Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved.

Similar presentations

Presentation on theme: "Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved."— Presentation transcript:

1 Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved.


3  HIPAA stands for the “Health Insurance Portability and Accountability Act”  HIPAA is a Federal law passed in 1996  Applied to EMS in April, 2004

4  Specifies what is required to protect the security and privacy of personally identifiable health care information  Applies to most health care providers, including ambulance services


6  Protecting patient privacy  Safeguarding patient information



9  Protected Health Information (PHI) ◦ Individually identifiable information ◦ Dealing with past, present or future physical or mental health care or payment

10  Protected Health Information (PHI) ◦ Created by or received by a health care provider ◦ Oral, written, photographic, electronic, digital, etc.

11  Patient Care Reports

12  Dispatch/Call Intake Records

13  Billing Information

14  Incident Reports with Patient Information

15  Verbal Communications Between Health Care Providers

16  Patient Records from Nursing Homes/Hospitals

17  Physician Certification Statements

18  The Golden Rule of HIPAA: ◦ Respect the privacy of patient information as you would your own

19  Do not share PHI with others not involved in the patient’s care, except when permitted or required

20  Generally speaking, keep disclosures to the “minimum amount necessary” to get the job done

21 1. Treatment 2. Payment 3. Health Care Operations

22  You may freely share PHI with other health care providers who also treat the patient

23  Facilities may give PHI to the ambulance service and vice versa (e.g., transfers)  EMATALA requires the ambulance crew to have access to patient records

24  The “minimum necessary” rule does not apply to treatment- related disclosures

25  Your ambulance service may use PHI to file claims with payers and send bills to patients without patient consent or authorization

26  Includes Quality Assurance or Continuous Quality Improvement, Training and certain management functions

27  The “minimum necessary rule” applies ◦ Disclose the minimum amount needed to perform the function


29  Can the dispatch center transmit PHI over the radio? ◦ YES! How else would you know where to respond?!

30  Can you share PHI over the radio with other responding agencies?

31 ◦ YES! HIPAA does not prevent oral communications for treatment purposes!

32  However, remember that the dispatch information you receive is still PHI!

33  Be sure to document the nature of the dispatch! ◦ Example: “dispatched by 911 for a patient with chest pain...”

34  Can you discuss the patient’s condition with first responders or other on-scene providers?

35  Can you discuss PHI with family members?

36  What about talking to the media or to bystanders?

37  You may engage in discussions necessary to treat the patient

38  Take care to minimize “incidental disclosures”

39  Use common sense approaches!

40  You are permitted to transmit PHI to the receiving facility

41  May apprise the hospital of patient condition

42  Take care to minimize incidental disclosures

43  Use most secure transmission option

44  You may give your PCR to the hospital ◦ The “minimum necessary” rule doesn’t apply

45  You may give a verbal report to the hospital staff ◦ Take care to minimize incidental disclosures ◦ Sound-proof room not required!

46  You may obtain a face sheet or billing information from the facility

47  Discussions in the station?

48  Quality improvement activities?

49  CISD?

50  HIPAA greatly limits the disclosures that EMS personnel can make!

51  EMS personnel are patient care advocates, not law enforcement tools

52  Permissible law enforcement disclosures are limited to specific situations

53  After an accident call, a police officer stops by the station and asks for a copy of your PCR for the patient you transported to the hospital

54  A police officer asks you if the patient at an accident scene appears to have been drinking

55  A police officer who is a medically-trained First Responder is assisting you and asks for the patient’s blood pressure and pulse to record on the first responder scene report

56  PHI can be verbally disclosed for treatment, but…  Must take reasonable steps to minimize incidental disclosures

57  Examples ◦ Give report to ER nurse away from the crowd ◦ Use softer volume when speaking ◦ Use most secure type of transmission available

58  “Notice of Privacy Practices” (NPP) ◦ Written document

59  Two obligations ◦ Furnish to patient ◦ Obtain signed acknowledgment in non-emergency ◦ NuCare sends the NPP with billing statement

60  These still involve PHI

61  Furnish notice and obtain signed acknowledgment when possible

62  Document reason why if not possible

63  Can include acknowledgment directly on the refusal form

64  You are permitted to disclose PHI to a public or private entity involved in disaster relief efforts ◦ Example: American Red Cross

65  Purposes ◦ Notify a family member or other personal representative ◦ Of location, condition or death of patient

66  Patients have the right to inspect and copy their medical records

67  Requests should be directed through management (Privacy Officer) of your ambulance service

68  Patients have a right to request amendment of their PHI

69  Requests must go through the ambulance service ◦ 1 st : Director of Operations ◦ 2 nd : Director, Business Dev.

70  Not required to amend if information is complete and accurate

71  Changes should be made by the original author

72 Policies for protection

73  PCRs should not be left unattended in the open  Do not leave PCRs and notes in your clipboard, lock them up

74  PCRs should be maintained in a locked cabinet with limited, role-based access ◦ Keyed banker’s bag ◦ Padlocked white box

75  Must also safeguard written notes, call intake records, physician certifications, etc. that contain PHI

76  Trip sheets and other PHI should not be posted or used as “examples” unless identifying information is removed ◦ Training Officer is the only employee with role based access for this purpose


78  Implement password protection to computers or networks where PHI is maintained

79  Include confidentiality statements on e-mails and fax cover sheets

80  Keep fax machines which receive PHI in a secure location and ensure others to whom you fax PHI do the same

81  Use encryption technology for the electronic transmission of PHI

82  Generally no: ◦ The recently enacted (October, 2010) HITECH ACT makes it a HIPAA violation to enter, review or QA patient records from any device that does not contain encryption software. ◦ If your device contains company approved encryption software, you may perform the above duties from personal items. ◦ FTOs, Supervisors, Managers and Directors are not exempt from this ruling.

83  Use most secure method available to communicate with dispatch, hospital, etc. ◦ Example: cell phone vs. VHF radio

84  Conduct conversations about PHI with other treatment providers in most secure location available

85  Use appropriate voice volume


87  No inappropriate banter about specific patients




Download ppt "Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved."

Similar presentations

Ads by Google