- Status
They have no choice, It's already a HIPPA Regulation, Almost ALL of the EMS agencies here in NEA have already changed bands and gone to Encryption, All Except statewide 340.
Wow, HIPPA laws, that's it. I kept wondering why EMS was using encryption in certain locations. However, if the patient's name is not given, it would not be a HIPPA violation, would it?
Well, I must hand it to you if you're capable of getting through all of the HIPPA laws and possess such an understanding of such. I gave up.
Neal
Member
HIPAA dispatch
You might find this interesting.
The National EMS, Ambulance & Medical Transportation Industry Law Firm
5010 E. Trindle Road, Suite 202, Mechanicsburg, PA 17050
717-691-0100 / 717-691-1226 (fax) / 877-EMS-LAW1 (toll free - orders only)
PWW EMS Law "Monthly Tip of the Week"
October 20, 2003
HIPAA "Overkill" Should Not Delay EMS Response!
In the October 17th-19th issue of USA Today, a page one story entitled "Medical Privacy Law Creates Wide Confusion" tells the tale of the confusion created by the HIPAA Privacy Rule, with a front-and-center example of how this confusion has led to delays in EMS care. We certainly agree with the theme of the article that HIPAA is confusing and overly complex, and, when wrongly interpreted, may actually hinder the delivery of patient care in ways it was never intended to. The article's key example is the case of an ambulance service in Colorado that was delayed in arriving at the scene of an emergency, reportedly because the crew refused to give the name of the patient to an area resident who knew all the neighbors and where they lived.
This story prompted us to provide this critical reminder to all EMS organizations....when you need to reveal protected health information (PHI) to locate or treat a patient, by all means release the information! Asking someone "do you know where the Smith residence is" or a dispatcher giving a patient name over the radio are not HIPAA violations. When an ambulance can't find a patient, the EMS crew can't treat the patient. And treatment-related disclosures are expressly permitted under HIPAA.
When it comes to dispatch agencies giving patient names over the radio to responding EMS crews, it is important to remember that there are many areas of the country where ambulance services and other public safety agencies need to know the name of the residence in order to find the location. Again, where such information is necessary to find the patient, it is integral to treatment, and its disclosure would, at most, be defined as an "incidental disclosure" when those with scanners overhear the information, and, again, there is no HIPAA violation. The Office of Civil Rights, the government agency which oversees enforcement of the Privacy Rule, addressed these types of issues in written guidance, making it clear that EMS communications did not need to be "encrypted" to prevent the interested citizens from eavesdropping with their scanners and underscoring the fact that incidental disclosures when making treatment-related communications are an inescapable fact of providing patient care and do not result in HIPAA violations.
Further, in many cases, 911 dispatch centers are run by counties or other government agencies that are not even "covered entities" under HIPAA, so they can freely give out patient information necessary for the ambulance crews to not only find the location, but to also provide valuable information about the patient's condition---if they are breathing or not, if there is childbirth in progress, etc. This further underscores that such disclosures are clearly treatment-related, and the regulations don't restrict this exchange to information to the time of patient contact or after it. Treatment-related disclosures may be required before you even get to the patient, so this means that public safety agencies should give information out over the air when that information is needed to find the patient and to assist in treatment.
Many dispatch agencies do not make a practice of transmitting patient names, and often the street address is sufficient to allow the EMS crew to locate the patient. And it may not be necessary to give the name of the residence out over the air on a routine basis. But if an ambulance crew needs the name of the residence to find the location, or any other information, dispatchers should provide such information to them without question. Many EMS responders in rural areas, and even some in not-so-rural areas, may indeed require a name on a mailbox to find the location even when they have the address. The fact is, rural addressing continues to be a challenge in some areas, and some streets still may not even have house numbers. Even ones that do are often not visible from the street, which may prompt the ambulance crew to ask for a name. Ambulance crews should be able to get this information without question from their dispatch center. In our view, people who interpret HIPAA to the contrary are giving bad, and sometimes dangerous, advice.
