Skip to ContentGo to accessibility pageKeyboard shortcuts menu
OpenStax Logo
Fundamentals of Nursing

9.3 Security: Privacy and Informatics

Fundamentals of Nursing9.3 Security: Privacy and Informatics

Learning Objectives

By the end of this section, you will be able to:

  • Identify privacy measures when using technology in nursing
  • Explain how informatics has enhanced health care
  • Describe the vital roles technology plays in patient care

As the use of technology in health care continues to expand, nurses play an increasingly important role in ensuring the security and privacy of patient information. Technology can both assist and potentially cause harm to individuals; it provides access to information while also increases the risk of cyberbullying or other online attacks.

Protecting patient information is a critical responsibility that is not only required by law but is also essential for maintaining the trust of patients and their families. Nurses must be knowledgeable about the risks associated with the use of technology and understand how to prevent and respond to security breaches. Privacy and security in informatics refer to protecting the confidentiality, integrity, and availability of electronic health information. Confidentiality refers to safeguarding health information so that it is not disclosed to unauthorized individuals. Integrity refers to the way data are captured, used, and saved in healthcare settings, and focuses on maintaining the accuracy and completeness of the health information. Nurses must demonstrate integrity when obtaining and using information related to their patients. Availability ensures the information is accessible and usable when needed. Privacy and security are interrelated concepts, and both are necessary for protecting patient information from unauthorized access, use, or disclosure.

Nurses must be aware of the various threats to patient information, including hacking, phishing, and other forms of cyberattacks. They should be knowledgeable about the technical and administrative safeguards used to protect patient information, such as firewalls, access controls, and encryption. Nurses must also be able to recognize potential security breaches and respond appropriately to minimize harm to patients and mitigate risk to the organization. By understanding the importance of privacy and security in informatics, nurses can play a vital role in protecting patient information and maintaining the trust of patients and their families.

Privacy

In healthcare, privacy means that an individual’s information is kept confidential; it is only shared with individuals on a need-to-know basis. Privacy is a fundamental right of patients in healthcare, and healthcare workers have a responsibility to protect this right. Patients share sensitive and personal information with healthcare workers to receive care, and it is essential this information is kept confidential (American Nurses Association [ANA], 2015). Healthcare workers must ensure patient information is only shared with authorized individuals on a need-to-know basis, and that appropriate safeguards are in place to prevent unauthorized access, use, or disclosure of patient information (ANA, 2015). Healthcare workers must also be aware of the legal and ethical implications of privacy breaches and the impact that these breaches can have on patients and their families. By prioritizing privacy in health care, healthcare workers can help to build trust and strengthen the relationship between patients and healthcare providers (ANA, 2015).

Protected Health Information

Any individually identifiable health information that is transmitted or maintained by a covered entity or business associate is protected health information (PHI). This information includes demographic information (e.g., name, address, birth date), medical histories (including medical record number), test results, and health insurance information. Healthcare workers have a responsibility to ensure the privacy and security of PHI to protect the confidentiality, integrity, and availability of this information. Nurses can ensure they are protecting patients’ information by using a password to log into the computer, logging off after each interaction, ensuring no one unauthorized is viewing the computer screen, and taking care when having conversations where patient information may be shared. All PHI is protected under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Healthcare workers must understand the regulations and policies surrounding PHI, including the minimum necessary standard, which requires healthcare workers to only access and disclose the minimum amount of PHI necessary to perform their job duties. By understanding the importance of protecting PHI, healthcare workers can help to maintain patient trust and promote the safe and effective delivery of healthcare services.

Clinical Safety and Procedures (QSEN)

QSEN Competency: Informatics 1

Definition: A nurse’s ability to safeguard patient information from unauthorized disclosure or access.

Knowledge: This competency involves understanding the legal and ethical principles related to privacy, confidentiality, and security of patient information.

Skill: Nurses who are competent in protecting health information:

  • are aware of the importance of maintaining the privacy and confidentiality of patient information
  • are knowledgeable about the HIPAA regulations that govern the use and disclosure of PHI
  • understand the implications of security breaches and the consequences of unauthorized disclosures of patient information

Attitude: Protect confidentiality of PHI in electronic health records.

Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that was enacted in 1996 to protect the privacy and security of patients’ health information (U.S. Department of Health and Human Services, 2018). The regulations of HIPAA apply to covered entities, including healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates. The law requires covered entities to implement administrative, physical, and technical safeguards to protect patients’ PHI from unauthorized access, use, or disclosure (Figure 9.8). Also, HIPAA gives patients the right to access their PHI, request corrections to their PHI, and receive an accounting of disclosures of their PHI. Healthcare workers must understand and comply with HIPAA regulations and policies to protect the privacy and security of patient information and avoid potential legal and ethical consequences (American Medical Association, 2024; ANA, 2015). Another initiative to help protect PHI has been recommended as a best practice standard from The Joint Commission. This initiative involves the patient assigning a code word upon admission to a hospital. Anytime a loved one or family member calls the facility for an update, the nurse must request they provide the assigned code word in order to receive information about the patient’s status. This is just one example of the many ways healthcare facilities are attempting to ensure the privacy of PHI.

An infographic on protecting patient privacy is shown. It includes the following: $12 billion Total cost for U.S. hospitals from data breaches. Top three causes of data breach: 1. Employee action, 2. Lost or stolen computing devices, 3. Third party error. 1,769 lost or stolen records per average breach; 60% of hospitals suffered at least two breaches; 38% of hospitals informed nobody of the breach; 41% of breaches were discovered by patient complaint. 70% of hospitals say protecting patient data is not a priority.
Figure 9.8 Protecting the privacy of patient information is the responsibility of all healthcare providers. Nurses must ensure they take the necessary steps to adequately protect patient’s information. (data source: Ponemon Institute, 2010 Benchmark Study on Patient Privacy and Data Security; attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license)

If a patient expresses concerns about information captured using technology in the healthcare setting, a nurse can have a conversation to address their concerns and provide reassurance. The nurse might start by acknowledging the patient’s concerns and asking for specific details about what they are worried about. For example, the nurse might ask if the patient is concerned about their PHI being shared with unauthorized individuals or if they are concerned about the security of the facility’s technology systems. Once the nurse has a better understanding of the patient’s concerns, they can provide information about the facility’s policies and procedures for protecting patient privacy and ensuring the security of technology systems. The nurse can explain the measures that are in place to protect patient information, such as using secure networks and encrypting data. They can also discuss the importance of patient privacy and reassure the patient that their information is only accessed on a need-to-know basis. Finally, the nurse can ask the patient if they have any additional questions or concerns and provide resources for the patient to learn more about the facility’s technology policies and procedures. This conversation can help the patient feel more comfortable with the use of technology in their care and build trust between the patient and health care.

Informatics

The definition of informatics is the interdisciplinary study of information processing and management, including the use of technology and data analytics to inform decision-making and improve outcomes in various fields, including healthcare. In the nursing profession, nursing informatics integrates nursing science, computer science, and information science to support the delivery of safe, effective, and patient-centered care (ANA, 2015). Nurses who specialize in informatics use their expertise to develop and implement health information technology systems, analyze data to inform quality improvement initiatives, and ensure the privacy and security of PHI (ANA, 2015). Nursing informatics is a growing field that plays an increasingly important role in healthcare delivery, and nurses who are knowledgeable and skilled in informatics are well positioned to help shape the future of health care (ANA, 2015; International Council of Nurses, 2019).

Telehealth

In telehealth, electronic communication technologies are used to provide remote healthcare services, including consultations, monitoring, and education (ANA, 2020; National Council of State Boards of Nursing [NCSBN], 2020). Nurses play an important role in telehealth delivery by providing triage, assessment, education, and care coordination to patients who are unable or prefer not to access care in person. Nurses who specialize in telehealth must be knowledgeable about the technology and equipment used as well as the legal and ethical issues related to remote healthcare delivery. They also need to be skilled in communication and patient education to ensure that patients receive safe, effective, and patient-centered care (ANA, 2020; NCSBN, 2020). As the use of telehealth continues to grow, nurses who are proficient in telehealth technologies and practices will be in high demand and play a critical role in expanding access to care and improving patient outcomes (Figure 9.9).

