HIPAA question

F

firemedic0227

Forum Lieutenant
Messages
127
Reaction score
0
Points
16
So while sitting around the station kitchen table this morning enjoying a cup of Coffee, my crew and I got into talking about HIPAA. One crew member stated that it's a violation of HIPAA to talk about any call. For reference, lets say I ran a call last night where someone was possibly shot but instead they were cut by a chainsaw, and I mentioned to someone on the crew that I ran that call and thats all the information I put out about the call. This certain crew member stated that you are in violation of HIPAA due to the information you just stated. I have just never heard that before, I have been under the understanding that HIPAA protects personal identifiable information.
 
Sometimes I just don't know anymore, there are way too many HIPPA* police out there.

If you don't give away any protected health information (PHI), it's not a violation. Sometimes PHI is allowed to be used, but only for "treatment, billing, and healthcare operations". Example of PHI being used is dispatchers saying the address of where the incident is at, or a certified medical assistant saying the patient's first and last name in a waiting room full of other patients "We're ready to see you Mr. Smith".

Something I've been confused about is determining if someone is a HIPAA entity, primarily fire stations. I guess if you do not electronically bill, you are not a HIPAA entity. Electronically bill does not mean ePCRs, I guess it means any form of electronics like scanning the PCR too.

Just because you are or are not a HIPAA entity doesn't mean you agency policies are the same or higher standards of HIPAA, or specific State laws. For example, an agency may have a policy that says you are not allowed to discuss any calls on Facebook, or anything user generated, social media, even if PHI isn't included. HIPAA may not be violated, but your agency policy were violated.

Your agency may have a privacy officer, or a similar title, who you can ask more questions about HIPAA and your agencies policies and protocols that pertain to patients' privacy.

*I purposely said "HIPPA" cause people who tend to tell me something is a "HIPPA" violation don't even know how to spell it, and that's how I imagine they say "that's a HIPPA violation!" and how they'd spell "HIPPA police". I've been told some things are HIPPA violations that clearly weren't HIPAA violations.

It's usually not OK to disclose PHI unless it's for "treatment, billing, and heathcare operations". Discussing calls with other co-workers without including PHI while at work is usually OK, but you may want to talk with your agency's privacy officer, or a similar title, to determine what's OK. Your agency's policies/standards may be equal to or higher than HIPAA.
 
Last edited by a moderator:
Thanks for your reply. We are not allowed to talk about calls on social media at all. They don't even like us taking pictures in house and posting them to social media without prior approval. No PHI was given when we sat around our cups of coffee and talked about this certain call another co worker had. I tried to argue my point and I was told I was wrong. My counter was, when there is something like a shooting around my area the news usually video tape the location and the person being loaded in the back of the ambulance, how is that not a violation but what I said could be considered a violation, not a system violation but an actual HIPAA Violation on a national level.
 
arharris83 said:
Thanks for your reply. We are not allowed to talk about calls on social media at all. They don't even like us taking pictures in house and posting them to social media without prior approval. No PHI was given when we sat around our cups of coffee and talked about this certain call another co worker had. I tried to argue my point and I was told I was wrong. My counter was, when there is something like a shooting around my area the news usually video tape the location and the person being loaded in the back of the ambulance, how is that not a violation but what I said could be considered a violation, not a system violation but an actual HIPAA Violation on a national level.
Click to expand...
The news isn't a HIPAA entity.

By the way, refer to http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html, which after reading, you may use as a source to backup what your argument.
 
Last edited by a moderator:
The fact that somebody told you that you were in violation tells us all we need to know about that person. Like it or not, end of shift "stories" happen all the time. These "stories" have taken place at every place I have ever worked. On coming shift comes on and asks "how was your night?" No one has ever answered with "that's a HIPAA violation."
 
truetiger said:
The fact that somebody told you that you were in violation tells us all we need to know about that person. Like it or not, end of shift "stories" happen all the time. These "stories" have taken place at every place I have ever worked. On coming shift comes on and asks "how was your night?" No one has ever answered with "that's a HIPAA violation."
Click to expand...

I agree with this. Crews always talk to each other about their calls. But there are some people that you have to be careful telling them certain things! I think if you don't go into very specifics you are fine but just be careful what you say and who you say it to.
 
In order for something to be a HIPAA violation it has to be unauthorized disclosure of Personal Health Information. That means it has to be identifiable.

Saying "Some guy got shot last night" NOT a HIPAA violation

Saying " John Doe, who is 40 years old and lives at 123 Main Street, got shot in the chest and punctured a lung." may well be a HIPAA violation depending on who it's said to and why.

Now this only applies to the HIPAA law. Your agency/company of course can have more restrictive confidentiality rules.
 
Honestly from what I gather apparently most people have their own "interpretation of HIPAA" for my company its whether it benefits them.

Sitting at the table discussing calls over coffee isn't a HIPAA violation. Stating patients names is a HIPPA violation.

Dispatch stating locations of where the unit is to respond to, is not a HIPAA violation as it pertains to operation requirements,

When you go to the doctors office and they call your name out in the waiting room for you to be seen is not a HIPAA violation.

