HIPAA Training For EMS Personnel
DIVERSIFIED AMBULANCE BILLINGHIPAA Training forEMS PersonnelDAB Client Support ServicesVersion 4.1www.dabill.com 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGPresentation Outline Overview of HIPAA Components of HIPAA HIPAA Case Example FAQ Review and Summary 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGOverview of HIPAA 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGOverview of HIPAA What is HIPAA and Why is it Needed? “HIPAA” stands for the Health InsurancePortability and Accountability Act of 1996 HIPAA was passed in the early 1990s toregulate unscrupulous policy and privacypractices of HMOs HIPAA created privacy practices standardsthat healthcare workers must follow 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGOverview of HIPAA What is HIPAA and Why is it Needed? HIPAA provided patients with legal rightsand a voice in how healthcare organizationsuse protected health information (PHI) Other areas of HIPAA include “securityrequirements” for computer storage andtransmission of healthcare data along withinsurance claim “transaction requirements” 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGOverview of HIPAA Who Must Comply With HIPAA? Healthcare organizations that charge forservices including EMS agencies, Fire Departments, Volunteer Rescue Squads andall personnel who work or volunteer forsuch organizations Companies and individuals acting on behalfof such organizations, more commonly called “Business Associates” 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGOverview of HIPAA How Does HIPAA Impact EMS? HIPAA regulations affect how EMS personnel use and transfer patient information HIPAA requires EMS agencies to appoint a“Compliance Officer” and create HIPAApolicy for the organization to follow HIPAA mandates training for EMS personneland administrative support staff 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGOverview of HIPAA How Does HIPAA Impact EMS? EMS agencies and personnel must followHIPAA regulations during patient contactsituations, when transferring patient information and for administrative functions EMS agencies must follow HIPAA regulations in retaining, managing and releasingpatient information and records 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGOverview of HIPAA How Does HIPAA Impact EMS? EMS agencies must follow HIPAAregulations by notifying patients of theirHIPAA rights shortly after time of serviceand must request that each patient sign astatement acknowledging such a notice 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGOverview of HIPAA Civil penalties for HIPAA violations includefines acted without knowing what you were doing waswrong Criminal penalties for HIPAA violationsinclude fines and jail acted knowing what you were doing is wrong andtried to get profit from it Penalty enforcement targets the healthcareprovider AND the organization 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGQuick Reference GuideComponents of HIPAA Using PHI – Definitions HIPAA regulations create a “protectedhealth information” (PHI) standard thatmust be used by EMS agencies andpersonnel PHI can be defined as any medical information concerning a patient identified by “patient name, identification number or othermeans of identification” 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Using PHI – Definitions Because EMS agencies operate in a fieldsetting, HIPAA uses a standard of “reasonableness” to address privacy and PHI Generally, patient privacy and PHI becomean issue when a patient is loaded in anambulance and access to the patient can becontrolled 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Using PHI – Definitions EMS personnel need to focus on informationrequests going out, not coming in, and whois making the request Generally, other public safety agencies thatdo not charge for services are not coveredby HIPAA. These include 911 centers, firedepartments and law enforcement 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGQuick Reference GuideComponents of HIPAA Using PHI – Basic Rules PHI may only be shared for “treatment,payment or operational needs” of EMSagencies. Most other uses require writtenconsent and authorization by the patient A “minimum necessary information requirement” is standard for all use of PHI outsideof treatment 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Using PHI – Basic Rules Treatment includes sharing PHI betweenfirst responders, EMS personnel, hospitals,ED staffs, pharmacies and other in-kindparties by voice, paper, electronic ortelecommunication means Payment includes sharing PHI betweenEMS agencies, billing companies, andguarantors 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Using PHI – Basic Rules Healthcare Operations includes sharingPHI between EMS personnel, supervisors,quality control personnel, managers,planners, medical control physicians, otheradministrative personnel and for other EMSoperational functions including training,case reviews and CISD meetings 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Using PHI – Basic Rules If PHI needs to be shared with other publicsafety organizations, government agenciesor other officials in operational settings,such requests must be directly related to ajustifiable “need” as permitted by HIPAAregulations 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Using PHI – Basic Rules Valid requests for PHI include:Mandated Requirements of LawPublic Health ActivitiesAbuse/Domestic SituationsHealth Oversight ActivitiesJudicial & AdministrativeLaw Enforcement Activities 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Using PHI – Basic Rules Valid requests (continued) Deceased PatientsTissue Donation PatientsResearch PurposesThreat to Public SafetySpecialized Government FunctionsWorkers Compensation 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Using PHI – Basic Rules Valid requests (continued) Law Enforcement ActivitiesProcess / Covered by LawIdentification and LocationVictims of CrimeDeceased PatientsCrime on PremisesReporting Crime 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Using PHI – Basic Rules Generally, “valid” requests for PHI fromother public safety agencies may only begranted keeping “the best interests of thepatient” in mind In