DesertEMT66
Premium+ Member
Forum Troll
DesertEMT66's Avatar
Join Date: Jan 2011
Location: Middle of No Where, CaliforniaPosts: 5,338
Training: EMT-B/EMT-1
DesertEMT66 is from California and that is who I was replying to.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Ekgs on the bls level
- Thread starter CobraIV
- Start date
DesertEMT66
Premium+ Member
Forum Troll
DesertEMT66's Avatar
Join Date: Jan 2011
Location: Middle of No Where, CaliforniaPosts: 5,338
Training: EMT-B/EMT-1
DesertEMT66 is from California and that is who I was replying to.
Oh heck, I can't hold back, I'll help you a bit.
Try looking here: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/
or just trust me that the government said this:
"De-Identified Health Information. There are no restrictions on the use or disclosure of de-identified health information.14 De-identified health information neither identifies nor provides a reasonable basis to identify an individual. There are two ways to de-identify information; either: (1) a formal determination by a qualified statistician; or (2) the removal of specified identifiers of the individual and of the individual’s relatives, household members, and employers is required, and is adequate only if the covered entity has no actual knowledge that the remaining information could be used to identify the individual.15"
never mind exemptions for company operations...like quality improvement (which I admit may depend on an organized QA/QI follow up program...but that's another issue)
Edited to add: I don't doubt that you'll ignore this again, but here goes: OK, Desert is in CA, so define PHI either federally or in the fiefdom of California. Thanks.
Try looking here: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/
or just trust me that the government said this:
"De-Identified Health Information. There are no restrictions on the use or disclosure of de-identified health information.14 De-identified health information neither identifies nor provides a reasonable basis to identify an individual. There are two ways to de-identify information; either: (1) a formal determination by a qualified statistician; or (2) the removal of specified identifiers of the individual and of the individual’s relatives, household members, and employers is required, and is adequate only if the covered entity has no actual knowledge that the remaining information could be used to identify the individual.15"
never mind exemptions for company operations...like quality improvement (which I admit may depend on an organized QA/QI follow up program...but that's another issue)
Edited to add: I don't doubt that you'll ignore this again, but here goes: OK, Desert is in CA, so define PHI either federally or in the fiefdom of California. Thanks.
Last edited by a moderator:
Obviously I didn't give them a copy but another tech did because they were up her a $$.
So my question lies with if a bls crew ask for a copy of the ekg do I give it to them? I understand if they need it as a study aid for medic school but it falls under hippa laws. The pts name, med rec, social are on the ekg as well as my name. This isnt a face sheet thats going with the report , they wanted it for :censored::censored::censored::censored:s and giggles. If its so important for their "studies" couldn't a clinical instructor provide their students with an ekg?
Okay let me address the OP.
The OP obviously knows the HIPAA policy and hospital policies he is in. The OP is directly responsible for this part of the patient record. Yes, an ECG is part of the patient record. This is medical information about the patient. This is medical information about the patient regardless of what state it is in. HIPAA may concern itself with electronic transfer of data but the actual medical information data is and has been protected for decades long before HIPAA.
The OP may have to answer for any extra copies printed by the machine. This is also why hospitals are going to electronic ECGs and eliminating the need for paper copies.
And, at no time should anybody be up someone's *** to give out copies of the patient's chart.
The OP is correct for protecting the patient's medical data and probably should rethink giving out copies to the others also. It could bite him later.
Oh heck, I can't hold back, I'll help you a bit.
Try looking here: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/
or just trust me that the government said this:
"De-Identified Health Information. There are no restrictions on the use or disclosure of de-identified health information.14 De-identified health information neither identifies nor provides a reasonable basis to identify an individual. There are two ways to de-identify information; either: (1) a formal determination by a qualified statistician; or (2) the removal of specified identifiers of the individual and of the individual’s relatives, household members, and employers is required, and is adequate only if the covered entity has no actual knowledge that the remaining information could be used to identify the individual.15"
never mind exemptions for company operations...like quality improvement (which I admit may depend on an organized QA/QI follow up program...but that's another issue)
Edited to add: I don't doubt that you'll ignore this again, but here goes: OK, Desert is in CA, so define PHI either federally or in the fiefdom of California. Thanks.
Patient privacy laws mean their treatment and medical records will not be made public or given out just for the asking by any one. Would you want everyone to know about your family's medical problems to be discussed at the local diner? How many abortions your sister had? What sexually transmitted diseases you have been treated for? What about the back injuries or cardiac problems you have been trying to keep from your employer? This is your personal medical information. It should not be given out to anyone who thinks it is cool and could be left for others to know your business also.
At some time you have to use some common sense and know your own state laws. Also, have you never read the privacy laws which are posted everywhere in hospitals and in brochures at the bedsides. No it is not appropriate to take medical information about a patient from a chart without further authorization and an explanation of your intentions.
