# HIPAA question



## firemedic0227 (Dec 17, 2013)

So while sitting around the station kitchen table this morning enjoying a cup of Coffee, my crew and I got into talking about HIPAA. One crew member stated that it's a violation of HIPAA to talk about any call. For reference, lets say I ran a call last night where someone was possibly shot but instead they were cut by a chainsaw, and I mentioned to someone on the crew that I ran that call and thats all the information I put out about the call. This certain crew member stated that you are in violation of HIPAA due to the information you just stated. I have just never heard that before, I have been under the understanding that HIPAA protects personal identifiable information.


----------



## Aprz (Dec 17, 2013)

Sometimes I just don't know anymore, there are way too many HIPPA* police out there.

If you don't give away any protected health information (PHI), it's not a violation. Sometimes PHI is allowed to be used, but only for "treatment, billing, and healthcare operations". Example of PHI being used is dispatchers saying the address of where the incident is at, or a certified medical assistant saying the patient's first and last name in a waiting room full of other patients "We're ready to see you Mr. Smith".

Something I've been confused about is determining if someone is a HIPAA entity, primarily fire stations. I guess if you do not electronically bill, you are not a HIPAA entity. Electronically bill does not mean ePCRs, I guess it means any form of electronics like scanning the PCR too.

Just because you are or are not a HIPAA entity doesn't mean you agency policies are the same or higher standards of HIPAA, or specific State laws. For example, an agency may have a policy that says you are not allowed to discuss any calls on Facebook, or anything user generated, social media, even if PHI isn't included. HIPAA may not be violated, but your agency policy were violated.

Your agency may have a privacy officer, or a similar title, who you can ask more questions about HIPAA and your agencies policies and protocols that pertain to patients' privacy.

*I purposely said "HIPPA" cause people who tend to tell me something is a "HIPPA" violation don't even know how to spell it, and that's how I imagine they say "that's a HIPPA violation!" and how they'd spell "HIPPA police". I've been told some things are HIPPA violations that clearly weren't HIPAA violations.

It's usually not OK to disclose PHI unless it's for "treatment, billing, and heathcare operations". Discussing calls with other co-workers without including PHI while at work is usually OK, but you may want to talk with your agency's privacy officer, or a similar title, to determine what's OK. Your agency's policies/standards may be equal to or higher than HIPAA.


----------



## firemedic0227 (Dec 17, 2013)

Thanks for your reply. We are not allowed to talk about calls on social media at all. They don't even like us taking pictures in house and posting them to social media without prior approval. No PHI was given when we sat around our cups of coffee and talked about this certain call another co worker had. I tried to argue my point and I was told I was wrong. My counter was, when there is something like a shooting around my area the news usually video tape the location and the person being loaded in the back of the ambulance, how is that not a violation but what I said could be considered a violation, not a system violation but an actual HIPAA Violation on a national level.


----------



## Aprz (Dec 17, 2013)

arharris83 said:


> Thanks for your reply. We are not allowed to talk about calls on social media at all. They don't even like us taking pictures in house and posting them to social media without prior approval. No PHI was given when we sat around our cups of coffee and talked about this certain call another co worker had. I tried to argue my point and I was told I was wrong. My counter was, when there is something like a shooting around my area the news usually video tape the location and the person being loaded in the back of the ambulance, how is that not a violation but what I said could be considered a violation, not a system violation but an actual HIPAA Violation on a national level.


The news isn't a HIPAA entity.

By the way, refer to http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html, which after reading, you may use as a source to backup what your argument.


----------



## truetiger (Dec 17, 2013)

The fact that somebody told you that you were in violation tells us all we need to know about that person. Like it or not, end of shift "stories" happen all the time. These "stories" have taken place at every place I have ever worked. On coming shift comes on and asks "how was your night?" No one has ever answered with "that's a HIPAA violation."


----------



## Fire51 (Dec 17, 2013)

truetiger said:


> The fact that somebody told you that you were in violation tells us all we need to know about that person. Like it or not, end of shift "stories" happen all the time. These "stories" have taken place at every place I have ever worked. On coming shift comes on and asks "how was your night?" No one has ever answered with "that's a HIPAA violation."



I agree with this. Crews always talk to each other about their calls. But there are some people that you have to be careful telling them certain things! I think if you don't go into very specifics you are fine but just be careful what you say and who you say it to.


----------



## vc85 (Dec 17, 2013)

In order for something to be a HIPAA violation it has to be unauthorized disclosure of Personal Health Information.  That means it has to be identifiable.  

Saying "Some guy got shot last night" NOT a HIPAA violation

Saying " John Doe, who is 40 years old and lives at 123 Main Street, got shot in the chest and punctured a lung." may well be a HIPAA violation depending on who it's said to and why.