many cases, EMS personnel must use“professional judgment” in granting suchrequests 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Using PHI – Basic Rules PHI must remain confidential for all otherrequests unless “prior authorization” isobtained from the patient. This meansthat PHI cannot be released without thewritten consent of the patient 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGQuick Reference GuideComponents of HIPAA Using PHI – Family or Friends One exception is information requests from“family, friends or other individuals involvedin care or payment arrangements for thepatient” EMS personnel can grant limited requestswith the approval of the patient or by using“professional judgment” when the patient isincapacitated 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGQuick Reference GuideComponents of HIPAA Using PHI – 4 Step Decision Method1. Is information coming in or going out?2. Who is making the PHI request and forwhat reason?3. Does the reason fall within treatment,payment or operational requirements?4. If not, is the reason valid and appropriate? 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Using PHI – NPP Notification Process HIPAA regulations give patients specificrights concerning PHI and how it is used A “notice of privacy practices” (NPP) including patient rights must be provided to eachpatient at time of service or as soon aspossible after 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGQuick Reference GuideComponents of HIPAA Managing PHI – Records HIPAA regulations require that patient carereports (PCRs) be stored using appropriate“physical safeguards” – such storage mustinclude “limited access” requirements forEMS personnel or other individuals notauthorized to view healthcare records 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Managing PHI – Records EMS agencies using electronic PCRs (EPCRs) must also meet the HIPAA securitystandard for electronic PHI – this standardincludes the use of appropriate electronicsafeguards along with the correct use ofuser identification, passwords and securityprotocols by EMS personnel 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Managing PHI – Records Release of patient records for appropriatepurposes must be managed through theuse of request forms and EMS agencypolicy “General” record release policies withoutadministrative review are not recommended 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Managing PHI – Records Facsimile transmission of PCRs must be to“dedicated” medical record FAX machines ifunattended – ALL PCR faxes should usecover sheets with verification statements E-mailing E-PCRs or PHI references requiresuse of HIPAA regulated PHI security standards 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGComponents of HIPAA Managing PHI – Records All patient requests or complaints must bemade in writing to the EMS agency HIPAAofficer – the EMS agency must also respondto requests or complaints in writing A number of other issues impact EMS andHIPAA – Google the following:2006 45 CFR 164.500 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example Incident Scenario Patient was walking across intersectionwhen he was struck by SUV at high rate ofspeed. SUV was involved in an MVA prior tostriking patient EMS, Fire, Police and State Police all respond to incident 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example Description of Patient Patient was auto/pedestrian struck by SUVduring roll over, obvious multiple trauma Patient is unconscious but breathing. Injuries include open fractures, lacerations,burns and deteriorating vitals 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example First Response Fire Department arrives at incident scene,followed by Police. Multiple bystanders atincident scene assisting patient. Fire firstresponders begin assessment of patient infront of bystanders and Police.Did a HIPAA violation occur? 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example First ResponseDid a HIPAA violation occur? No – First responders needed to treat thepatient in the environment found, no“reasonable” measures could be taken toassure privacy. First responders might notbe covered by HIPAA. 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example Ambulance On-Scene Your ambulance arrives at the incidentscene, the crew gathers equipment andgoes to the side of the patient. The firstresponders give a report to the AIC thatbystanders and the Police hear. The AICquestions bystanders about the accident.Did a HIPAA violation occur? 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example Ambulance On-SceneDid a HIPAA violation occur? No – First responders needed to give yourcrew a report and the AIC needed to gathermore information. Again, no “reasonable”measures could be taken to assure privacygiven the nature of the incident and theresources available. 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example Back of Ambulance Your crew loads the patient and beginsworking on him. A few minutes later afirefighter brings over a priest who says heknows the patient. The priest asks questions about the condition of the patient andthen asks if he will die.Is this a HIPAA issue? 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example Back of AmbulanceIs this a HIPAA issue? YES – The information request means PHIwould be given out. The relationship between the priest and the patient in this caseneeds verification. Proceed with caution,minimum necessary informationrequirement in place. 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example Back of Ambulance A few minutes later the Police bring anobviously upset woman to the truck whothey identify as the patient’s mother. Shewants to know if her son will live and whatcondition he is in.Is this a HIPAA issue? 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example Back of AmbulanceIs this a HIPAA issue? YES – The information request means PHIwould be given out. The Police have established the relationship between the patientand the person requesting information. Proceed with compassion, minimum necessaryinformation requirement in place. 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example During Transport The patient is packaged and your unitleaves the incident scene transporting tothe hospital. A radio report is given toMedical Control with PHI exchanged.Is this a HIPAA issue? 