HIPPA Discussion

[Sin City Medic]

Let me preface this topic by saying that I am seeking opinions for any and all who care to discuss the topic below.

I have been with my current company about five years now, and have had the privlage of working in multiple operations through out the nation. As of recent I moved to the North East and found a practice they have had in place to cause my stomach to churn with doubt.

Post a run I am to call into the dispatch center for my run number and times. I do this and am then asked to give to the dispatcher the pt's name, SSN, DOB, and any insurance information should they have insurance.

Please understand that I have never done this practice at any other operations I have worked at, and all of those operations have been with this company. I don't feel that a dispatcher has any right to this information nor do they have any need for it.

Could this be construed as a violation of HIPPA? While I realize that it's simple patient demographics, I am intrusted with caring for that patient's information and I just don't feel right giving it to a dispatcher. Is my feeling justified? What are you thoughts! This topic has been plaguing me for a month now!

[dera]

Let me preface this topic by saying that I am seeking opinions for any and all who care to discuss the topic below.

I have been with my current company about five years now, and have had the privlage of working in multiple operations through out the nation. As of recent I moved to the North East and found a practice they have had in place to cause my stomach to churn with doubt.

Post a run I am to call into the dispatch center for my run number and times. I do this and am then asked to give to the dispatcher the pt's name, SSN, DOB, and any insurance information should they have insurance.

Please understand that I have never done this practice at any other operations I have worked at, and all of those operations have been with this company. I don't feel that a dispatcher has any right to this information nor do they have any need for it.

Could this be construed as a violation of HIPPA? While I realize that it's simple patient demographics, I am intrusted with caring for that patient's information and I just don't feel right giving it to a dispatcher. Is my feeling justified? What are you thoughts! This topic has been plaguing me for a month now!

While this may not be a direct violation of HIPPA, this information does not need to be provided over airwaves. The ePCR or paper PCR can be matched up after shift to provide that information with disclosure of sensitive information that could be used in identity theft, which I think is a bigger threat than a HIPPA violation.

Our company policy is to NEVER release a patient name over the air. We do allow age, sex, chief complaint, and disposition over the air. All other data is on the PCR, and has no place in being said over airwaves.

[JakeEMTP]

Just so we're clear, it's HIPAA.

Our service basically provides the same info as dera's. Sex, age, c/c, V/S, spinal imobilised (if required) and disposition.

Anything else in my opinion would be a HIPAA violation. Due to the number of whackers out there that scan the airwaves, one never knows who is listening.

Edited January 1, 2010 by JakeEMTP

[VentMedic]

This depends on whether you are giving the information out over the radio, which is definitely not acceptable, or by a secured line. Of course one could argue that a cell phone is not secure either. Some hospitals have telephones set up for ambulance personnel to do such calls. It also depends on what role and software your dispatch is using and if they are also multitasking billing information. If that is also in their job description, then yes, they may need to know some of the information. If the patient has consented for treatment and signed the necessary paperwork, your company can continue with the processing of insurance data provided it is in a secure manner and not over the radio.

Edited January 1, 2010 by VentMedic

[VentMedic]

Some might find this interesting:

http://www.privacyrights.org/fs/fs8a-hipaa.htm

What are HIPAA's shortcomings?

Like it or not, you are not the only one with an interest in control of personal health information. The balancing act between your interests and those of other stakeholders is often tipped on the side of government, the medical profession, related businesses, and public interests. Consumer and patient advocates are critical of HIPAA for its numerous weaknesses.

Here are some of the ways that patients' rights to privacy come up short:

1. Your consent to the use of your medical information is not required if it is used or disclosed for treatment, payment, or health care operations (TPO). In many situations such as emergencies, this makes perfect sense. You don't expect the ambulance driver to get your permission to call the hospital emergency room when you are having a heart attack. On the other hand, since your consent is not required for payment, your health care provider could submit a claim to your insurance company - even for a procedure you wanted to keep private and intended to pay for yourself. In addition, treatment, payment, and health care operations have broad definitions that encompass many activities that most people are not familiar with.

2. Your past medical information may become available, even if you thought the information was long buried and would remain private. An event, treatment, or procedure from your distant past can be disclosed the same as information about current conditions. Of some comfort, old information is given the same protections under HIPAA as current information. In addition, HIPAA's "minimum necessary" rule applies to old as well as new records. This means that the amount of information disclosed should be limited to what is necessary to accomplish the purpose.

3. Your private health information can be used for marketing and may be disclosed without your authorization to pharmaceutical companies or businesses looking to recall, repair or replace a product or medication. (For more on the marketing of your medical information see Part 5 below.)

4. You have no right to sue under HIPAA for violations of your privacy. In other words, you do not have a "private right of action." Only the HHS or the U.S. Department of Justice has the authority to file an action for violations of the Privacy Rule. All you can do is complain to the one who violates your privacy or to the HHS. However, you may be able to sue under state law using the HIPAA Privacy Rule to establish the appropriate standard of care.

5. Business associates of a covered entity can receive protected health information (PHI) without a patient's knowledge or consent. Before entering into an agreement with a business associate, a covered entity must receive assurance that information will be handled appropriately. After that, handling of sensitive data by business associates is left only to an honor system. Even when the limitations of the Privacy Rule are applied, many people can still see your medical records when carrying out the business of the plan or provider.

Business associates may include billing services, lawyers, accountants, data processors, software vendors, and more. Your doctor may, for example, disclose your health information to a business associate that processes medical bills. A written contract for this arrangement is required, but the doctor doesn't have to check to see that your information is being handled correctly. If there is a violation, the business associate is supposed to report it.

1. Law enforcement access to protected health information under HIPAA is a significant concern of privacy and civil liberties advocates. Some disclosures may be made to law enforcement without a warrant or court order.

Edited January 1, 2010 by VentMedic

[CBEMT]

If the way the company has their internal data gathering at this operation is that you give the dispatcher the patient's information, I don't see how it would be a violation.

It's the same as my old job, where all our paperwork went into an envelope and we wrote each patient's name on the outside. Some people refused to do that, citing HIPAA. Except the envelope is an internal document, so it's not. (Can you tell our HIPAA training was virtually non-existant?)

Your conversation with the dispatcher is, likewise, internal communication.

[stcommodore]

When we transport a patient related to a fire incident either normal citizen or FD personel name, date of birth and something to the extend of "first aid and transport" are added into the incident histories notes. Other then that our dispatch center never sees any patient information. Our field supervisor (lieutient/captian) can't even pull runs without speaking with the CQI office/officer.

[akflightmedic]

The information is internal, so I do not see how it is a HIPAA concern. I see it no differently than the office assistant getting all my info and the doctor providing the care. Same same to me...

FYI, when I did a contract for Acadian after Rita, everything was called in to dispatch. We even dictated our calls to dispatch and they wrote the report.