Unfortunately, the HIPAA Privacy Rule has led to an outcry that a law meant to protect patient privacy has resulted in "overkill" (as USA Today puts it) that can actually result in harm to patients in an emergency. Anyone who has questions about the issues raised in the USA Today article -- or any of the other tough HIPAA issues -- should contact legal counsel knowledgeable in this area of the law. Page, Wolfberg & Wirth, LLC has produced the industry's leading HIPAA compliance resources -- The Ambulance Service Guide to HIPAA Compliance and HPTV - The HIPAA Privacy Training Video for EMS, which have been relied upon by thousands of ambulance services across the United States, and we stand ready to provide your ambulance service with common sense information on how to deal with the tough patient privacy issues you may encounter.
You might find this interesting.
The National EMS, Ambulance & Medical Transportation Industry Law Firm
5010 E. Trindle Road, Suite 202, Mechanicsburg, PA 17050
717-691-0100 / 717-691-1226 (fax) / 877-EMS-LAW1 (toll free - orders only)
PWW EMS Law "Monthly Tip of the Week"
October 20, 2003
HIPAA "Overkill" Should Not Delay EMS Response!
In the October 17th-19th issue of USA Today, a page one story entitled "Medical Privacy Law Creates Wide Confusion" tells the tale of the confusion created by the HIPAA Privacy Rule, with a front-and-center example of how this confusion has led to delays in EMS care. We certainly agree with the theme of the article that HIPAA is confusing and overly complex, and, when wrongly interpreted, may actually hinder the delivery of patient care in ways it was never intended to. The article's key example is the case of an ambulance service in Colorado that was delayed in arriving at the scene of an emergency, reportedly because the crew refused to give the name of the patient to an area resident who knew all the neighbors and where they lived.
This story prompted us to provide this critical reminder to all EMS organizations....when you need to reveal protected health information (PHI) to locate or treat a patient, by all means release the information! Asking someone "do you know where the Smith residence is" or a dispatcher giving a patient name over the radio are not HIPAA violations. When an ambulance can't find a patient, the EMS crew can't treat the patient. And treatment-related disclosures are expressly permitted under HIPAA.
When it comes to dispatch agencies giving patient names over the radio to responding EMS crews, it is important to remember that there are many areas of the country where ambulance services and other public safety agencies need to know the name of the residence in order to find the location. Again, where such information is necessary to find the patient, it is integral to treatment, and its disclosure would, at most, be defined as an "incidental disclosure" when those with scanners overhear the information, and, again, there is no HIPAA violation. The Office of Civil Rights, the government agency which oversees enforcement of the Privacy Rule, addressed these types of issues in written guidance, making it clear that EMS communications did not need to be "encrypted" to prevent the interested citizens from eavesdropping with their scanners and underscoring the fact that incidental disclosures when making treatment-related communications are an inescapable fact of providing patient care and do not result in HIPAA violations.
Further, in many cases, 911 dispatch centers are run by counties or other government agencies that are not even "covered entities" under HIPAA, so they can freely give out patient information necessary for the ambulance crews to not only find the location, but to also provide valuable information about the patient's condition---if they are breathing or not, if there is childbirth in progress, etc. This further underscores that such disclosures are clearly treatment-related, and the regulations don't restrict this exchange to information to the time of patient contact or after it. Treatment-related disclosures may be required before you even get to the patient, so this means that public safety agencies should give information out over the air when that information is needed to find the patient and to assist in treatment.
Many dispatch agencies do not make a practice of transmitting patient names, and often the street address is sufficient to allow the EMS crew to locate the patient. And it may not be necessary to give the name of the residence out over the air on a routine basis. But if an ambulance crew needs the name of the residence to find the location, or any other information, dispatchers should provide such information to them without question. Many EMS responders in rural areas, and even some in not-so-rural areas, may indeed require a name on a mailbox to find the location even when they have the address. The fact is, rural addressing continues to be a challenge in some areas, and some streets still may not even have house numbers. Even ones that do are often not visible from the street, which may prompt the ambulance crew to ask for a name. Ambulance crews should be able to get this information without question from their dispatch center. In our view, people who interpret HIPAA to the contrary are giving bad, and sometimes dangerous, advice.
