RPI Ambulance Annual HIPAA Training Please sign the class roster.
RPI Ambulance Annual HIPAA Training What is HIPAA Anyways? HIPAA stands for the “Health Insurance Privacy and Accountability Act” and is a Federal Law passed in 1996 Specifies what is required to protect the security and privacy of personally identifiable health care information Applies to most health care providers, including RPI Ambulance (and other ambulance services)
RPI Ambulance Annual HIPAA Training HIPAA Issues for EMS Providers Protecting Patient Privacy Safeguarding Patient Information
RPI Ambulance Annual HIPAA Training Protecting Patient Privacy What is PHI (Protected Health Information)? Individually identifiable information Dealing with past, present, or future physical or mental health care or payment PHI (Protected Health Information) can be : Created by or received by a health care provider Oral, Written, Digital, Photographic, Electronic, etc.
RPI Ambulance Annual HIPAA Training Protecting Patient Privacy Some common sources of PHI (Protected Health Information) include: Patient Care Reports (PCR) Dispatch/Call Intake Records Billing Information “Face Sheets” Incident Reports with Patient Information Verbal Communications between Health Care Providers Patient Records from Hospitals and other Health Care Facilities Physician Certification Statements
RPI Ambulance Annual HIPAA Training Protecting Patient Privacy How can you protect your patient’s privacy? Follow the “Golden Rule” Respect the privacy of patient information as you would on your own Do not share PHI with others who are not involved in the patient’s care, except when required or permitted by HIPAA In general, keep disclosures to the “minimum amount necessary” to get the job done
RPI Ambulance Annual HIPAA Training Protecting Patient Privacy Remember the Golden Rule of HIPAA “What you see here What you hear here When you leave here Let it stay here!”
RPI Ambulance Annual HIPAA Training The Three Permitted Uses of PHI Treatment Payment Health Care Operations
RPI Ambulance Annual HIPAA Training Treatment You may freely share PHI with any other Health Care Provider who will also treat the patient Facilities may give PHI to an ambulance service and vice versa The “minimum necessary” rule does not apply to treatment-related disclosures
RPI Ambulance Annual HIPAA Training Payment An ambulance service may use PHI to file claims with payers and send bills to patients without patient consent or authorization
RPI Ambulance Annual HIPAA Training Health Care Operations Includes Quality Improvement (QI) and certain other management functions The “minimum necessary rule” applies, disclose only the minimum needed amount to perform the function
RPI Ambulance Annual HIPAA Training Treatment, Billing, and Health Care Operations How does RPI Ambulance fit in? Treatment: RPIA follows all HIPAA regulations Billing: RPIA does not bill for services Health Care Operations: RPIA follows all HIPAA regulations
RPI Ambulance Annual HIPAA Training Understanding HIPAA Privacy: The Typical Ambulance Call
RPI Ambulance Annual HIPAA Training Dispatch and Response Can the dispatcher transmit PHI over the radio? Yes! We need to know where we’re responding to. Names will be omitted to protect privacy. Remember the dispatch information (including address) is PHI! Can you share PHI over the radio with other responding agencies? Yes! HIPAA does not prevent oral communication for treatment purposes.
RPI Ambulance Annual HIPAA Training On Scene Can you discuss the patient’s condition with first responders and other on- scene providers? Yes! HIPAA does not prevent oral communication for treatment purposes. Can you discuss PHI with family members? What about talking to the media or bystanders? Take care to minimize “incidental disclosures” You may engage in any discussions necessary to treat the patient
RPI Ambulance Annual HIPAA Training Enroute to the Hospital and At the Hospital Can you give a report to the Hospital while enroute? Yes! You may give a report to the Hospital while enroute to the facility, this report may include PHI. However, take care to minimize incidental disclosure and use the most secure transmission option possible. Can you give a verbal report to hospital staff? Yes! HIPAA does not prevent oral communication for treatment purposes. Take care to minimize incidental disclosures, this does not mean you need to find a “sound-proof” room, but means use an inside voice and do not give a report in a public place (such as an elevator). Can you obtain a face sheet from the hospital? Yes, you may obtain a face sheet or billing information from the facility. Keep in mind that that document will contain PHI and must be handled accordingly.
