YOU WANT TO KNOW…WHAT?!
HIPAA (yes, it is spelled with ONE P and TWO A’s, and not the often-misspelled HIPPA) stands for the “Health Insurance Portability and Accountability Act” and was first published in 1996. While there have been a FEW revisions made to the original guidelines, its purpose is still solid about the vital role that health care professionals play in protecting the privacy and security of patient information. Every health agency should have a HIPAA Compliancy Officer on staff to ensure the care of every patient’s PHI.
Of course, when you are in the middle of a hectic scene, especially in the middle of a busy roadway or in public view, protecting your patient’s privacy is not always an easy task. While you would not, SHOULD NOT, allow the media on the scene, sometimes an open location is impossible to fully protect. Your crew can ask for police help to keep onlookers a reasonable distance away, and you can do your best to shield your patient, but a long lens can still prove intrusive. Never give out information to the press about your patient(s), even if they DO have the pictures to go with it.
All medical personnel are “covered entities” of HIPAA regulations and are required to protect a patient’s confidential history and ID. However, there are some instances where covered entities are required to share the PHI, protected health information, about the patient and his/her condition. In all cases, it is best to give out only as much information as necessary; if the questions are too invasive beyond the necessary minimums, the receiving party would have to prove their need for the information.
A covered entity is permitted to disclose PHI to law enforcement officials without patient authorization under the following circumstances: Court orders, court-ordered warrants, subpoenas, and administrative requests.
A crime victim’s basic condition and minimal health history should be shared with local law enforcement.
The Biological Agents Registry Public health is exempt from maintaining PHI if it would help to prevent an act of terrorism or mass contagion.
If there is a CLOSE family member asking questions, and there is reasonable cause to believe that person is responsible for the patient’s care (unless the patient is an adult and conscious enough to deny that individual’s right to information), then it is all right to share the BAREST MINIMUM OF information.
Parents of minor children are permitted access to their child’s medical information UNLESS the local state law gives that minor the right to refuse. In rare instances, if the health provider genuinely feels that the parent’s right to know would endanger the child (i.e.: child abuse), the provider should use discretion (calling for a police officer if necessary).
HIPAA is federal legislation although some states have written in added restrictions, in NO case may the local enforcement be LESS than the federal regulation calls for. There are penalties when HIPAA has not been upheld and the severity considers intent and willful neglect. In many cases, health provider employers bear the brunt of the violation unless it is shown that the provider intentionally abused the information for criminal reasons.