Now this only applies to the HIPAA law. Your agency/company of course can have more restrictive confidentiality rules.


----------



## unleashedfury (Dec 18, 2013)

Honestly from what I gather apparently most people have their own "interpretation of HIPAA" for my company its whether it benefits them. 

Sitting at the table discussing calls over coffee isn't a HIPAA violation. Stating patients names is a HIPPA violation. 

Dispatch stating locations of where the unit is to respond to, is not a HIPAA violation as it pertains to operation requirements, 

When you go to the doctors office and they call your name out in the waiting room for you to be seen is not a HIPAA violation. 

If the Receptionist or Nurse calls your name out in the waiting room as states "your being seen today because you have a herpes flare up?" thats a technical foul. 


Most companies have Social Media policies in place for a reason. Usually because some dumb *** decided he was gonna post pictures of a accident or something gory on facebook to brag to his friends about only to find out that the family hasn't even been notified of this persons untimely death. OR to protect the patient identity.


----------



## ZombieEMT (Dec 20, 2013)

I think the real issues at heart are 1~HIPAA is interpreted by so many people in different ways. People have become so affraid that something might be a HIPAA violation, that they think everything is a HIPAA violation. 2~There is minimal training on HIPAA to most health care workers. 

The truth is, if you do not give out identifying information, its not a HIPAA violation. Like many have said, departmental policies might be different.

I work for a company that has hospital contracts and I have seen people over think HIPAA and under think it enough that it is a violation. Two recent situations.

-While registering a patient, a security officer got agitated with a transport crew who walked through the emergency room to get to the mental health unit. The officer stated it is a HIPAA violation for them to do so, and moaned and groaned. He actually went to the extent of stopping them in mid stride to yell at them for doing so, in front of the patient and other staff. - This is not a HIPAA violation. They were not yelling their patient's name or demographics as they walked through the hall. Nor were they flashing a facesheet or even advertising what unit they were going to. Just a silent walk through.

-We arrived to pick a patient up and discover that the last crew in took our paperwork and left theirs. Mistake on both the crew and hospital who handed them the wrong paperwork. The patient was transported to the receiving with wrong paperwork. Our patient, just happened to go to that facility also. Nurse handed us transfer paperwork for the previous patient, with all PHI and Treatment visible from transfer form. Not our patient, not even same company. HIPAA violation?


----------



## mizzcemtp (Apr 30, 2014)

What if the person affiliated with the agency is a volunteer? Someone that already knows the patient, because they work at the same public job.. I have come across that situation before, and it's touchy, because you're not supposed to 'upset' the volunteers at all. But this one couldn't do QA/QI, because she wasn't the appropriate level (she was intermediate and it was a medic level call), the billing is done through the local fire marshall's office-which she doesn't have any participation in, and she wasn't on the call. I'm still trying to figure out what she has to do that involves pulling charts and reading them... We have a QA/QI person that's the appropriate level-she's the paid supervisor over the medics.. Feedback, anybody?


----------



## OnceAnEMT (Apr 30, 2014)

For AT and EMT work, I've always gone by a simple rule. If who I am telling the story to cannot in any way connect the story to a Pt, it is not a HIPAA violation. 

About snoopy bystanders or coworkers, whether for good or for bad, if they are not part of the continuity of healthcare for that Pt for that case, and they are not identifying themselves (with evidence) of being family, they don't get to know. If my Pt's boss comes up to me at the truck and asks how my Pt is doing and what is going on, he will get a "We are doing as much as we can to take care of him/her." If my mom asks me about what I saw on the truck today (assuming there was nothing crazy, 6 PM News worthy), I'll tell her my calls. Obviously, no names, and probably not even locations. Certainly not addresses.

Playing devil's advocate... what about fire station tones? I used to live at a house near a station that was on top of a hill, and whenever those tones dropped I could hear it 5/5. Engine 39, respond to 1234 Liar Street for 40 year old unresponsive female. Pull out my dusty-ol' Yeller Pages, and find that Mrs. Billy just went down. To HIPAA, nor not to HIPAA...


----------



## Ewok Jerky (Apr 30, 2014)

mizzcemtp said:


> What if the person affiliated with the agency is a volunteer? Someone that already knows the patient, because they work at the same public job.. I have come across that situation before, and it's touchy, because you're not supposed to 'upset' the volunteers at all. But this one couldn't do QA/QI, because she wasn't the appropriate level (she was intermediate and it was a medic level call), the billing is done through the local fire marshall's office-which she doesn't have any participation in, and she wasn't on the call. I'm still trying to figure out what she has to do that involves pulling charts and reading them... We have a QA/QI person that's the appropriate level-she's the paid supervisor over the medics.. Feedback, anybody?



By that logic, I should not sit in on ground rounds because I am an EMT in room of MDs?  What about surgical M&Ms?

