Who this is for: MyShyft Caregivers Proving Patient or Resident Care
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy and security of patient health information.
As a healthcare professional, you are responsible for protecting confidential information. HIPAA applies whether information is spoken, written, electronic, photographed, or shared in any other format.
Violations can results in disciplinary actions, fines, loss of employment, or legal consequences.
Key HIPAA Rules:
Protect Patient Information
Only access information you need to perform your job duties.
Examples of protected health information (PHI) include:
- Names
- Birth dates
- Addresses
- Phone numbers
- Medical record numbers
- Diagnoses
- Treatment information
- Insurance information
If the information can identify a patient, it should be treated as confidential.
Only Share Information with Authorized Individuals
Patient information should only be discussed with:
- Members of the patient’s care team
- Authorized facility personnel
- Individuals approved by the patient or facility
Never share patient information with:
- Friends
- Family members (unless authorized)
- Other caregivers who are not involved in care
- Anyone outside the healthcare settings
Be Careful Where You Talk
Conversations about patients should occur in private settings whenever possible.
Avoid discussing patient information:
- In hallways
- Elevators
- Break rooms
- Parking lots
- Restaurants
- Public places
Even casual conversations can become HIPAA violations.
Protect Electronic Information
When using computers, tablets, or mobile devices.
- Log out when not in use
- Do not share passwords
- Keep devices secure
- Follow facility security policies
- Only access records related to your assignment
Never use someone else’s login credentials.
Never Post Patient Information Online
Do not post or share:
- Patient names
- Photos
- Medical information
- Facility incidents
- Screenshots from medical systems
This applies to:
- TikTok
- Snapchat
- X (Twitter0
- Private groups and messaging apps
Even if a patient’s name is not included, details may still identify them.
Follow Facility Policies
Each facility may have additional privacy and security requirements.
You are expected to:
- Follow all facility HIPAA procedures
- Ask questions if you are unsure
Common HIPAA Violations to Avoid
- Discussing patients in public areas
- Looking at records out of curiosity
- Sharing password
- Leaving patient information unattended
- Posting workplace information on social media
- Taking photos in patient care areas
- Accessing records of friends, family members, or coworkers
What To Do If a Privacy Issues Occurs
If you believe patient information was disclosed improperly:
- Report the issue immediately to facility leadership
- Follow facility reporting procedures
- Notify MyShyft if appropriate
- Do not attempt to hide or ignore the issue.
Need Help?
If you have questions about HIPAA requirements or patient privacy expectations, speak with facility leadership or contact MyShyft support for guidance.