Unfortunately, the HIPAA Privacy Rule has led to an outcry that a law meant to protect patient privacy has resulted in "overkill" (as USA Today puts it) that can actually result in harm to patients in an emergency. Anyone who has questions about the issues raised in the USA Today article -- or any of the other tough HIPAA issues -- should contact legal counsel knowledgeable in this area of the law. Page, Wolfberg & Wirth, LLC has produced the industry's leading HIPAA compliance resources -- The Ambulance Service Guide to HIPAA Compliance and HPTV - The HIPAA Privacy Training Video for EMS, which have been relied upon by thousands of ambulance services across the United States, and we stand ready to provide your ambulance service with common sense information on how to deal with the tough patient privacy issues you may encounter.
semo
Member
I had the fortune to take a health care class recently for college. HIPPA was discussed. HIPPA was passed so that hospitals would not release medical information to insurance companies without patient approval. No part of HIPPA states that, or means that its rules apply to first responders or EMS. Such worries are not for people who are responding to calls. The law is to prevent information from being passed between the hospital and other parties NOT INVOLVED with the patients care without the patients knowledge. HIPPA was passed in 1996 and took effect in 2003 and was such a bad law that it took 7 years to implement. No one knew the rules when it was passed and they are still being interpreted, incorrectly today. If a nurse opens your chart by accident and reads some of it before noticing the mistake, there is no HIPPA violation because the law does not pertain to those involved with the care. The nurse cannot tell an outside party though because they are not involved with the care. EMS, dispatchers, and hospitals are all involved with the patients care/well being are not bound by HIPPA laws when it comes to radio traffic.
Last edited:
semo
Member
Seems EMS agencies like encryption because it sometimes allows for the drivers to communicate with the dispatchers and tell them they are lost, (can't find the address) or that it will take a really long time to respond. It is more for public relations than privacy. HIPPA is just the perfect excuse to implement encryption. I also am not aware why information such as the name would be used anyway. You can know all the medical information in the world but if you don't give the name privacy is not violated.
I'm in EMS club at college (prepping to get an EMS dept. set up for on-campus incidents, taking classes this summer to get certified), and have been listening to EMS dispatch on my scanner to get a feel of what the dispatch process is. I never hear anything other than Age, Gender, location, and what happened to the patient over the radio. I'll hear the usual response saying that the department is responding. I never hear anything that would compromise the privacy of anyone.
Among the things discussed at club meetings is procedures of responding to an incident. Nothing was said about using the radio other than to be dispatched and to request/cancel an ambulance. Anything involving private information we use cell phones or some sort of phone communication.
I agree with encryption of tactical/special police operations since those clearly have no need to be transmitted to the public domain. But I don't really see any need to encrypt anything else.
I'm young and new to the hobby, so I might have the wrong idea about encryption. But overall, I disagree with it for day-to-day operations of Police, Fire, and EMS.
Among the things discussed at club meetings is procedures of responding to an incident. Nothing was said about using the radio other than to be dispatched and to request/cancel an ambulance. Anything involving private information we use cell phones or some sort of phone communication.
I agree with encryption of tactical/special police operations since those clearly have no need to be transmitted to the public domain. But I don't really see any need to encrypt anything else.
I'm young and new to the hobby, so I might have the wrong idea about encryption. But overall, I disagree with it for day-to-day operations of Police, Fire, and EMS.
We have three in the area here, Two of which are on a UHF Encrypted Trunk System (Using the excuse hippa laws) and my local one was on VHF but NOW they've got to the SAME UHF system as the others, When I asked them where they'd went, They said to our own private UHF Channel that nobody can hear and now it's completely hidden and private a and completly complies with HIPPA Regulations.. However, I found it in a week and it's not encrypted.. They do give their Patient reports to the hospital on this same system, However no more than age, sex, problem, vitals are ever given. Anyway, As I've said before, The scanning age as we know is slowly dying.
semo
Member
I know that some area EMS agencies use speech inversion and not encryption. This enables some people to still listen. If the agencies are using speech inversion then it is possible to still hear them. Not sure what Northeast Arkansas agencies use though.
It doesn't really matter if it is a violation or not. They are just using "Patient Confidentiality" as an excuse to go encrypted.
