Student HIPAA Concern/Violation Policy and Procedures
The University of Wisconsin–Madison (UW–Madison) School of Nursing (SoN) is dedicated to ensuring nursing students in our academic programs follow the Health Insurance Portability and Accountability Act of 1996 (HIPAA) guidelines from the U.S. government. Briefly, this legislation addresses how to protect the privacy and security of health-related information. The UW–Madison SoN operates in accordance with the University of Wisconsin policy on HIPAA, accessible at https://compliance.wisc.edu/hipaa/
For nursing students and nurses, following HIPAA guidelines is an ethical and professional responsibility, as well as a legal responsibility. The School of Nursing faculty develop teaching/learning materials carefully so that these materials (e.g., assignments and forms), do not inadvertently lead student to share HIPAA identifiers. In the curriculum, the school has multiple opportunities for faculty to address the importance of adherence to HIPAA guidelines, such as sharing additional information about HIPAA/Personal Health Information (PHI), explaining SoN policies about HIPAA in course syllabi, and information presented on the school’s student portal, the Student Site.
Procedures:
- To prevent issues with HIPAA violations, all students are required to complete HIPAA training annually and have a certificate of completion on file in the Office of Academic Affairs.
- If individuals in the SoN have any concerns about possible breaches of HIPAA, they should discuss these concerns with one of two points of contact in the SoN, as follows:
- If the concerns involve students, faculty should report these immediately to the school’s HIPAA Privacy Coordinator.
- If the concerns involve a technological matter (e.g., how to store data, loss or theft of laptop), the faculty should also contact the school’s HIPAA Security Coordinator.
- If one is unsure about whether a situation constitutes a breach of HIPAA guidelines and constitutes an reportable incident, faculty should contact the school’s HIPAA Privacy Coordinator.
- Additionally, per university policy, individuals are to report HIPAA incidents to the university. Faculty should report the student incident as soon as possible utilizing the online HIPAA Incident Report Form.
Student Disciplinary Guidelines:
After the university’s HIPAA Incident Report Form is submitted online, the university’s HIPAA Privacy Officer and the school’s HIPAA Privacy Coordinator are responsible for any university follow-up action based on university HIPAA policies.
Within the School of Nursing, the Associate or Assistant Dean for Academic Affairs will address student-associated HIPAA incidents on a case-by-case basis in consultation with the school’s HIPAA Privacy Coordinator and, as appropriate, with the university’s HIPAA Privacy Officer, and in accordance with university HIPAA policies. Depending on the nature and severity of a HIPAA incident, tailored plans of corrective action will be developed by the Associate or Assistant Dean for Academic Affairs and implemented in collaboration with the faculty and others as appropriate based on the school’s assessment. In all cases, the incident will be noted in a written warning letter from the Associate Dean for Academic Affairs, signed by the student and kept in the student’s file in the Office of Academic Affairs. Based on the severity of the HIPAA incident, corrective action can include one or more of the following: a) re-education and processing of the incident, b) disciplinary sanctions such as removal from clinical site, probation, or course failure, or c) program dismissal by review.