If the reason for disclosure is training or QI, then it is covered, even its "a medic level call".


----------



## Ewok Jerky (Apr 30, 2014)

I think HIPAA is more about the electronic transfer of information.  With all the EMRs, PACs, emailmydoctor@hospital.orgs, pagers, and general "electronicness" of healthcare, there is a lot of information that can be theived by tech savvy theives.  Why would anyone want protected health information? Who knows.  But I think the goal of HIPAA is to have anyone who is transfering information over the internet, take every precaution to encrypt and otherwise protect that information.  The goal is not to prevent casual conversation among EMS providers.  

That being said, I think we have always had an ethical obligation to protect our patients privacy.  

Their is nothing wrong with telling war stories (as long as they are good ones...and accurate).  How else are we supposed to learn critical thinking and problem solving skillz?


----------



## WuLabsWuTecH (Apr 30, 2014)

Privacy vs HIPAA.  The two are related, but not the same thing.

My general rule of thumb to protect patient privacy is to not repeat any information that 1) isn't public record and 2) if the patient/family heard the story, couldn't recognize that it was them I was talking about.

There are some people who like to pull the HIPAA card all the time.  One of my agencies doesn't bill.  It usually goes something like this:

Nurse/Tech/Other person "Uh... You can't do that, it's a violation of HIPAA!"
Us: "We don't bill.  AT ALL."
Nurse: "What does that have to do with anything?  You're still violating HIPAA!"

The other thing that people don't realize is that you can transmit this information (PHI) over the air on the radio even if you are covered under HIPAA if it is to facilitate patient care.  An example of dispatching that I like to give is a call to a apartment complex where dispatch doesn't know which apartment number the call came from.  You can ask for the resident's name if there is a directory in the lobby and dispatch can give it to you over the air.

Another example in hospital communications is if you are trying to get medical control to advise you with something.  Most often, EMS doesn't do anything that requires the name to be transmitted over the air, but there are some cases (especially in IFTs) where a name (or record number) might help facilitate things as you can look up a patient's chart with that information.  Once again, not a HIPAA violation just because it's PHI.


----------



## OnceAnEMT (Apr 30, 2014)

WuLabsWuTecH said:


> Privacy vs HIPAA.  The two are related, but not the same thing.
> 
> My general rule of thumb to protect patient privacy is to not repeat any information that 1) isn't public record and 2) if the patient/family heard the story, couldn't recognize that it was them I was talking about.
> 
> ...



Instructors always told my class to keep all of those situations off FCC comms and instead use a secure line if available, or just your own phone. Just putting out then insight, I've never been in either situation so I couldn't say what I did. Sounds like it is more of a protocol type of thing than anything else.


----------



## NomadicMedic (May 1, 2014)

It's funny, I find the nurses that quote HIPAA the most are usually the ones that don't want to do something for you. If you want some follow-up information on a patient, "no, sorry. That's a HIPAA violation." But they're the first ones to start yelling down the hall, or on the radio, "what's the patient's last name and Social Security number"

Yikes. 

Any information that you give the hospital, related to patient care is not a HIPAA violation, even if it can be "unintentionally overheard". Obviously, most of us have learned to be quiet with information that may be deemed "sensitive" but there's still no reason to totally shut down the flow of information based on HIPAA.


----------



## rails (May 1, 2014)

To address the OP's question, it can be a murky area.

I personally think that discussing calls from a _training_ perspective is fine, but it's very easy for it to become gossip. Protected health information (PHI) concerns also arise when the patient can be identified based on the conversation.

To me, it's often been an area where the golden rule seems to apply. If I was involved in a MVA and received medical care, I wouldn't mind if rough details were used for training purposes. But I probably would mind if it simply became a gossip-based discussion.


----------



## mizzcemtp (May 1, 2014)

This volunteer had us dispatched to her place of work prior to her getting there.  She waited 2 hours after the call was finished up, called from her desk at work-already having identified who the patient was-and wanted the particulars from the call. Chief complaint, treatment, where the patient was transported to in the hospital..etc.. I was standing in the bay with 3 other employees that were in the station to pick up their paychecks-on whose husband was with her and not an employee period. The volunteer accused me of insubordination because I didn't give her the information she wanted. Had nothing to do with training. By the way, this volunteer had our unit dispatched to this call-13 miles out of our district, and in another unit's district. Starting to see what I'm talking about?


----------



## OnceAnEMT (May 1, 2014)

Just because someone knows the Pt doesn't mean they have the right to know the case. 

Sounds like she's looking for action. Tell her to go to fire or medic school and get off volly.


