Health Insurance Portability and Accountability Act


President Bill Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) into law on 21 August 1996 after being enacted by the United States Congress. The Act has two main titles. The first title ensures safeguards health indemnity for all employees together with their relatives once they lose or alter their employments (Wilson, 2008, p.313). The second title (administrative simplification provisions-SA) that is referred to in the act as title II directs the enactment of various national standards to guide transactions for healthcare conducted electronically together with setting regulations for national identifiers targeting healthcare providers. It also sets directives for healthcare plans and certain regulations influencing employers (Wilson, 2008, p.313). HIPAA gives people aged 12 to 18 years the right for having individual privacy for their health information. The act requires health care providers to sign a disclosure before making a decision to release information relating to the healthcare services given before such information is released to all interested persons including parents. This paper relates the HIPAA Act to the current nursing practices with regard to autonomy, beneficence, confidentiality, ‘do not harm’, and equity of ethics.

Relationship of HIPAA Act and the Current Nursing Practices

Nursing profession is guided by various professional practice rules and regulations as discussed by various codes of ethics and values for nurses. One of such rules is autonomy. Current nursing practices require nurses to abide by regulations on the protection of the right to bodily autonomy for patients (Lewis & Soule, 2009, p.66). People have the freedom to place claims on certain aspects of their personal and bodily autonomy in any democratic and free society. Considering that autonomy and freedom of choice are ethical requirement for nurses to consider while administering their services to patients, the main query is the extent to which such autonomy should be exercised.

In the attempt to respond to the above query with reference to the HIPAA act, it is crucial to make it clear that the act does not prescribe rules on the rights of patients to authenticate certain medical procedures done on their bodies as one of the noble requirements for autonomy in control of patients’ body. The act focuses on the security of the health information of patients (Wafa, 2010, p.419). However, as part of the current practices in the nursing profession, patients reserve the autonomy of management and control of their health-related information flow (Lewis, & Soule, 2009, p.66). Thus, nurses cannot share that information with anyone else without the patient’s approval. In fact, HIPAA extends the applicability of this ethical requirement for nurses to include all covered entities. In the act, the covered entities refer to all individuals including nurses and organizations, which are involved directly in the healthcare of an individual such as health insurance organizations, HR personnel, and even government-sponsored healthcare programs such as Medicaid and Medicare (Wafa, 2010, p.420).

All people involved in the nursing profession must adhere to the core values, ethical values, and codes of conduct with no infringement of any of them. Confidentiality is one of the ethical values in the nursing profession. It is one of the major values that all nurses must uphold (Melnyk & Fineout-Overholt, 2011). Under the current practices of the nursing profession, nurses are not permitted to disclose any information regarding the health of a patient to anybody except to the person mentioned in the patient’s attorney form, or an in-advance directive from the patient giving authority to someone else to make a decision on the patient’s health matters (Moore & Savage, 2012, p.57).

HIPAA Act is built on the above-discussed approaches to confidentiality in the current approaches to the nursing profession. HIPAA act enhances confidentiality for all information included in the medical files of a patient as issued by a doctor, an individual, or any organization taking charge of patients’ healthcare (Wilson, 2008, p.314). It also protects insurance together with billing information related to a patient. Conversations held between patients and doctors are protected in the effort to ensure optimal confidentiality. Under the current nursing codes of ethics, with regard to confidentiality of patients’ information, nurses are obliged to provide information to the extent that facilitates their treatment process (Moore & Savage, 2012, p.61)

Comparatively, HIPAA regulations on PHI (protected health information) provide that all covered entities should only disclose patients’ information for purposes of treatment facilitation, payment for medical bills, and healthcare operations. While accomplishing this task, covered entities are given the legal freedom to do so without having to necessarily seek written permission from the patient (Wilson, 2008, p.315). Any other information meant to serve other functions apart from the mentioned functions in the Act must be disclosed by covered entities after seeking written permission from the patient. There is also a limitation to the magnitude of information, which can be provided by the covered entities. HIPAA Act specifies that covered entities (nurses included) should only provide minimum disclosure of information, which is just adequate to achieve the desired objective (Wilson, 2008, p.315). HIPAA Act also gives legal platforms to pursue perceptions of breach of confidentiality of one’s information by giving patients an opportunity to file complaints with OCR within the Department of Health and Human Services.