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example During TransportIs this a HIPAA issue? NO and YES – PHI is given out, but radioreports generally do not identify the patientunless required. Consider a cell phone ifpatient identification needed. Multiple patient scenarios do not change methods. 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example At the Hospital Your unit arrives at the hospital and thepatient is turned over to the hospital staff.As the AIC is writing up the PCR, a crewmember from another ambulance readswhat the AIC wrote and says “WOW, thatwas a bad one, huh?”Did a HIPAA violation occur? 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example At the HospitalDid a HIPAA Violation Occur? YES – Only crew members directly involvedwith the call, supervisors or other administrative personnel should be reading PCRs.Members not involved with the call shouldnot be looking at PCRs and reading PHI. 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example At the Hospital As your unit prepares to leave the hospital,a local TV news crew approaches with camera running and asks if you can describewhat happened. Before you can stop him, anew member tells the news crew the nameof the patient and his condition.Did a HIPAA violation occur? 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example At the HospitalDid a HIPAA Violation Occur? YES – Only limited information can be released concerning incidents, patients andpatient condition. An agency Public Information Officer (PIO) should be tasked withthis responsibility. 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example LEA Issues Police officers on the scene and at thehospital requested certain informationincluding patient identity and condition.They are requesting this information aspart of a potential fatality investigation.Is it a HIPAA violation to provide thisinformation? 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example LEA IssuesIs it a HIPAA violation to provide thisinformation? NO – In the case of a potentially fatalmotor vehicle accident, providing the Policewith certain information for investigationactivity is appropriate. This information islimited by the “minimum necessaryinformation requirement.” 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example After the Call Several weeks go by during which thepatient remains in a coma. You arecontacted at the station by the “patient’sattorney” who wants to talk to you aboutthe incident and the patient’s injuries.Is it a HIPAA violation to speak with thisindividual? 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGHIPAA Case Example After the CallIs it a HIPAA violation to speak with thisindividual? POSSIBLY – Confirming the identity andauthorization of patient representatives isan administrative function. Speaking toattorneys is best handled by subpoena todeposition or trial. 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGFAQ and Form ReviewHIPAA HO FAQ ReviewHIPAA Quick Reference Guide 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGReview of Key Points 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGKey Points Understand the concept of PHI andfollow the rules. Know when “minimum necessaryrequirements” should be used. Respect the privacy of patients. Act in the best interest of patients. 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
www.dabill.comDIVERSIFIED AMBULANCE BILLINGQuestions and . Answers? 2007 Diversified Ambulance Billing Let DAB Drive Your Bottom Line
Overview of HIPAA How Does HIPAA Impact EMS? HIPAA regulations affect how EMS person-nel use and transfer patient information HIPAA requires EMS agencies to appoint a “Compliance Officer” and create HIPAA policy for the organization to follow HIPAA mandates training for EMS personnel and administrative support staffFile Size: 229KB
Tel: 515-865-4591 email: Bob@training-hipaa.net HIPAA Compliance Template Suites Covered Entity HIPAA Compliance Tool (Less than 50 employees) . HIPAA SECURITY CONTINGENCY PLAN TEMPLATE SUITE Documents in HIPAA Contingency Plan Template Suite: . Business Impact Analysis Policy includes following sub document (12 pages) Business .
Tel: 515-865-4591 email: Bob@training-hipaa.net HIPAA Compliance Template Suites Covered Entity HIPAA Compliance Tool (Less than 50 employees) . HIPAA SECURITY CONTINGENCY PLAN TEMPLATE SUITE Documents in HIPAA Contingency Plan Template Suite: . Business Impact Analysis Policy includes following sub document (12 pages) Business Impact .
Chapter 1 - HIPAA Basics A-1: Discussing HIPAA fundamentals 1 Who's impacted by HIPAA? HIPAA impacts health plans, health care clearinghouses, and health care providers that send or receive, directly or indirectly, HIPAA-covered transactions. These entities have to meet the requirements of HIPAA.
What is HIPAA? HIPAA is the Health Insurance Portability and Accountability Act of 1996. HIPAA is a Federal Law. HIPAA is a response, by Congress, to healthcare reform. HIPAA affects the health care industry. HIPAA is mandatory.
EMS API Reference Guide 2012 Dean Evans & Associates, Inc. CONFIDENTIAL 20 Aug 2012 9 EMS Professional customers – enter “EMSData” EMS Workplace, EMS Campus, EMS Enterprise, EMS Legal and EMS District customers - typically named “EMS” 9.
Basics of HIPAA and HITECH 4 What exactly is HIPAA? 4 Covered entities v. business associates 5 The HIPAA Omnibus Rule 6 7 H C E T I H HIPAA Compliance Simplified 8 Five security-thought-leader tips for HIPAA Compliance 8 Three specific HIPAA tips you need to know post-omnibus 11 Checklist: How to Make Sure You're Compliant 13
County EMS Agency Field Operations Guide An operational guidance document for EMS Agency Personnel, EMS Duty Chief, EMS Commander, and EMS Director REFERENCE #817 Revised November 2008 Santa Clara County Emergency Medical Services Agency 976 Lenzen Avenue San Jose, California 95126 1. . EMS field units (EMS 2-6/Squad1),
Python cannot accurately represent a floating point number because it uses a special format for storing real numbers, called binary floating-point. Example: Fraction to decimal conversion. 10 over 3 is a perfect representation, however 3.333 is inaccurate
