguard an individual’s right
to decide to whom, the extent, and under what circumstances their
individually identifiable health information will be disclosed.”

“Confidentiality protections should extend not only to health records but

also to other individually identifiable health information, including oral
reporting, clinical research records, images, and mental health and

6
substance use disorder therapy/treatment notes. This protection should
be maintained in the treatment setting and in all other venues.”

There is a heavy emphasis on not using patient information if consent

has not been given unless there is an extenuating circumstance
regarding legal requirements. This will be discussed in the next section.

Since patient confidentiality is extremely important, the ANA supports

healthcare organizations in creating safeguards to protect patient
confidentiality. They also support the organizations enforcing ways to
alleviate violations by health care workers and protect them from
retaliation. Healthcare workers must ensure that the patient right of
confidentiality is maintained in all cause.

REFLECTION

the country of this study reviewed that privacy of data is one of the core and
statutory right of every patients and nurses must take it upon themselves to be
sure that confidentiality of patients information is ensured. In course of this
study I were made to understand that use of passwords to lock patients data
will serve as a way of safeguarding patient data. Use of portal system on which
a specific portal is created for health related issues and Locked with password
and email only know by the authorized healthcare worker was also stated as
one of the methods in which informatics nurses can used to protect patient
data.

And means that can stated in the course of this study as a way of ensuring
confidentiality by the informatics nurse is by creating subnetworks; that's by
dividing your wireless networks into separate subnetworks for different user

7
groups and medical devices. In other words provide public WiFi access to
guests which is separate from your secured network where patient data is
circulating. A good knowledge of internet security is suggested to be very
important to nurses in protecting and maintaining privacy in patient data.
Nurse informatics must have knowledge of malicious words and it's possible
effect to patient's data in a computer device use to record and install patient
data. Spyware program must be stored in a computer system use on health
institution by the nurse informatics as a way to protect patient data. In the
course of this study the official statement as released by the ANA regarding
patient privacy and confidentiality was established. ANA believe that the
patients- provider relationship is important and confidentiality is essentially in
that relationship.

8
 REFERENCES
13 ways to prevent Data Breaches in Healthcare; Demigos
Blod/Healthcare. Published June 8, 2021 by Centre of Disease
Control and Prevention. https://demigos.com/blog-post/ways-to-
prevent-data-breaches-in-healthcare
American Nurses Association. (2024, February). Privacy and
confidentiality: ANA position
statement. https://www.nursingworld.org/practice-policy/nursing-
excellence/official-position-statements/id/privacy-and-
confidentiality/
Bishop, L. (2006). Are Personal Health Records breaking out? Forrester
Research.
http://www.forrester.com/Research/Document/Excerpt/0,7211,394
1,00.html. Accessed August 30, 2009.
Doolan, D. F., Bates Dial James BC (2003). The use of computer for
clinical care: a case series of advanced US sites. JAMA; 10(1): 94-
107.
Everything you need to know about Patient Data Privacy / Informatics
system. https://soptbrik.com/everything-
youneedtoknowaboutpatientdataprivacy
Healthcare cybersecurity: Tips for securing private Health data (2020).
https://www.digitalguardian.com/blog/healthcarecybersecurity.tips
securingprivatehealthdata
Healthcare information and management system society.
Interoperability; Definition and Background.
http://www.himss.org/content/file/interoperability-
definition.background-060905.pdf. Accessed May 16, 2009.
How to protect Patient Health Information: 8 key steps point. (2022).
https://www.executech.com/insights/how-to-protect-patient-
helalth-information-8ways
How to secure Patient Data – Patient Privacy and Data Security. Trust
score 4.5/21614 reviews.
https://www.theaccessgroup.com/engb/blog/hsc-
howtosecurepatientdata/
Lisa Eramo, MA (2022). Medical economics; publication article. Medical
Economics, 99. Medicalee. https://www.medicaleconomics.com

9
Marin, H. F. (2005). Nursing informatics current issues around the world.
International Journal of Medical Information. 74(11-12): 857-860.
Tariq RA, Hackert PB. Patient confidentiality. [Updated 2023 Jan 23]. In:
StatPearls [Internet]. Treasure Island (FL): StatPearls
Publishing; 2024 Jan-. Available
from: https://www.ncbi.nlm.nih.gov/books/NBK519540/
U.S Department of Health and Human Services. (2022, December 28)
When does the Privacy Rule allow covered entities to disclose
protected health information to law enforcement
officials? https://www.hhs.gov/hipaa/for-professionals/faq/505/wh
at-does-the-privacy-rule-allow-covered-entities-to-disclose-to-law-
enforcement-officials/index.html
U.S. Centers for Medicare and Medicaid Services. (2023, November 16).
Are you a covered entity? https://www.cms.gov/priorities/key-
initiatives/burden-reduction/administrative-simplification/hipaa/
covered-entities
U.S. Department of Health & Human Services. (2022, December 28).
Health information privacy: Does the HIPAA Privacy Rule permit a
doctor, laboratory, or other health care provider to share patient
health information for treatment purposes by fax, e-mail, or over
the
phone? https://www.hhs.gov/hipaa/for-professionals/faq/482/does
-hipaa-permit-a-doctor-to-share-patient-information-for-treatment-
over-the-phone/index.html
U.S. Department of Health & Human Services. (2022, March
31). Summary of the HIPAA Privacy
Rule. HHS.gov. https://www.hhs.gov/hipaa/for-professionals/priva
cy/index.html

10