Nurses have the obligation to do well in their professional practice. As part of ethical codes for nursing practice, they also have the obligation to ensure non-malfeasance (the obligation not to engage in any action that harms the patient or other persons) (Moore & Savage, 2012, p.63). The applicability of these two ethical approaches to nursing often put nurses in a dilemma based on what is considered good or bad and/or what can cause harm or not in the context of other ethical issues such as confidentiality and autonomy. For instance, consider a situation where a nurse handles a patient requiring insertion of ventilator and feeding tubes, yet she or he has a mental problem and has refused them. Insertion of these devices requires authorization as part of patient’s autonomy to control his or her body and health conditions. The condition of the patient is such that the failure to insert the tubes would lead to his or her death within a few days. When the tubes are inserted, the patient has an opportunity to live. This case is an immense ethical challenge since HIPAA Act advises covered entities (including nurses) to deploy patients’ information confidentially to provide the utmost quality healthcare without compromising the patients’ information autonomy (Wafa, 2010, p.423). The question that remains is to know what can harm a patient. Is it allowing the patient to die or breach the autonomy principle by inserting the tubes?

Perhaps the best decision for the nurse is to invoke the principle of equity of ethics guiding his or her professional practice. This means that, based on the diagnosis information, the nurse should choose to do what complies with ethical practices, as they would apply to any other situation similar to the health condition of the patient (Moore & Savage, 2012, p.66). The decision that would ensure equity of ethics is to insert ventilator and feeding tubes. Choosing to breach the autonomy principle opens nurse to criticism of breach of nursing codes of ethics. It also gives the patient an opportunity to pursue legal litigation on the accounts of breach of their autonomy rights as provided for by HIPAA through OCR.

Evaluation and Analysis

When nurses are presented with a scenario such as the need to comply with the decisions of patients, yet such decisions would risk their health, they get engulfed in a dilemma on the applicability of beneficence and ‘do not harm’ ethical principles. Subject to the application of these ethical principles ingrained within the current approaches to nursing practice, it is perhaps appropriate to accept the act by patient described in the paper of refusing to wear ventilator and feeding tubes. Such a decision underscores the prescription to nursing ethical value for defending people’s dignity and respect for their autonomy in health-related decisions (Lewis, & Soule, 2009, p.66). In the context of the ethical requirement for nurses guided by the ‘do not harm’ ethical principle, allowing patients to die within few days due to failure to do a medical intervention also amounts to an unethical act.

The nurse’s decision to accept the patient’s refusal for the procedures that would secure his or her life is also questioned in the light of non-malfeasance ethical approaches ingrained in the current nursing ethical practices. Where a nurse is required not to share information about the patient’s health, as prescribed by the HIPAA Act, another challenge is established. The nurse cannot seek opinions or authority from the parents of the patient to insert ventilator and feeding tubes. Where such an authority is sought in contradiction to the subscription to autonomy principles as applied in the current approaches to nursing, the nurse will be compelled to provide information on the situation of the patient, thus prompting the need for such a medical intervention. Since the patient does not want the tubes inserted, such information needs to be provided in his or her absence or without his or her authentication. This amounts to breaching of the HIPAA Act’s provision on the right of the patient to have confidentiality of health information as provided in title II.


HIPAA Act was enacted into law on 21 August 1996. The Act has title I and title II. Title I prescribes regulations related to the protection of health insurance for people who may either lose or alter their jobs. The second title, the SA, harbors regulations addressing privacy together with security of various health data systems. The HIPAA Act provides that confidentiality and autonomy of patients’ information must be respected by ensuring that all covered entities (including nurses) do not disclose patients’ information without their authentication unless during some special circumstances specified by the Act as discussed in the paper. However, even under such circumstances, the extent to which information may be disclosed is also limited. Many of the provisions of the HIPAA Act comply with the current approaches to nursing ethical codes of practice as they relate to autonomy, beneficence, confidentiality, ‘do not harm’, and equity of ethics. However, compliance to them puts nurses in dilemma especially concerning what is good to do and/or what may cause harm. They have to ensure equity of ethics to achieve their obligation to protect the right of life of their patients through delivery of quality healthcare.

Reference List

Lewis, F., & Soule, E. (2009). Autonomy in Nursing. Ishikawa Journal of Nursing, 3(2), 66-67.

Melnyk, M., & Fineout-Overholt, E. (2011). Transforming healthcare from the inside out: advancing evidence based practice in the 21st century. Journal of Professional Nursing, 21(6), 335-344.

Moore, L., & Savage, J. (2012). Participant Observation, Informed Consent and Ethical Issues in Nursing Practice. Nurse Researcher, 9(4), 58-69.

Wafa, T. (2010). How the Lack of Prescriptive Technical Granularity in HIPAA Has Compromised Patient Privacy. Northern Illinois University Law Review, 30(3), 419-427.

Wilson, J. (2008). Health Insurance Portability and Accountability Act Privacy rule causes ongoing concerns among clinicians and researchers. Ann Intern Med, 145(4), 313–316.

Find out your order's cost