Trending Topics
Sponsored Content

Understanding HIPAA regulations for fire departments

Learn what firefighters should know about patient privacy in this tip from risk management expert Gordon Graham

Sponsored by

Gordon Graham here with Today’s Tip from Lexipol. Today’s Tip is for fire and EMS personnel. Today I am talking about the misperceptions, hear that word again, misperceptions, of the “Health Insurance Portability and Accountability Act of 1996,” better known as HIPAA.

HIPAA is a federal law that protects a patient’s PHI, personal health information. How we handle PHI, how we protect it, and when we can release are all spelled out in HIPAA. Many of us have been told that you cannot disclose PHI to anyone under any circumstances. Guess what? That’s not really true? Let’s take a closer look.

First, HIPAA makes distinctions between types of health care providers. For those of us in the emergency services, whether your agency provides EMS is what matters. If your agency does not provide EMS, guess what? HIPAA does not apply.

If your agency does provide EMS, the next question is whether you conduct electronic transactions such as billing. If you do, then HIPAA applies. But simply responding to a medical emergency or providing first aid at a crash scene will not trigger the HIPAA privacy rule.

If you guessed that there may be exceptions to the privacy rule, you are 100% correct. In emergency situations, HIPAA allows disclosures that include:

  • Releasing PHI to others as necessary to treat patients, including other EMS services, hospitals and other facilities involved in treating the patient.
  • Releasing PHI to family or others providing medical care for an individual, and when necessary, the police, press, and the public when trying to locate and notify family members.
  • And releasing PHI to individuals or the public to prevent a serious and imminent threat to their health and safety.

Please take a moment and think about what this means to you and your agency. In short, it means use commons sense when speaking to someone about your patient’s medical condition. Common sense will also help you manage the next hurdle: state privacy laws.

Remember that HIPAA is a federal law. But, every state has or is crafting separate healthcare and medical confidentiality laws. Some of the new laws are a reaction to some recent high-profile events, such as the release of images from the Kobe Bryant helicopter crash.

Although HIPAA gets all the attention, state laws are more likely to trip you up. Why’s this? Even if your agency isn’t a covered entity under HIPAA, state privacy laws may apply. In other words, simply complying with HIPAA may not be sufficient to protect you or your agency.

Please review your policies and procedures against both HIPAA and applicable state laws. If they only address HIPAA, they might be incomplete. And that’s a problem lying in wait.

That’s Today’s Tip from Lexipol. Gordon Graham signing off.

Gordon Graham has been actively involved in law enforcement since 1973. He spent nearly 10 years as a very active motorcycle officer while also attending Cal State Long Beach to achieve his teaching credential, USC to do his graduate work in Safety and Systems Management with an emphasis on Risk Management, and Western State University to obtain his law degree. In 1982 he was promoted to sergeant and also admitted to the California State Bar and immediately opened his law offices in Los Angeles.