Peek-A-Boo, ICU - Protecting Patient's Privacy


This lesson is the fourth of four lessons from the project, "The Absolute "YES" and "NO" in caring for patients". In this lesson plan, students will explore the extended correlation between patient's privacy and its impact on the legal, health, and economic aspects. Students will be exposed to clinical scenarios and critical thinking skills to value the importance of protecting each patient's privacy.


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule establishes Federal protections for patient's health information by placing some limits on how it may be used and shared. Patients play an important role in controlling who has access to their health information in many situations. Maintaining patient's privacy and security begins when the patient arrives for their appointment, and throughout the entire visit.

In order for the medical practice to make an effort to comply with this regulation, below are some of the Medical practices' responsibilities:

  1. Providing detailed written information concerning patient's privacy rights.
  2. Describing the steps the practice will take to protect their privacy and how the medical practice will use patients' protected health information (PHI).
  3. Obtaining a written acknowledgment from the patient that he or she has reviewed their rights before signing them.
  4. If the patient declines to acknowledge receiving a Notice of Privacy Practices, this must be documented in the patient's chart.
  5. Medical practices must also post a Notice of Privacy Practices in the office, usually in the reception area. Additional copies of the notice should be made available if a patient requests a copy.
  6. Medical practices are required to have a written policy and procedure in place for determining who and how much access, for each of medical staff will have, to patient medical information.
  7. A tracking system that keeps detailed information of all staff members viewing a patient's medical record should be in place.

In summary, HIPAA has three main “rules," or sets of regulations, that specify how regulated organizations need to operate and handle PHI. They are: 1). The Privacy Rule; 2). The Security Rule; 3). The Breach Notification Rule. The students will be required to dig down deep about each of these rules throughout this lesson plan.

Lesson Times

5 Minutes
Lecture: To know the unknown unknown
45 Minutes
Real Life HIPAA Clinical Scenarios
50 Minutes
Spot the HIPAA violations
50 Minutes

Industries / Subjects / Grades

Industries / Pathways
  • Health Science and Medical Technology Health Science and Medical Technology
    • Patient Care
K-12 Subjects
  • Science
Grade Levels
  • 11
  • 12
  • Adult

Standards and Objectives


Next Generation Science Standards (1)
California's 2013 CTE Standards (3)

Related Instructional Objectives (SWBAT...)

  • Comprehend the requirements for medical information protection and privacy.
  • Value the importance of protecting medical information and patient privacy.
  • Apply judgment and select the most appropriate response, if the legal implications associated with patient's confidentiality, arise.

Get access to the rest of this Lesson and over 3000 more!

Create a Free Account or now!