[ Tuesday, April 27, 2004 ]
EMS dispatchers and HIPAA:
There's been some interesting back-and-forth on the AHLA health information technology listserv over the last few days about the impact of HIPAA on EMS dispatchers, particularly where they are combined with police dispatchers. Often, the EMS department and 911 dispatchers will be city or county employees. Certainly the EMS part of the business is a "covered entity" under HIPAA, but you usually don't want all of the city employees to be considered to be working for the same covered entity. In other words, if you are the human resources coordinator for a city or county government, you don't want your street repair crew to have to take HIPAA training, but you need your EMS guys to be trained. So, the smart thing to do is to consider the governmental entity a "hybrid entity": part covered entity, part not. The covered entity part gets HIPAA training, and the rest doesn't.
What about your dispatchers? Should they be considered in the covered entity part, or the non-covered entity part? Some of what they do involves PHI, but some doesn't (like fire and police calls where there's no ambulance service).
John Cody, a great contributor to the listserv, has looked into this some and noted the following internet articles and resources:
"HIPAA: The Intersection of Patient Privacy with Emergency Dispatch
"HIPAA Compliance Strategies: Six Ways Paramedics Are Dealing With New HIPAA Challenges
"HIPAA Overkill Should Not Delay EMS Response
"Confidentiality Concerns and Communications
"Use and Disclosure of PHI for Service Evaluation
"EMT Held Liable for Damages and Attorneys Fees for Violating Patient's Privacy: Lessons to Be Learned
had some bad links and have fixed all but one. I'm working on that one, too. Hat tip to Donna Higgins at Andrews Publications
for pointing that out.
Jeff [6:18 PM]
Blogger: HIPAA Blog - Edit your Template