----------



## mizzcemtp (May 1, 2014)

mizzcemtp said:


> This volunteer had us dispatched to her place of work prior to her getting there.  She waited 2 hours after the call was finished up, called from her desk at work-already having identified who the patient was-and wanted the particulars from the call. Chief complaint, treatment, where the patient was transported to in the hospital..etc.. I was standing in the bay with 3 other employees that were in the station to pick up their paychecks-on whose husband was with her and not an employee period. The volunteer accused me of insubordination because I didn't give her the information she wanted. Had nothing to do with training. By the way, this volunteer had our unit dispatched to this call-13 miles out of our district, and in another unit's district. Starting to see what I'm talking about?



My supervisor refused to write me up for insubordination, stating that I wasn't insubordinate-I was doing my job. She had the supervisor demoted and had me fired for insubordination. My patient on this call was unresponsive and unable to even sign for permission to transport. There are some things you just don't do, you know? It was wrong. Or in the least, I felt like it was an invasion of the patient's privacy. This volunteer is a big gossip and I felt like the patient should have been the one to let her know what her PHMx and other private matters were-if she wanted her to know.


----------



## NomadicMedic (May 1, 2014)

Boy. That got off the rails quickly. You have bigger issues than HIPAA.


----------



## OnceAnEMT (May 1, 2014)

mizzcemtp said:


> My supervisor refused to write me up for insubordination, stating that I wasn't insubordinate-I was doing my job. She had the supervisor demoted and had me fired for insubordination. My patient on this call was unresponsive and unable to even sign for permission to transport. There are some things you just don't do, you know? It was wrong. Or in the least, I felt like it was an invasion of the patient's privacy. This volunteer is a big gossip and I felt like the patient should have been the one to let her know what her PHMx and other private matters were-if she wanted her to know.



That was a bit of a sidewinder. Maybe I'm not getting the full story, but how exactly are full time employees fired by volunteers?

She doesn't sound like she is THAT good lookin'.


----------



## mizzcemtp (May 1, 2014)

Grimes said:


> That was a bit of a sidewinder. Maybe I'm not getting the full story, but how exactly are full time employees fired by volunteers?
> 
> She doesn't sound like she is THAT good lookin'.


Good question Grimes... Been trying to figure that one out myself.

And, No, she isn't that good lookin'.


----------



## mizzcemtp (May 1, 2014)

Grimes said:


> That was a bit of a sidewinder. Maybe I'm not getting the full story, but how exactly are full time employees fired by volunteers?
> 
> She doesn't sound like she is THAT good lookin'.


Medical Director told me I did the right thing. Question is this:  Do I stir up the pot and make it harder to find work down the road? Do I fight it? It should be a question of civil rights. But what is it gonna cost me in the long run? Can I change anything? It needs to be changed so badly. If you've been in EMS for any length of time, you know that admin is usually the root of all evil. This county is run by volunteers that tell you they don't fall under 'those' rules when it comes to EMS. It's sad. Several of the others that work there work under larger county systems, and they know better than that.


----------



## mizzcemtp (May 1, 2014)

Sorry DEmedic, but it's all about HIPAA and our right NOT to provide info when asked for it. This lady calls about all calls and asks for info. I've gone into the bathroom to avoid having to take her calls. She monitors calls from her public job with a handheld portable radio (she's been warned about this by her employer). The biggest issue I had with this call-even though I strongly feel that she shouldn't request any info on any patient-is that they are co-workers at this public company. It was just wrong.


----------



## Medic Tim (May 1, 2014)

mizzcemtp said:


> Sorry DEmedic, but it's all about HIPAA and our right NOT to provide info when asked for it. This lady calls about all calls and asks for info. I've gone into the bathroom to avoid having to take her calls. She monitors calls from her public job with a handheld portable radio (she's been warned about this by her employer). The biggest issue I had with this call-even though I strongly feel that she shouldn't request any info on any patient-is that they are co-workers at this public company. It was just wrong.




This is much much bigger than a simple hipaa violation. You may want to seek a legal opinion and talk to your states ems regulator. Are you municipal, volly, private? Who oversees the department? Who do they answer to? The answer to these should point you where to go. Having that woman as part of an organization is a huge liability .


----------



## NomadicMedic (May 1, 2014)

No. It's a personnel issue, not a HIPAA issue.


----------



## Handsome Robb (May 1, 2014)

Sounds like your agency should be made aware and she should be cut loose. Pretty damn simple.

I do wanna know why we can't talk about calls with no identifying information and why some people find that inappropriate. Medical people talking about medicine with another medical person seems fine to me... Everyone else talks to coworkers about their work why can't we?


----------



## OnceAnEMT (May 1, 2014)

Robb said:


> I do wanna know why we can't talk about calls with no identifying information



Since when?


----------



## mizzcemtp (May 1, 2014)

DEmedic said:


> No. It's a personnel issue, not a HIPAA issue.


