CONFIDENTIALITY
OF PATIENT MEDICAL INFORMATION
Policy:
This policy is designed to meet
requirements specified in the Health Insurance Portability and Accountability
Act (HIPAA) of 1996 which compels most health care providers, including
ambulance services, to take necessary steps to ensure that each patient’s
protected health information (PHI) is guarded against misuse and unauthorized
disclosure. “PHI” is defined as personal
medical information that identifies an individual and is stored or transmitted
in any form or medium (written, electronic, verbal, etc.). This includes
demographic information created or received by a healthcare provider and any
medical information (past, present, or future) that identifies, or could
identify, an individual patient.
Purpose:
·
Establish guidelines and boundaries for the uses of PHI and
create privacy standards for EMS personnel.
·
Create accountability for use of PHI and maintain
confidentiality of PHI.
Procedure:
1.
PHI
Access by EMS Personnel: EMS personnel have specific responsibilities to
protect each patient’s health information. EMS personnel have no rights to
access, use, or disclose PHI after the completion of the ambulance call and
supporting documentation. Intentional unauthorized access, use, or disclosure of PHI is prohibited
and subject to severe civil and criminal penalties. EMS personnel may not
access, use, or discuss PHI after a call is completed except as outlined below.
2.
Security
of PHI: EMS personnel must make every effort to ensure that all
Patient Call Reports (PCR’s) and other PHI is secure and out of sight of
unauthorized individuals.
3.
EMS Personnel will provide notice to each patient as to how individual
PHI will be used, disclosed, and how the patient can access his/her own PHI.
Notice will be provided in written form and acknowledged with the patient’s
signature when available.
4.
EMS personnel must obtain the patient’s consent to use or disclose PHI
as soon as “reasonably practicable” (i.e., as soon as practical after
services are provided). This is legally necessary in order to provide treatment,
billing services, and health care operations such as quality assurance, internal
audits, etc. Note: Patients who refuse consent to use or disclose PHI can
still receive treatment unless he/she refuses treatment also. It must be clearly
noted when a patient declines PHI consent but does in fact receive treatment
and/or transportation by EMS.
5.
Duly authorized patient representatives may sign for PHI consent if the
patient is unable to do so because of his/her medical condition. This includes a
parent, legal guardian, health care power of attorney – basically anyone who
is a legal representative of the patient.
6.
Uses and Disclosures
Requiring an Opportunity to Object: EMS personnel must obtain verbal or
written consent prior to using/disclosing PHI in the following situations…
·
Exchange of information for input in a hospital in-patient
directory.
·
Discussing patient care and/or payment with the patient’s
family, friends, or caregivers; or notifying the patient’s family,
friends, or caregiver’s of the patient’s condition, location, or death.
·
Disaster relief purposes such as releasing certain
information to the American Red Cross.
7.
Uses
and Disclosures for which Consent, Authorization, or Opportunity to Object are
not Required: Verbal or written permission prior to use or disclosure is
not required in the following situations…