Last edited by a moderator:
DesertMedic66
Forum Troll
- 11,275
- 3,457
- 113
Patient privacy laws mean their treatment and medical records will not be made public or given out just for the asking by any one. Would you want everyone to know about your family's medical problems to be discussed at the local diner? How many abortions your sister had? What sexually transmitted diseases you have been treated for? What about the back injuries or cardiac problems you have been trying to keep from your employer? This is your personal medical information. It should not be given out to anyone who thinks it is cool and could be left for others to know your business also.
At some time you have to use some common sense and know your own state laws. Also, have you never read the privacy laws which are posted everywhere in hospitals and in brochures at the bedsides. No it is not appropriate to take medical information about a patient from a chart without further authorization and an explanation of your intentions.
If there is no patient info on the 12-lead then your first paragraph is pointless. That's one of the nice things about not having any patient identifiers.
If there is no patient info on the 12-lead then your first paragraph is pointless. That's one of the nice things about not having any patient identifiers.
But the ECG machine will know another copy was made which is not accounted for. Electronic foot prints are a reality and hard to fight if your name is one them.
How you use this information when you talk about it in public such as "the guy in the MVC" at 5th and Elm, will be identifiers.
Just refrain from feeling you are entitled or asking hospital employees for information they are reluctant to give which should be obtained through the proper channels. They are taking a risk for you.
You can also email this discussion to the risk managers and HR at the local hospitals to see what they think. That probably would be the best way to learn the policies of the hospital and the state. I will probably do that any way to see if there are any updates in California since they are the first to know. I think hospitals should be aware of any breaches which might be happening since the consequences for the employee and the hospital are very real.
Last edited by a moderator:
DesertMedic66
Forum Troll
- 11,275
- 3,457
- 113
But the ECG machine will know another copy was made which is not accounted for. Electronic foot prints are a reality and hard to fight if your name is one them.
How you use this information when you talk about it in public such as "the guy in the MVC" at 5th and Elm, will be identifiers.
Just refrain from feeling you are entitled or asking hospital employees for information they are reluctant to give which should be obtained through the proper channels. They are taking a risk for you.
You can also email this discussion to the risk managers and HR at the local hospitals to see what they think. That probably would be the best way to learn the policies of the hospital and the state. I will probably do that any way to see if there are any updates in California since they are the first to know. I think hospitals should be aware of any breaches which might be happening since the consequences for the employee and the hospital are very real.
We use a copy machine to make copies, I'm sure they can print several copies from the machine but never have I seen them do it.
If talking about an accident on a street is a violation then probably every provider (or at least the ones who teach) is guilty.
If I hear a dispatch for a male having a heart attack at 1234 Banana street, doing a little bit of research I can find out information. By your standards that is a violation.
How you use this information when you talk about it in public such as "the guy in the MVC" at 5th and Elm, will be identifiers.
That would be a violation all on its own, and would happen regardless of the EKG copy - nothing to do with the act of giving a crew involved in the patients care a redacted EKG.
Hospital policy may indeed prohibit sharing of EKG's. None of us have any idea if this is the case in the OP's hospital, and honestly I doubt he does either, else he would not have asked here. If it is hospital policy, I would say it's a stupid one probably based on over-reading the HIPAA privacy rule.
There are very good reasons for encouraging educational discussion of patients among providers and making it easy for EMS providers to follow up on patients or gather more information about them.
I have little doubt that a non-clinician bureaucrat like a risk manager could care less about improving clinical practice when compared with the (erroneously) perceived risk of a HIPAA violation, but that doesn't make for good policy.
I would of course object to overhearing any provider discuss my sister's abortions in a restaurant, but if I overheard an EMS crew talking about an interesting nuance of an ECG from an interesting but anonymous case, I'd probably be impressed that they cared enough to learn from their experience.
If I hear a dispatch for a male having a heart attack at 1234 Banana street, doing a little bit of research I can find out information. By your standards that is a violation.
That is not a medical record. And the person has not been stated to be a resident or owner at that address.
However, the first decade of HIV changed a lot when dispatch or the EMTs/Paramedics were saying "Be advised the resident at that address has HIV or AIDS". EMS also used to identify the patient by SS# on the air to dispatch for billing ID.
That would be a violation all on its own, and would happen regardless of the EKG copy - nothing to do with the act of giving a crew involved in the patients care a redacted EKG.
Hospital policy may indeed prohibit sharing of EKG's. None of us have any idea if this is the case in the OP's hospital, and honestly I doubt he does either, else he would not have asked here. If it is hospital policy, I would say it's a stupid one probably based on over-reading the HIPAA privacy rule.
There are very good reasons for encouraging educational discussion of patients among providers and making it easy for EMS providers to follow up on patients or gather more information about them.
I have little doubt that a non-clinician bureaucrat like a risk manager could care less about improving clinical practice when compared with the (erroneously) perceived risk of a HIPAA violation, but that doesn't make for good policy.
I would of course object to overhearing any provider discuss my sister's abortions in a restaurant, but if I overheard an EMS crew talking about an interesting nuance of an ECG from an interesting but anonymous case, I'd probably be impressed that they cared enough to learn from their experience.