It's a volunteer squad that's incorporated with the Vol Fire Dept. And the Corporate President at the time said that he and the volunteer in question here, were lifelong friends and if anyone was going to leave it would not be her. End of discussion. Keep in mind that I've always worked well with volunteers.. Seriously. Until her.


----------



## mizzcemtp (May 1, 2014)

DEmedic said:


> No. It's a personnel issue, not a HIPAA issue.


She is a volunteer captain in a volunteer county.  And according to the corporate president-FD and the rescue squad are incorporated-she wasn't going anywhere.


----------



## NomadicMedic (May 1, 2014)

And what part of "it's a personnel issue" are you not hearing? 

Just because she's BFFs with the past president doesn't excuse her behavior. 

So it sounds like you got fired, you've got some sour grapes… And you didn't seek out an attorney. 

Either get legal counsel or get over it.


----------



## mizzcemtp (May 1, 2014)

DEmedic said:


> And what part of "it's a personnel issue" are you not hearing?
> 
> Just because she's BFFs with the past president doesn't excuse her behavior.
> 
> ...


Are you union where you are? What kind of legal counsel would you seek out? I'm serious. This kind of thing needs to be corrected in EMS. It's part of what keeps the 'respect' issue going. Some volunteers are great. Others, like this one, hurt this profession so badly.. By pulling stunts like this and thinking they are above silly old rules..


----------



## Ewok Jerky (May 1, 2014)

Depending on how your squad is set up, I think a supervisor has the right to know details of calls as it has to do with operations (General Healthcare Operations).  

I would hope a supe who is personal with a patient would not cross any ethical boundries, but I was routinely asked about details of lots of runs by my supe.  Maybe they were looking at resource management, interaction with dispatch, interaction with specific fire crews or agencies, checking on my partner, who knows.  That is why they are a supe, they know more about the Operation of the organization than I do.  

But I agree, it sounds like you have a bigger issue than a possible HIPAA violation going on here.  Was there ever a formal complaint from the Pt?  Was the supe's behavior any different with this call than other calls?  Did you have other beefs with her or other squad members besides this one issue with this one Pt?  I would be interested to hear HER side of the story too.

If you think you were wrongly terminated (or did you quit?) you should speak to an attorny.  Doesn't matter if you are union or not.  Wait, are you a volunteer?  

This whole thing really doesn't make any sense to me :glare:


----------



## mizzcemtp (May 1, 2014)

beano said:


> Depending on how your squad is set up, I think a supervisor has the right to know details of calls as it has to do with operations (General Healthcare Operations).
> 
> I would hope a supe who is personal with a patient would not cross any ethical boundries, but I was routinely asked about details of lots of runs by my supe.  Maybe they were looking at resource management, interaction with dispatch, interaction with specific fire crews or agencies, checking on my partner, who knows.  That is why they are a supe, they know more about the Operation of the organization than I do.
> 
> ...



Doesn't make a lot of sense. The supervisor is the one that QA'd the call. She was medic level-also paid. No, I am not a volunteer. The supervisor was also punished by demotion and a cut in her hours. The volunteer captain is intermediate level. In charge of the volunteers and the building, maintenance, etc.... There were no medic volunteers.


----------



## Ewok Jerky (May 1, 2014)

So a volunteer fire captain, who is not your direct supervisor, had you fired and the EMS supervisor demoted? Because you would not disclose the details of an EMS run in her district?

If this is what you are saying then either A) there is more to the story, B) this is a jacked up system that you are better off not being associated with.

Also, level of training has no bearing on subordination.  Corporate structure, and thus "subordination" is entirely different than level of medical training.


----------



## rails (May 1, 2014)

beano said:


> So a volunteer fire captain, who is not your direct supervisor, had you fired and the EMS supervisor demoted? Because you would not disclose the details of an EMS run in her district?
> 
> If this is what you are saying then either A) there is more to the story, B) this is a jacked up system that you are better off not being associated with.
> 
> <snip>



Agreed. While it could potentially be worth consulting an attorney, my gut feel is simply move on and be glad to not be associated with them any longer. In most parts of the country, paramedics seem to be in pretty high demand, and I imagine that finding another (better) assignment wouldn't be too difficult.


----------



## mizzcemtp (May 1, 2014)

beano said:


> So a volunteer fire captain, who is not your direct supervisor, had you fired and the EMS supervisor demoted? Because you would not disclose the details of an EMS run in her district?
> 
> If this is what you are saying then either A) there is more to the story, B) this is a jacked up system that you are better off not being associated with.
> 
> Also, level of training has no bearing on subordination.  Corporate structure, and thus "subordination" is entirely different than level of medical training.