The true reason for any department using encryption is simple; they just don't want other people listening to them. They are not commercial broadcasters, and simply do not want anybody and everybody listening to them. They can come up with all the excuses they can think of, but it always boils down to that simple reason in the end.
poppafred
Member
HIPPA is the perfect example of what my grandfather used to say:
"Good ideas make terible laws"
"Good ideas make terible laws"
And this post is more misinterpretation....
I've been lecturing on HIPAA at the college level and doing awareness level training since 2003. The Act was passed in 1996, with an effective date of April 15, 2003 to allow for those affected to properly implement safeguards to ensure compliance. It was built that way, it didn't take seven years to implement it. Further, HIPAA applies to all entities that provide, bill and pay for healthcare services (this covers providers and insurance companies), and also to entities that transmit health information electronically (records houses). It applies to the entities AND their employees. If the EMS agency bills for service, they are ABSOLUTELY compelled to comply with HIPAA.
Now with that said, the application of HIPAA compliance within the EMS community was pretty much invisible, as the nature of the business already employed patient confidentiality at a heightened awareness, since patient privacy in the field was always a concern. An address, age, sex and chief complaint when transmitted over the air does not constitute any type of HIPAA violation. Further information associated with "socially unacceptable" medical history (AIDS, HIV status, certian social venerial diseases) is not allowed to be transmitted over the air, and hasn't been allowed since long before HIPAA, and is covered under the Ryan White CARE Act, which was enacted in 1990.
These services are hiding behind a very misunderstood law, and using it as an excuse. All they have to say is that they don't want people listening in, and they're going encrypted-because they can.
The ones here except my local one here use encryption, They don't use it here but I have heard them accidently switch to it a time or two and advise the other they're on scramble. But they don't normally use it, Our Sheriff's Department uses it and so does Two other EMS agencies and they're all on the same UHF Trunk system which is actually Commercial Tower Site available for anyone to rent a channel on. Oh and it is Voice Inversion.. But that's a form of scramble and wouldn't it be illegal to be able to hear it and listen in on even being voice inversion. How could you hear it legally, I mean, I didn't think you could. But yes, NEA EMS agencies Use Voice Inversion, I can't understand it so I never listen to any of those, Just ours here and some businesses and Three Schools that are all there as well and the local TV station Weather Tracker.. Not a lot goes on on that system besides the Sheriff's office and 3 EMS Agencies which 3 out of 4 of those I can't hear anyway so don't bother to listen to.
Last edited:
semo
Member
Businesses were allowed seven years to implement these safeguards is true but why did it take seven years. Because politicians, lawyers and hospitals argued over what the laws actually meant. The law is so confusing we are still discussing who it applies to today. To imply that the government allowed seven years for compliance out of the goodness of their hearts is misleading. If EMS agencies are using the law to go encrypted then the law is STILL being implemented, though maybe incorrectly. The new healthcare law (PPACA) is written like HIPPA, write the law and decide the rules later, that is exactly what happened with HIPPA and why it took seven years to implement.
It took seven years because the government realized that there was significant cost associated with compliance, and by giving the time, the government avoided any financial responsibility for upgrading private business' infrastructure. It's the same thing as the FCC's narrow band compliance rules-time is given to allow end users to comply-in the case of narrowbanding, we're looking at better than 10 years. The act passed in 1996, and stated in it that it would take effect on April 15, 2003, there was no arguing by the government, hospitals and lawyers after the bill passed that delayed the effective date.
I don't have to discuss who it applies to, I know, and if a proper awareness level training was conducted for everyone to which it applies (which is required under the act), so would those that it applies to. Unfortunately, the awareness courses that are conducted at most companies that are required to be HIPAA compliant is a joke.
An EMS agency hiding behind HIPAA to go encrypted isn't continued implementation, it's someone trying to find an excuse so that they don't have to come up with real justification for the expense. Since the law is so misunderstood, most people accept the excuse as fact. I for one, would call out anybody around me that tried using HIPAA as an excuse to go encrypted, and challenge them to show me where in the act it says that they have to be encrypted.
- Status