A photograph shows a healthcare provider interacting with patient via telehealth.
Figure 9.9 Telehealth provides a means of improving access for both patients and providers. (credit: “190605-N-AW702-012,” by Navy Medicine/Flickr, Public Domain)

Telehealth can improve access to health care in rural settings where patients may not have a primary care provider. The use of telehealth applications also means rural residents do not have to take on the expenses of traveling to urban centers for care. During the COVID-19 pandemic, the use of telehealth as a component of care was essential and demonstrated both the benefits and challenges of its use.

Health Information Technology for Economic and Clinical Health Act

The Health Information Technology for Economic and Clinical Health (HITECH) Act is a federal law that was enacted as part of the American Recovery and Reinvestment Act of 2009. The law was designed to promote the adoption and meaningful use of health information by encouraging the implementation of the electronic health record (EHR), a digital version of a patient’s paper chart that contains their comprehensive health information. The purpose of EHRs is to facilitate the sharing of patient information among healthcare providers, enhancing coordination and continuity of care while promoting efficiency and accuracy in healthcare delivery. The HITECH Act provides financial incentives to eligible healthcare providers and facilities that demonstrate the meaningful use of certified EHR technology as well as provides penalties for those who fail to adopt EHRs and demonstrate meaningful use. The HITECH Act also includes provisions for strengthening the privacy and security of health information, such as increased penalties for HIPAA violations, and the establishment of the Office of the National Coordinator for Health Information Technology (ONC) to coordinate health information technology efforts at the national level. Overall, the HITECH Act has played a significant role in advancing the adoption and use of health information technology in health care and has helped to improve the quality, safety, and efficiency of healthcare delivery.

Meaningful Use

An essential component of nursing practice in today’s healthcare environment is meaningful use of technology, ensuring technology being utilized in healthcare settings is done so purposefully and with the intention of improving outcomes. Nurses use various technologies, such as EHRs mobile devices, telehealth, and clinical decision-support systems (CDSSs), to improve patient care, safety, and outcomes (ANA, 2018). Nurses who understand and use technology effectively can enhance their practice and improve the quality of care they provide (Lee & Mills, 2018). Meaningful use of technology also requires nurses to be knowledgeable about legal and ethical considerations related to technology use, such as data privacy, security, and confidentiality. Nurses must also stay up to date with new technologies and be able to adapt to changes in technology and software applications.

Clinical Safety and Procedures (QSEN)

QSEN Competency: Informatics 2

Definition: Use of information and technology to communicate, manage knowledge, mitigate error, and support decision-making.

Knowledge: Clinical safety and QSEN procedures related to the use of technology in the healthcare setting are essential to ensure patient safety and improve the quality of care. These procedures include guidelines for the safe and effective use of technology, such as EHRs, medication administration systems, and CDSSs. QSEN procedures emphasize the importance of teamwork and communication among healthcare providers to ensure safe and effective use of technology. This includes involving patients and families in the care process as well as using best practices for documentation, communication, and handoff processes.

Skills: QSEN also emphasizes the importance of ongoing education and training for healthcare providers to maintain competency and keep up to date with technological advancements. Clinical safety procedures related to the use of technology include procedures for risk assessment, system analysis, and incident reporting. These procedures are designed to identify potential risks and hazards associated with the use of technology and to develop strategies to prevent and manage adverse events.

Attitude: Clinical safety procedures also emphasize the importance of monitoring and evaluation to ensure the effectiveness of interventions and to continuously improve patient safety. By following these procedures, healthcare providers can mitigate potential risks associated with technology and provide safe and effective care to their patients.

Technology’s Role in Patient Care

Technology plays an increasingly important role in patient care, and it has revolutionized the way healthcare providers deliver and manage care. From EHRs and telehealth to mobile applications and wearable devices, technology has made it easier for patients to access care and for providers to deliver personalized, timely, and efficient care. For example, EHRs allow providers to access patient information quickly and accurately, reducing the risk of errors and improving patient safety. Telehealth enables patients to receive care remotely, which can be particularly beneficial for those who live in rural or remote areas, have limited mobility, or have chronic conditions. Wearable devices, such as fitness trackers and smartwatches, can monitor patients’ vital signs, activity levels, and other health metrics, helping them to manage their health and prevent or manage chronic conditions. Technology’s role in patient care will continue to grow and evolve as new innovations such as artificial intelligence emerge, and it has the potential to transform healthcare delivery and improve patient outcomes. Nurses and other healthcare providers must learn and stay updated on any technology being used in their organization. Proper training and proper usage will decrease the risk of user error.