I know it sounds completely ludicrous.. Trust me. It was a volunteer rescue squad captain. In a system that has 7 individual rescue squads in different districts, that each have an individual franchise issued by the county to run independently. This captain called dispatch from her personal cell phone while she was on her way to work and had our unit sent into another rescue squad's district-13 miles out of our own district-to her public job. After the call was completed, and my paid supervisor had already QA'd my pcr, this volunteer captain called from her public job and wanted to know what was wrong with the patient (her co-worker) what was done treatment-wise on the unit, and where in the hospital the patient was transported to. Not a joke. I was standing in the bay at work when the call from her came in. There were 3 other people standing within 10 feet of me (it was payday, and two employees and the husband on one of them was standing right there beside me). I was extremely nice to her, but I didn't give her the answers she asked for. When she blew up at me on the phone, I told her I wasn't comfortable answering what she was asking for as it could be a HIPAA issue, and the patient had not been able to receive/sign any privacy info-she was unresponsive at the time. 

I know this sounds far fetched and unreal-but it happened. She waited 31 days-and had no communication with me at all during this time. I had been there 5 years. There was no grievance policy in place. No formal write up-because my supervisor had told her that I had just been doing my job. There was nothing. Sound unreal? It does. I know. If there had been any type of organization in place in this county, it would never have happened. How many other counties do you know of that would allow a citizen to call dispatch and have an ambulance dispatched out of their district 13 miles when they were within 4 miles of the next available service? There is also no dispatch policy in place. Not a joke either.....


----------



## mizzcemtp (May 1, 2014)

rails said:


> Agreed. While it could potentially be worth consulting an attorney, my gut feel is simply move on and be glad to not be associated with them any longer. In most parts of the country, paramedics seem to be in pretty high demand, and I imagine that finding another (better) assignment wouldn't be too difficult.


The only problem with 'tucking my tail' and moving on is that if somebody somewhere doesn't do something to stop this type of behavior in regards to EMS where volunteers are involved, it will continue on. The paid staff with this particular group of volunteers were professionals. The volunteers were not. This is a problem with a lot of rural volunteers. And then you have the volunteers that are truly dedicated and use their volunteer status to initiate careers in EMS. Unfortunately, we see a serious lack of respect for 'professional paid staff' in this county. And a lot of it has to do with the fact that nobody has ever tried to stop them. My Lord, we all just want the patients to receive the best quality treatment, and have to fight the volunteers because they (people like this captain) feel as though they are 'above' the rules/regulations, and silly things like the federal HIPAA ruling, OSHA standards, and standards of care. More than once, this captain has remarked 'That doesn't apply to us because we're volunteers'. Does it? I mean really??


----------



## Ewok Jerky (May 1, 2014)

mizzcemtp said:


> The only problem with 'tucking my tail' and moving on is that if somebody somewhere doesn't do something to stop this type of behavior in regards to EMS where volunteers are involved, it will continue on.



Then speak with an attorney or your State Rep.




mizzcemtp said:


> My Lord, we all just want the patients to receive the best quality treatment, and have to fight the volunteers because they (people like this captain) feel as though they are 'above' the rules/regulations, and silly things like the federal HIPAA ruling, OSHA standards, and standards of care. More than once, this captain has remarked 'That doesn't apply to us because we're volunteers'. Does it? I mean really??



I don't think HIPAA does apply to certain volunteer organizations.  But again, you should speak with an attorney.

Or better yet file a complaint with the feds:

http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html


----------



## mycrofft (May 2, 2014)

Write to your EMSA and the local newspaper, then move away quick.


----------



## vc85 (May 3, 2014)

Technically your captain might be right.

My understanding is that HIPAA only applies "covered entity" if either:

1. Your agency bills health insurance (it is called the HEALTH INSURANCE portability and accountability act)

or

2. You use electronic medical records.

It is quite possible that a volunteer agency doesn't do either and is thus not covered.

*NOTE: I'm am not a HIPAA lawyer so don't take what I say as gospel.  Also, the above only refers to HIPAA, other confidentiality rules including common law right to privacy may still apply


----------



## mizzcemtp (May 4, 2014)

vc85 said:


> Technically your captain might be right.
> 
> My understanding is that HIPAA only applies "covered entity" if either:
> 
> ...


The software that is used is formatted by Zoll and electronically transmitted to the Fire Marshall's office, where the billing to Healthcare companies is performed. There is only one Medicare number for the entire county, so each little rescue squad transmits their pcrs to this office.

The only confidentiality laws I know about, or have been trained in, is the HIPAA federal ruling. Did not know there was a common law right to privacy..


----------



## Medic Tim (May 4, 2014)

mizzcemtp said:


> The software that is used is formatted by Zoll and electronically transmitted to the Fire Marshall's office, where the billing to Healthcare companies is performed. There is only one Medicare number for the entire county, so each little rescue squad transmits their pcrs to this office.
> 
> The only confidentiality laws I know about, or have been trained in, is the HIPAA federal ruling. Did not know there was a common law right to privacy..