If the Receptionist or Nurse calls your name out in the waiting room as states "your being seen today because you have a herpes flare up?" thats a technical foul.


Most companies have Social Media policies in place for a reason. Usually because some dumb *** decided he was gonna post pictures of a accident or something gory on facebook to brag to his friends about only to find out that the family hasn't even been notified of this persons untimely death. OR to protect the patient identity.
 
I think the real issues at heart are 1~HIPAA is interpreted by so many people in different ways. People have become so affraid that something might be a HIPAA violation, that they think everything is a HIPAA violation. 2~There is minimal training on HIPAA to most health care workers.

The truth is, if you do not give out identifying information, its not a HIPAA violation. Like many have said, departmental policies might be different.

I work for a company that has hospital contracts and I have seen people over think HIPAA and under think it enough that it is a violation. Two recent situations.

-While registering a patient, a security officer got agitated with a transport crew who walked through the emergency room to get to the mental health unit. The officer stated it is a HIPAA violation for them to do so, and moaned and groaned. He actually went to the extent of stopping them in mid stride to yell at them for doing so, in front of the patient and other staff. - This is not a HIPAA violation. They were not yelling their patient's name or demographics as they walked through the hall. Nor were they flashing a facesheet or even advertising what unit they were going to. Just a silent walk through.

-We arrived to pick a patient up and discover that the last crew in took our paperwork and left theirs. Mistake on both the crew and hospital who handed them the wrong paperwork. The patient was transported to the receiving with wrong paperwork. Our patient, just happened to go to that facility also. Nurse handed us transfer paperwork for the previous patient, with all PHI and Treatment visible from transfer form. Not our patient, not even same company. HIPAA violation?
 
What if the person affiliated with the agency is a volunteer? Someone that already knows the patient, because they work at the same public job.. I have come across that situation before, and it's touchy, because you're not supposed to 'upset' the volunteers at all. But this one couldn't do QA/QI, because she wasn't the appropriate level (she was intermediate and it was a medic level call), the billing is done through the local fire marshall's office-which she doesn't have any participation in, and she wasn't on the call. I'm still trying to figure out what she has to do that involves pulling charts and reading them... We have a QA/QI person that's the appropriate level-she's the paid supervisor over the medics.. Feedback, anybody?
 
For AT and EMT work, I've always gone by a simple rule. If who I am telling the story to cannot in any way connect the story to a Pt, it is not a HIPAA violation.

About snoopy bystanders or coworkers, whether for good or for bad, if they are not part of the continuity of healthcare for that Pt for that case, and they are not identifying themselves (with evidence) of being family, they don't get to know. If my Pt's boss comes up to me at the truck and asks how my Pt is doing and what is going on, he will get a "We are doing as much as we can to take care of him/her." If my mom asks me about what I saw on the truck today (assuming there was nothing crazy, 6 PM News worthy), I'll tell her my calls. Obviously, no names, and probably not even locations. Certainly not addresses.

Playing devil's advocate... what about fire station tones? I used to live at a house near a station that was on top of a hill, and whenever those tones dropped I could hear it 5/5. Engine 39, respond to 1234 Liar Street for 40 year old unresponsive female. Pull out my dusty-ol' Yeller Pages, and find that Mrs. Billy just went down. To HIPAA, nor not to HIPAA...
 
mizzcemtp said:
What if the person affiliated with the agency is a volunteer? Someone that already knows the patient, because they work at the same public job.. I have come across that situation before, and it's touchy, because you're not supposed to 'upset' the volunteers at all. But this one couldn't do QA/QI, because she wasn't the appropriate level (she was intermediate and it was a medic level call), the billing is done through the local fire marshall's office-which she doesn't have any participation in, and she wasn't on the call. I'm still trying to figure out what she has to do that involves pulling charts and reading them... We have a QA/QI person that's the appropriate level-she's the paid supervisor over the medics.. Feedback, anybody?
Click to expand...

By that logic, I should not sit in on ground rounds because I am an EMT in room of MDs? What about surgical M&Ms?

If the reason for disclosure is training or QI, then it is covered, even its "a medic level call".
 
I think HIPAA is more about the electronic transfer of information. With all the EMRs, PACs, emailmydoctor@hospital.orgs, pagers, and general "electronicness" of healthcare, there is a lot of information that can be theived by tech savvy theives. Why would anyone want protected health information? Who knows. But I think the goal of HIPAA is to have anyone who is transfering information over the internet, take every precaution to encrypt and otherwise protect that information. The goal is not to prevent casual conversation among EMS providers.

That being said, I think we have always had an ethical obligation to protect our patients privacy.

Their is nothing wrong with telling war stories (as long as they are good ones...and accurate). How else are we supposed to learn critical thinking and problem solving skillz?
 
Privacy vs HIPAA. The two are related, but not the same thing.

My general rule of thumb to protect patient privacy is to not repeat any information that 1) isn't public record and 2) if the patient/family heard the story, couldn't recognize that it was them I was talking about.