Patient Conversations

Teaching Technology Access

Scenario: Mark is a nurse caring for Adnan, a 65-year-old being discharged post myocardial infarction. Mark notices that Adnan is wearing a smartwatch that tracks heart rate and blood pressure.

Nurse: I see that you use a smartwatch, do you track health information on this?

Patient: Yes, I do, I like to take charge of my health and with my recent health issues would like to find a way to have more control over my healthcare appointments and test results.

Nurse: Have you registered for online access to your EHR? Did you know that having access allows you to see your lab results quickly as well as manage your appointments?

Patient: No, I was not aware of that; do you have information on how I can set this up?

Nurse: Yes, I do, here let me help you. Just so you are aware, all information collected is protected, and only you have access to this. Here is the website to get started.

Scenario follow-up: Mark’s role is to ensure that Adnan is aware of the access to his own EHR and how he can use this to manage his healthcare results and appointments.

Documentation

Technological advances have improved connectivity and access to information and resources in healthcare settings. Computers used to access an EHR can be found in patient rooms, on wheeled carts, in workstations, or even on handheld devices. Nurses and other healthcare workers are able to quickly obtain results from point-of-care testing or share images to consult with colleagues (Figure 9.10).

A photograph shows a healthcare provider updating electronic health record.
Figure 9.10 Electronic health records are essential tools in healthcare settings. Nurses play key roles in collecting data and transmitting it to the healthcare team. (credit: “Winn Army Community Hospital Pharmacy Stays Online During Power Outage.jpg,” by MC4 Army/Flickr, CC BY 2.0)

Point-of-Care Testing

In point-of-care testing (POCT), diagnostic testing is performed at or near the patient’s bedside, rather than in a centralized laboratory (Bellartz et al., 2022). This approach allows for rapid diagnosis and treatment decisions, which can improve patient outcomes and reduce healthcare costs. In the nursing profession, POCT is becoming increasingly important as it allows nurses to quickly assess and monitor patients as well as to make informed decisions about their care. For example, blood glucose monitoring is a common type of POCT used by nurses to monitor patients with diabetes.

Other types of POCT include tests for infectious diseases, such as influenza and strep throat, and tests for cardiac biomarkers, such as troponin. While POCT can provide many benefits, it is important for nurses to be trained in its use and to follow appropriate quality control measures to ensure accurate results. Additionally, nurses must be knowledgeable about the limitations and potential sources of error associated with POCT.

Patient Conversations

Alleviating Patient Concerns When Using Technology

Scenario: The nurse walks into the patient’s room to complete an assessment, and the patient starts exhibiting signs of fear and anxiety. The patient pulls the covers up to their chest tightly. The patient will not take their eyes off the portable vital sign machine.

Nurse: Hi, my name is Sara, and I am going to be your nurse today. Do you mind verifying your name and date of birth for me?

Patient: uhm . . ., sure it’s Jon Blankenship and 01/12/1952. What are you going to do to me?

Nurse: Hi, Mr. Blankenship, I would like to check your vital signs if that is okay.

Patient: What does that mean? Does it hurt? Just a minute ago, they brought a machine in here and took blood from my finger and it still hurts. They said they were checking my blood sugar levels, but I don’t have blood sugar problems or diabetes. I am afraid you all do not know what you are doing, and I want to go home.

Nurse: Mr. Blankenship, I can understand your fear. Let me try and explain; we recognize you do not have a history of diabetes. Your provider wants us to monitor your blood sugar levels because the new medication he started you on for your chronic obstructive pulmonary disease can cause blood sugar levels to get extremely high in some patients, and we just want to keep an eye on things for your safety.

Patient: Oh, well, that makes sense. Then what is that machine for?