This question is most likely going to sound condescending and rude, but I do not mean it that way.

How have you been a medic for as long as you have been and not know about the confidentiality laws and rules that apply to you?

I see this as a system failure of epic proportions.  This idiot captain or whatever she is seems to be the tip of the iceberg.


----------



## OnceAnEMT (May 4, 2014)

vc85 said:


> Technically your captain might be right.
> 
> My understanding is that HIPAA only applies "covered entity" if either:
> 
> ...



No sir. Do net let the word "insurance" narrow your mind here. 



			
				HIPAA Info said:
			
		

> Protected Health Information. The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."12
> 
> “Individually identifiable health information” is information, including demographic data, that relates to:
> 
> ...



Where as the Privacy Rule is a statute of HIPAA, the covered entity is a healthcare provider, and the business associate is the biller/billing company. 

http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html

I am confused as to why there is a belief in grey area with these rules. Don't relate your stories to your Pts. Need to transport your Pt through the waiting room to get to the right department? Do it, but consider advocating for your Pt by telling them first and asking them if you can do anything to make them comfortable during the process. Nurse yelling Pt info down the hallway? It's provider to provider, hopefully he/she is reprimanded for inappropriate behavior. Nurse saying you're violating HIPAA? Do what I guarantee you that your system's policy says, and ask if she'd like to file a complaint and written testimony, while you maintain a satisfied smile. 

About the "not applying to volunteers" bit, being a volunteer doesn't mean anything. There are volunteer fire fighters, EMTs, SAR medics, etc. It's not "volunteer" that matters, its that fact that we are healthcare providers that are part of a Pts continuity of healthcare. If she has no effect on this persons health, and doesn't fall under any category in the Permitted Use and Disclosure section of the link above (which I strongly recommend everyone read, I'm glad I did), then she doesn't get to know. 

If your captain of a city system comes to your station in the evening and asks how your day went, you can tell him/her your calls. If he/she asks the name of one of the Pts, you can say that disclosing the information would be a HIPAA violation. Sound like a silly situation? Yes, because professionals don't put themselves in that situation. 

I can't speak for much as I haven't been in a situation in EMS where legal actions may or may not involve me. But my suggestion is if you feel it is right, pursue it. Don't let someone else's wrong doing put you in a corner.


----------



## mizzcemtp (May 4, 2014)

Medic Tim said:


> This question is most likely going to sound condescending and rude, but I do not mean it that way.
> 
> How have you been a medic for as long as you have been and not know about the confidentiality laws and rules that apply to you?
> 
> I see this as a system failure of epic proportions.  This idiot captain or whatever she is seems to be the tip of the iceberg.


No insult taken... The only confidentiality law that we have been trained in in HIPAA. This is North Carolina, and there are rural areas that aren't even compliant with SOGs/SOPs. This captain wasn't even qualified to hold that position-and that was according to their own bylaws. But as you have seen, the only responses include, basically - turn them in and run.. It's a scary proposition. But in my heart, I know it needs to change. 

When we're trained to function one way, and someone else tells us that our training doesn't matter, who do we turn to? We can ask each other questions all day long, and sometimes-just sometimes-a complete stranger-can put the answers directly in front of us. Know this-this captain has not stopped doing this. She is a gossip, and will not allow these files to be stored as required. She has also threatened others. I am most assuredly not gutless or un-educated, but I do not wish to commit professional suicide. I've covered a lot of bases-according to what I know-but if there is anything else I can pull up, I will. I do not intend to use anything childish or stupid, but if there are any other laws out there regarding patient confidentiality, I would like to know. My patient-the one the captain was requesting info on-was not only unresponsive, she and the captain were co-workers at the same public job.... Any advice?


----------



## Medic Tim (May 4, 2014)

mizzcemtp said:


> No insult taken... The only confidentiality law that we have been trained in in HIPAA. This is North Carolina, and there are rural areas that aren't even compliant with SOGs/SOPs. This captain wasn't even qualified to hold that position-and that was according to their own bylaws. But as you have seen, the only responses include, basically - turn them in and run.. It's a scary proposition. But in my heart, I know it needs to change.
> 
> When we're trained to function one way, and someone else tells us that our training doesn't matter, who do we turn to? We can ask each other questions all day long, and sometimes-just sometimes-a complete stranger-can put the answers directly in front of us. Know this-this captain has not stopped doing this. She is a gossip, and will not allow these files to be stored as required. She has also threatened others. I am most assuredly not gutless or un-educated, but I do not wish to commit professional suicide. I've covered a lot of bases-according to what I know-but if there is anything else I can pull up, I will. I do not intend to use anything childish or stupid, but if there are any other laws out there regarding patient confidentiality, I would like to know. My patient-the one the captain was requesting info on-was not only unresponsive, she and the captain were co-workers at the same public job.... Any advice?



