2.2 Privacy, Confidentiality, and HIPAA Boundaries

Privacy Is More Than a Closed Curtain

Privacy means the resident controls personal space and personal information as much as possible. It includes the body during bathing, dressing, toileting, and transfers. It includes personal belongings, mail, phone calls, visitors, conversations, records, and electronic information. It also includes the way staff talk about the resident when the resident is nearby.

HIPAA is the federal privacy law most CNAs hear about, but the exam usually tests practical boundaries. A CNA may share resident information with the nurse and care team when it is needed for care. For example, reporting that a resident has new bruising, refused breakfast, became short of breath during care, or said money is missing is allowed and expected. HIPAA is not a reason to stay silent about care concerns.

The limit is where, how, and with whom the information is shared. Do not discuss a resident in the elevator, cafeteria, parking lot, lobby, break room with visitors nearby, or on social media. Do not use a resident's name, photo, room number, diagnosis, medication, family conflict, or behavior as a story for entertainment. Removing the name is not always enough if the person can still be identified.

A CNA should use the minimum necessary information. If the charge nurse asks why a resident did not attend lunch, it may be enough to say the resident refused and reported nausea. It is not appropriate to add unrelated details about family problems or diagnoses unless needed for care. Keep your voice low, choose a private place, and follow facility rules for documentation and reporting.

Family questions require caution. Some family members are authorized contacts, and some are not. Some residents want information shared, and others do not. A CNA should not guess who may receive protected health information. If a visitor asks for a diagnosis, test result, medication list, wound status, or private care-plan detail, refer the person to the nurse. You can still be courteous: I will let the nurse know you have a question.

Physical privacy matters just as much as information privacy. Close curtains and doors during personal care. Cover the resident when moving from bed to chair. Do not expose more of the body than needed. Do not leave soiled linens uncovered in view of visitors. Do not read mail, open drawers, handle phones, or inspect personal items unless it is part of assigned care or the resident asks for help.

Electronic privacy is part of CNA practice even if the CNA does not use the full medical record. Do not leave screens visible if you use a device. Do not take pictures of residents, injuries, rooms, documents, or funny situations on a personal phone. Do not text resident information to a friend or coworker through an unauthorized app. Follow facility rules for secure communication.

Privacy Boundary Guide

On the test, watch for answers that confuse confidentiality with silence. Reporting to the nurse is not gossip. Charting according to facility procedure is not a privacy violation. The wrong answers usually share information with people who do not need it, share in the wrong location, or treat a resident's private situation as entertainment.