Nurse: This is a portable vital sign machine that lets me check your heart rate, blood pressure, and temperature. If all is well, we only need to check your vital signs every 6 hours while you are here. If any of your vital signs change drastically, then we may have to monitor them more frequently. Obtaining vital signs does not hurt, and it will only take a few minutes. May I go ahead and complete them now?

Patient: It is okay. You can go ahead but go slow.

Scenario follow-up: The nurse collects the patient’s pain level, heart rate, respiration rate, blood pressure, and temperature. The nurse uses the bed scale to collect his current weight.

Nurse: Okay, I am done; your vital signs are good and are within the range of what we like to see. Do you have any further questions or concerns I can assist you with before I go?

Patient: No, I am good for now, thanks.

Assistive Clinical Decision-Making Tools

Assistive clinical decision-making tools are computer-based systems that provide clinicians with decision support for patient care (Pawloski et al., 2019). These tools use algorithms, artificial intelligence, and other technologies to analyze patient data and provide recommendations to the clinician. Examples of assistive clinical decision-making tools include decision-support systems for medication prescribing, clinical practice guidelines, and diagnostic decision-support systems. These tools can improve the accuracy and efficiency of clinical decision-making, reduce the risk of errors, and improve patient outcomes. However, it is important for clinicians to be trained in the use of these tools and to understand their limitations. In addition, these tools should be integrated into clinical workflows in a way that does not disrupt care delivery or create additional burdens for clinicians (Sutton et al., 2020). All healthcare professionals who use these assistive tools must abide by the safety measures used to prevent breaches of confidentiality. Assistive tools might be linked to the internet or to the organizations’ wireless network. This means that the tools can be vulnerable to hacking or security breaches if safety protocols are not followed and maintained.

Technology in Patient Education

Technology can play a vital role in providing and supporting patient education in health care. To provide patients with access to their medical records and educational resources, EHR systems and patient portals are used. These resources can include videos, audio recordings, interactive graphics, and written materials that can help patients better understand their conditions and treatment options. Mobile applications and wearable devices can be used to help patients track their health status, monitor symptoms, and adhere to treatment plans (Buvik et al., 2019; Välimäki et al., 2016). Telehealth and remote monitoring technologies can provide patients with access to healthcare professionals and educational resources in real time. This is particularly important for patients who are unable to attend in-person appointments due to distance, mobility issues, or other barriers (Rickard et al., 2019). Virtual education sessions, webinars, and group discussions can also be held using videoconferencing software to promote patient engagement and collaboration. Technology has the potential to enhance patient education and improve health outcomes by providing patients with timely and accessible educational resources, increasing their engagement in their own care and promoting better communication between patients and healthcare providers. However, it is important to ensure these technologies are accessible to all patients, including those with limited digital literacy, and that they are designed in a way that meets patients’ needs and preferences. And, while patients are free to use their personal devices to communicate with their healthcare team, healthcare professionals must always use the device provided by the organization to communicate with their patients. Using personal devices creates a breach in the security and confidentiality of the patients’ private health information.

Life-Stage Context

Helping with Technology

Older adults may have difficulty using, accessing, and reading from computer devices. It is important to offer information to older adults in many different formats such as handouts or demonstrations or to involve a family member as necessary to ensure the patient receives and understands the required information.

Citation/Attribution

This book may not be used in the training of large language models or otherwise be ingested into large language models or generative AI offerings without OpenStax's permission.

Want to cite, share, or modify this book? This book uses the Creative Commons Attribution License and you must attribute OpenStax.

Attribution information
  • If you are redistributing all or part of this book in a print format, then you must include on every physical page the following attribution:
    Access for free at https://openstax.org/books/fundamentals-nursing/pages/1-introduction
  • If you are redistributing all or part of this book in a digital format, then you must include on every digital page view the following attribution:
    Access for free at https://openstax.org/books/fundamentals-nursing/pages/1-introduction
Citation information

© Aug 20, 2024 OpenStax. Textbook content produced by OpenStax is licensed under a Creative Commons Attribution License . The OpenStax name, OpenStax logo, OpenStax book covers, OpenStax CNX name, and OpenStax CNX logo are not subject to the Creative Commons license and may not be reproduced without the prior and express written consent of Rice University.