RPI Ambulance Annual HIPAA Training After the Call Can the call be the subject of discussion? Short answer NO! The call may only be the subject of discussion if and only if the disclosure of PHI is minimized and is for a specific Health Care Operation such as Quality Improvement or Critical Incident Stress Debriefing.
RPI Ambulance Annual HIPAA Training Disclosures to Law Enforcement HIPAA limits the disclosures that EMS Providers can make! EMS personnel are patient care advocates and not law enforcement tools Disclosures may be made to Law Enforcement Officials under specific circumstances: When Required by Law When Permitted by Law Optional Disclosures
RPI Ambulance Annual HIPAA Training Disclosures to Law Enforcement: Required by Law You are required to disclose a patient’s PHI to law enforcement regardless of the patient’s consent when presented with: A Subpoena, summons, or warrant An administrative request/investigative demand A request for information pertaining to a limited number of injuries that you must disclose by law For example Burns, Domestic Violence, Firearm Injuries If presented with a legal document requesting PHI confirm its validity first then disclose only the information requested. If a situation ever arises in which this must be done, it will be completed by the Captain or appropriate designee.
RPI Ambulance Annual HIPAA Training Disclosures to Law Enforcement: Permitted by Law You are permitted to disclose a patient’s PHI to law enforcement under the following circumstances: Identifying or locating a suspect, material witness, or missing person Victim of a crime Abuse, neglect, or domestic violence If presented with a request for PHI, inquire of the purpose of their request and disclose only the minimal PHI needed. If a situation ever arises in which this must be done, it will be completed by the Captain or appropriate designee. When in doubt of whether or not to disclose, err on the side of caution!
RPI Ambulance Annual HIPAA Training Disclosures to Law Enforcement: Optional Disclosures You may disclose a patient’s PHI to law enforcement under the following circumstances: Decedents: when you think your patient died as a result of a crime Crime on Premises: when you have a “good faith” belief a crime was committed on Ambulance Premises (including Office, Ambulance, Garage, etc) Reporting a crime in an emergency: when you believe it necessary to alert law enforcement to a crime and details regarding it If a situation ever arises in which this must be done, it will be completed by the Captain or appropriate designee. When in doubt of whether or not to disclose, err on the side of caution!
RPI Ambulance Annual HIPAA Training Incidental Disclosures Whenever disclosing PHI be sure to limit an “incidental disclosure” Means to limit “Incidental Disclosures” Giving reports to another personnel who will treating the patient away from crowds Using a softer volume when speaking Using the most secure means of transmission available and within reason
RPI Ambulance Annual HIPAA Training Mass Casualty Incidents You are permitted disclose a patient’s PHI to a public or private disaster relief organization involved in the disaster relief efforts. (ie: American Red Cross) This is done so that families may be notified of location, condition, or the death of a relative. It is NOT your job to contact families!
RPI Ambulance Annual HIPAA Training Patient Access Patients have the right to access, inspect, and copy their medical records Requests must be made in writing to the Captain or appropriate designee
RPI Ambulance Annual HIPAA Training Safeguarding Patient Privacy Safeguarding Written PHI PCRs should never be left in the open The copy of the PCR left at the hospital should be left face down in the appropriate place After a call, the PCR should immediately be transferred to the “PCR Lockbox” in the Office PCRs should not be left inside the clipboard in the Ambulance for any extended periods!!! If a PCR is used for any purpose after the call, all identifying information must be blacked out
RPI Ambulance Annual HIPAA Training Safeguarding Patient Privacy Safeguarding Verbal PHI Use appropriate voice volume Don’t shout! Conduct conversations about PHI in the most secure location possible, for example not in the busy hallway Use the most secure method to communicate with the hospital possible Cell Phone vs. VHF Radio
RPI Ambulance Annual HIPAA Training IN SUMMARY: PROTECTING A PATIENT’S PRIVACY IS ONE OF RPIA’S UTMOST CONCERNS. REMEMBER, TREAT ALL INFORMATION CONFIDENTIALLY, AS YOU WOULD WANT YOUR OWN TREATED. IN GENERAL ALL DISCLOSURES AND REPORTS WILL BE MADE BY EITHER THE CREW CHIEF, UNLESS REQUESTED BY THE CREW CHIEF ALLOW THEM TO MAKE ALL DISCLOSURES. THE END. THANK YOU FOR YOUR ATTENTION.