There are some people who like to pull the HIPAA card all the time. One of my agencies doesn't bill. It usually goes something like this:

Nurse/Tech/Other person "Uh... You can't do that, it's a violation of HIPAA!"
Us: "We don't bill. AT ALL."
Nurse: "What does that have to do with anything? You're still violating HIPAA!"

The other thing that people don't realize is that you can transmit this information (PHI) over the air on the radio even if you are covered under HIPAA if it is to facilitate patient care. An example of dispatching that I like to give is a call to a apartment complex where dispatch doesn't know which apartment number the call came from. You can ask for the resident's name if there is a directory in the lobby and dispatch can give it to you over the air.

Another example in hospital communications is if you are trying to get medical control to advise you with something. Most often, EMS doesn't do anything that requires the name to be transmitted over the air, but there are some cases (especially in IFTs) where a name (or record number) might help facilitate things as you can look up a patient's chart with that information. Once again, not a HIPAA violation just because it's PHI.
 
WuLabsWuTecH said:
Privacy vs HIPAA. The two are related, but not the same thing.

My general rule of thumb to protect patient privacy is to not repeat any information that 1) isn't public record and 2) if the patient/family heard the story, couldn't recognize that it was them I was talking about.

There are some people who like to pull the HIPAA card all the time. One of my agencies doesn't bill. It usually goes something like this:

Nurse/Tech/Other person "Uh... You can't do that, it's a violation of HIPAA!"
Us: "We don't bill. AT ALL."
Nurse: "What does that have to do with anything? You're still violating HIPAA!"

The other thing that people don't realize is that you can transmit this information (PHI) over the air on the radio even if you are covered under HIPAA if it is to facilitate patient care. An example of dispatching that I like to give is a call to a apartment complex where dispatch doesn't know which apartment number the call came from. You can ask for the resident's name if there is a directory in the lobby and dispatch can give it to you over the air.

Another example in hospital communications is if you are trying to get medical control to advise you with something. Most often, EMS doesn't do anything that requires the name to be transmitted over the air, but there are some cases (especially in IFTs) where a name (or record number) might help facilitate things as you can look up a patient's chart with that information. Once again, not a HIPAA violation just because it's PHI.
Click to expand...

Instructors always told my class to keep all of those situations off FCC comms and instead use a secure line if available, or just your own phone. Just putting out then insight, I've never been in either situation so I couldn't say what I did. Sounds like it is more of a protocol type of thing than anything else.
 
It's funny, I find the nurses that quote HIPAA the most are usually the ones that don't want to do something for you. If you want some follow-up information on a patient, "no, sorry. That's a HIPAA violation." But they're the first ones to start yelling down the hall, or on the radio, "what's the patient's last name and Social Security number"

Yikes.

Any information that you give the hospital, related to patient care is not a HIPAA violation, even if it can be "unintentionally overheard". Obviously, most of us have learned to be quiet with information that may be deemed "sensitive" but there's still no reason to totally shut down the flow of information based on HIPAA.
 
To address the OP's question, it can be a murky area.

I personally think that discussing calls from a training perspective is fine, but it's very easy for it to become gossip. Protected health information (PHI) concerns also arise when the patient can be identified based on the conversation.

To me, it's often been an area where the golden rule seems to apply. If I was involved in a MVA and received medical care, I wouldn't mind if rough details were used for training purposes. But I probably would mind if it simply became a gossip-based discussion.
 
This volunteer had us dispatched to her place of work prior to her getting there. She waited 2 hours after the call was finished up, called from her desk at work-already having identified who the patient was-and wanted the particulars from the call. Chief complaint, treatment, where the patient was transported to in the hospital..etc.. I was standing in the bay with 3 other employees that were in the station to pick up their paychecks-on whose husband was with her and not an employee period. The volunteer accused me of insubordination because I didn't give her the information she wanted. Had nothing to do with training. By the way, this volunteer had our unit dispatched to this call-13 miles out of our district, and in another unit's district. Starting to see what I'm talking about?
 
Just because someone knows the Pt doesn't mean they have the right to know the case.

Sounds like she's looking for action. Tell her to go to fire or medic school and get off volly.
 
mizzcemtp said:
This volunteer had us dispatched to her place of work prior to her getting there. She waited 2 hours after the call was finished up, called from her desk at work-already having identified who the patient was-and wanted the particulars from the call. Chief complaint, treatment, where the patient was transported to in the hospital..etc.. I was standing in the bay with 3 other employees that were in the station to pick up their paychecks-on whose husband was with her and not an employee period. The volunteer accused me of insubordination because I didn't give her the information she wanted. Had nothing to do with training. By the way, this volunteer had our unit dispatched to this call-13 miles out of our district, and in another unit's district. Starting to see what I'm talking about?
Click to expand...

My supervisor refused to write me up for insubordination, stating that I wasn't insubordinate-I was doing my job. She had the supervisor demoted and had me fired for insubordination. My patient on this call was unresponsive and unable to even sign for permission to transport. There are some things you just don't do, you know? It was wrong. Or in the least, I felt like it was an invasion of the patient's privacy. This volunteer is a big gossip and I felt like the patient should have been the one to let her know what her PHMx and other private matters were-if she wanted her to know.
 
You must log in or register to reply here.
Back
Top