If this happened in my area our licensing/ regulatory board would have a field day with this. Every state or county or whatever has rules and regulations pertaining to how confidential info is handles and stored. Here a provider can be investigated for ethical/moral/ professional conduct to other providers. This also seems to be a hostile work environment . Personally I would contact a lawyer an the state regulatory body .


----------



## vc85 (May 4, 2014)

Here is the privacy rule and who it applies to:

Health Care Providers. *Every health care provider, regardless of size, who electronically transmits health information in connection with certain transactions, is a covered entity. These transactions include claims, benefit eligibility inquiries, referral authorization requests, or other transactions for which HHS has established standards under the HIPAA Transactions Rule.6 *_Using electronic technology, such as email, does not mean a health care provider is a covered entity_; the transmission must be in connection with a standard transaction. The Privacy Rule covers a health care provider whether it electronically transmits these transactions directly or uses a billing service or other third party to do so on its behalf. 

It does seem to be a bit more complicated than first blush


----------



## OnceAnEMT (May 4, 2014)

vc85 said:


> Here is the privacy rule and who it applies to:
> 
> Health Care Providers. *Every health care provider, regardless of size, who electronically transmits health information in connection with certain transactions, is a covered entity. These transactions include claims, benefit eligibility inquiries, referral authorization requests, or other transactions for which HHS has established standards under the HIPAA Transactions Rule.6 *_Using electronic technology, such as email, does not mean a health care provider is a covered entity_; the transmission must be in connection with a standard transaction. The Privacy Rule covers a health care provider whether it electronically transmits these transactions directly or uses a billing service or other third party to do so on its behalf.
> 
> It does seem to be a bit more complicated than first blush



Not to quote myself, but...



			
				Grimes said:
			
		

> Protected Health Information. The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI).



Unfortunately the summary information sections define multiple things multiple times. But I assure you, HIPAA has never been limited to electronic transmission.

That said, again, if the person who wants to receive the information does not fall under any of the categories defined in the Permitted Use and Disclosure section, that person shouldn't get any information. Period.


----------



## mizzcemtp (May 4, 2014)

Grimes said:


> Not to quote myself, but...
> 
> 
> 
> ...


That's trying to fall back on the rule itself. There's also a section #160.316 art. C, that states that there is to be no retaliation of any kind against a provider as long as the provider is acting in good faith to protect the patient's PHI. Period. That didn't seem to matter either. There has never been  a HIPAA class taught in this particular county. The majority of us that were working there knew and understood because we worked someplace else and were trained in different counties. That's why the 'We're volunteers and we don't have to do that' mentality is ridiculous in this county. I do understand... I just don't know how to get my point across. By the way, DHHS is totally useless when you try to get info on this topic, and the state agency here says that it's a DHHS problem. Nice triangle, right?


----------



## OnceAnEMT (May 4, 2014)

Just to clarify, I'm defending you, not her. As was said before, she's got more of an issue than HIPAA.


----------



## mizzcemtp (May 4, 2014)

Grimes said:


> Just to clarify, I'm defending you, not her. As was said before, she's got more of an issue than HIPAA.


Oh, we know. And it's appreciated.. She has multiple problems. I know that legally, she couldn't retaliate against me, but who's gonna defend me? State says it's not liable for any individual county action. This is because the state released implementation of EMS to each individual county as they see fit. As I said, there were no SOGs/SOPs in place, no HIPAA compliance officer, no OSHA compliance officer, an intermediate level captain running around with a key to the narc cabinet because she threw a fit to have her own personal one.... And no SOGs/SOPs regarding dispatch for all branches-and I know that sounds like a lie but it is not.... That's how she managed to call and have us dispatched out of our district into another unit's district.. From her cell phone.


----------



## OnceAnEMT (May 4, 2014)

Hope y'all never found yourself in a position where ICS is being used across district lines. That'll be the day she's ruined I'm sure.


----------



## Ewok Jerky (May 5, 2014)

mizzcemtp said:


> .... Any advice?



Yes, talk to a lawyer.

You aren't going to get appropriate or accurate legal advice on an internet forum.


----------



## mizzcemtp (May 5, 2014)

I intend to. Sometimes it helps when others that you're not connected to can see the problem with clarity. Our connection here is that we're all EMS, but not in a 'friendly' capacity. We would help each other, but not because we 'hang out' together. There were other factors that were involved, but if you had trouble believing what Ive posted so far, the other things involved would blow your mind. And it's all verifiable and witnessed. Not a joke....


----------