No it is not stupid to protect patients' medical information. Even teaching hospitals have to know the boundaries of using certain information for education.
We don't know the intent of these EMTs. Bragging rights? Cool call with the guy in Bed 2 and this is his ECG... Is it a celebrity's ECG and you want to show it around? Another co-worker's ECG? Isn't it a double standard for you not wanting to hear about your sister's abortions but willing to hear about the guy next door who has a cardiac condition which could be career ending and he hasn't told anyone yet? Isn't that personal to him and his family also?
You also keep bringing up HIPAA. The state also has certain privacy rules. The hospitals must protect everyone equally and the rules should apply to all.
DesertMedic66
Forum Troll
- 11,275
- 3,457
- 113
No it is not stupid to protect patients' medical information. Even teaching hospitals have to know the boundaries of using certain information for education.
We don't know the intent of these EMTs. Bragging rights? Cool call with the guy in Bed 2 and this is his ECG... Is it a celebrity's ECG and you want to show it around? Another co-worker's ECG? Isn't it a double standard for you not wanting to hear about your sister's abortions but willing to hear about the guy next door who has a cardiac condition which could be career ending and he hasn't told anyone yet? Isn't that personal to him and his family also?
You also keep bringing up HIPAA. The state also has certain privacy rules. The hospitals must protect everyone equally and the rules should apply to all.
As it has been stated many times before black out all the patient info on the EKG. Now there is no way to tell if it is your dad, a famous celebrity, or John Q Citizen.
Bottomline as it pertains to the original post. Don't beg or harass for copies of a medical record you are not entitled to. It just shows a great disrespect fot that employee and could put their job in jeopardy. Their bosses will not know what info was blacked out. If you still want a copy go through the proper channels. If not, you probably know you are skirting the lines and know the direct responsibility will fall to the one giving the ECG.
Desert, I still suggest you definitely go through the proper channels and talk to the hospital risk management.
BTW, you do know copy machines store the image? This is why you don't make copies of personal data at Office Depot.
Desert, I still suggest you definitely go through the proper channels and talk to the hospital risk management.
BTW, you do know copy machines store the image? This is why you don't make copies of personal data at Office Depot.
Last edited by a moderator:
DesertMedic66
Forum Troll
- 11,275
- 3,457
- 113
Bottomline as it pertains to the original post. Don't beg or harass for copies of a medical record you are not entitled to. It just shows a great disrespect fot that employee and could put their job in jeopardy. Their bosses will not know what info was blacked out. If you still want a copy go through the proper channels. If not, you probably know you are skirting the lines and know the direct responsibility will fall to the one giving the ECG.
Desert, I still suggest you definitely go through the proper channels and talk to the hospital risk management.
BTW, you do know copy machines store the image? This is why you don't make copies of personal data at Office Depot.
Yes I am aware that copy machines store images. If that is a issue why are medical records put thru copy machines at every hospital that I have ever been to?
Yes I am aware that copy machines store images. If that is a issue why are medical records put thru copy machines at every hospital that I have ever been to?
That is why most of these machines now have coded access.
You are missing the point. Electronic footprints will catch up with someone eventually. You don't seem to appreciate the risks someone is taking for you.
DesertMedic66
Forum Troll
- 11,275
- 3,457
- 113
That is why most of these machines now have coded access.
You are missing the point. Electronic footprints will catch up with someone eventually. You don't seem to appreciate the risks someone is taking for you.
Coded access as in you have to have a code to use it? If that's what you are meaning, I have yet to see a hospital with it.
Coded access as in you have to have a code to use it? If that's what you are meaning, I have yet to see a hospital with it.
I don't know which hospitals you are referring to specifically. But I do know some of the hospitals you have mentioned on this forum do have codes for their copy machines as well as the door to the room they are in. This was an issue for security when we were doing the EMR upgrades for the hospitals in your area.
DesertMedic66
Forum Troll
- 11,275
- 3,457
- 113
I don't know which hospitals you are referring to specifically. But I do know some of the hospitals you have mentioned on this forum do have codes for their copy machines as well as the door to the room they are in. This was an issue for security when we were doing the EMR upgrades for the hospitals in your area.
Uhhh no. Maybe on the floor they do but in the ERs negative.
I will be at a hospital just south of you for another 2 weeks. I will check with the facilities in your area we helped with their EMRs. It is not good if info is easily accessible to non hospital employees. The ED would be a weak spot with many distractions.Uhhh no. Maybe on the floor they do but in the ERs negative.
DesertMedic66
Forum Troll
- 11,275
- 3,457
- 113
I will be at a hospital just south of you for another 2 weeks. I will check with the facilities in your area we helped with their EMRs. It is not good if info is easily accessible to non hospital employees. The ED would be a weak spot with many distractions.
Then you may want to visit other hospitals that are not in CA.
Then you may want to visit other hospitals that are not in CA.
I have been. Most recently some in Washington and Oregon. California is not my home state.
There is a nationwide push for hospitals and medical offices to upgrade their EMRs and data security. This is nothing new but it takes time for a system to be built which includes many areas...even ECGs.