Gordon Graham here with Today’s Tip from Lexipol. Today’s Tip is for fire and EMS personnel. Today I am talking about the misperceptions, hear that word again, misperceptions, of the “Health Insurance Portability and Accountability Act of 1996,” better known as HIPAA.
HIPAA is a federal law that protects a patient’s PHI, personal health information. How we handle PHI, how we protect it, and when we can release are all spelled out in HIPAA. Many of us have been told that you cannot disclose PHI to anyone under any circumstances. Guess what? That’s not really true? Let’s take a closer look.
First, HIPAA makes distinctions between types of health care providers. For those of us in the emergency services, whether your agency provides EMS is what matters. If your agency does not provide EMS, guess what? HIPAA does not apply.
If your agency does provide EMS, the next question is whether you conduct electronic transactions such as billing. If you do, then HIPAA applies. But simply responding to a medical emergency or providing first aid at a crash scene will not trigger the HIPAA privacy rule.
If you guessed that there may be exceptions to the privacy rule, you are 100% correct. In emergency situations, HIPAA allows disclosures that include:
- Releasing PHI to others as necessary to treat patients, including other EMS services, hospitals and other facilities involved in treating the patient.
- Releasing PHI to family or others providing medical care for an individual, and when necessary, the police, press, and the public when trying to locate and notify family members.
- And releasing PHI to individuals or the public to prevent a serious and imminent threat to their health and safety.
Please take a moment and think about what this means to you and your agency. In short, it means use commons sense when speaking to someone about your patient’s medical condition. Common sense will also help you manage the next hurdle: state privacy laws.
Remember that HIPAA is a federal law. But, every state has or is crafting separate healthcare and medical confidentiality laws. Some of the new laws are a reaction to some recent high-profile events, such as the release of images from the Kobe Bryant helicopter crash.
Although HIPAA gets all the attention, state laws are more likely to trip you up. Why’s this? Even if your agency isn’t a covered entity under HIPAA, state privacy laws may apply. In other words, simply complying with HIPAA may not be sufficient to protect you or your agency.
Please review your policies and procedures against both HIPAA and applicable state laws. If they only address HIPAA, they might be incomplete. And that’s a problem lying in wait.
That’s Today’s Tip from Lexipol. Gordon Graham signing off.