DSC Tech Library
This section of our technical library presents information and documentation relating to Emergency Broadcasting Systems and Disaster Recovery Applications.
Should an emergency arise in your community, our 911 broadcast service can deliver large volumes of calls quickly using thousands of phone lines simultaneously. In the event of a blizzard, wild fire or devastating flood, your community can be notified quickly given specific instructions if an evacuation is required using our emergency broadcasting service. If a dangerous chemical spill occurs in your community, you can target specific areas to call. If a severe snow storm hits your area, your community can be notified of school closings or event cancellations.
The following article relates to emergency broadcasting and how it is used in various communities today. This information was obtained from the internet with attribution to the author and/or community.
EMD and Confidentiality
Making sense of HIPAA confidentiality regulations as they pertain to emergency medical dispatch can be a difficult path to navigate. EMD Consultant Geoff Cady outlines the basics of this new ruling as it pertains to 9-1-1 dispatchers.
By Geoff Cady
Perhaps the saying "Be careful for what you ask for, you just might get it!" epitomizes the origins of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Originally conceptualized by the healthcare industry as a way to streamline administrative processes, HIPAA has become the stuff of consultants' dreams. When the dust finally settles, many healthcare experts expect HIPAA compliance costs to significantly exceed Y2K costs. Given the organization and complexity of today's healthcare environment, there are very few healthcare providers that will escape the reach of HIPAA. Given the relationship of the public safety communication centers to EMS providers, it's reasonable to assume that some if not all communication centers need to at least look at whether or not they would be subject to the Act as a "covered entity."
The question of HIPAA and public safety communication centers was addressed at this year's National Academies of Emergency Dispatch (NAED) Navigator Conference in Anaheim, Ca. by Doug Wolfberg of Page, Wolfberg and Wirth, LLC. Given the importance of HIPAA compliance and the significance of penalties for noncompliance (e.g., up to $250,000 in penalties and 10 years in prison), this issue's column provides some highlights of that presentation as well as from other sources of information on HIPAA.
While its name appears to focus on health insurance issues, HIPAA covers a broad spectrum of healthcare information exchange issues. Specific to communications, however, are requirements that relate to the exchange and use of "Protect Health Information" or PHI. Protected Health Information is any information relating to the treatment, diagnosis, or payment for healthcare services that identifies an individual (e.g., name, social security number, condition, address, age, etc.) in written or oral forms. It doesn't take a rocket scientist to figure out that an EMS or law enforcement communication center could obtain and transmit PHI on a typical response. In an effort to protect individuals from the misuse of PHI, the Act:
Grants patients more control over their health information
- Sets limits on the use and release of healthcare records
- Establishes safeguards to protect the privacy of health information; and,
- Establishes penalties for violators of the Act.
The difficulty for most providers to date has been the determination of whether the delivery of EMS and emergency communication services would cause the agency to be a "covered entity." National expert and attorney Doug Wolfberg pointed out in his Navigator presentation that "covered entities" fall into basically three categories; health care clearinghouses, health plans or health care providers. While the first one is easily eliminated given the stark differences in function, the second may be applicable, and the third (healthcare provider) had some activity similarities and relationships that could result in a communication center being subject to HIPAA.
Doug's presentation defined healthcare providers as "...any person or organization who furnishes, bills or is paid for health care as the normal course of business." Healthcare is defined as "care, services or supplies related the health of an individual..." While this definition would appear to exclude most communication centers, Doug points out that dispatch agencies that are al so healthcare providers, such as, ambulance services (private or public operated) may be "covered entities" since they probably engage in covered electronic transactions. Covered transactions are related to exchange of patient information and include claims filling (e.g., billing for services). Since Medicare is requiring providers to file electronically as of October 16, 2003, most EMS agencies that bill for services or receive reimbursement would be "covered entities." A municipal communication center that is part of a municipality that also provides municipal ambulance service would be affiliated with the agency via the municipality and thus a covered entity.
However, there are methods for "walling off" the communication center as a noncovered function. Described as "hybrid entities," these agencies must be documented in case of a HIPAA compliance audit. Also, the hybrid entity must institute specific controls to prohibit the misuse PHI.
The three permitted uses of PHI include its use for treatment, payment and operations (a.k.a. TPO). What is important to note about TPO use is that consent or patient authorization or permission is not required. Perhaps the most applicable use of PHI for communication centers is its use in the treatment of patients. In this case, HIPAA permits PHI to be freely shared with other agencies. As a covered or hybrid entity, communication centers are permitted to give PHI over the radio and/or digitally to first responder or ambulance services. When making permitted disclosures, "incidental disclosures" are bound to occur. HIPAA requires the application of "reasonable safeguards" to minimize these occurrences, but does not require the implementation of new technology to accomplish this. For example, a review of current dispatch policies and procedures related to what response or incident information is announced over the radio and its potential to result in the disclosure of PHI would be an important activity to document. Other reviews should include a review of CAD and records management software. The basic rule of thumb is to avoid the use of names whenever possible.
Other permissible disclosures of PHI without patient authorization include:
While HIPAA mandates the protection of PHI, ethically every communication center has an obligation to protect the privacy of patients. However, for the purposes of HIPAA it will be important to establish the existence or nonexistence of a business association with a "covered entity." If the communication center performs services on behalf of an EMS provider it could be a business associate. However, it is the EMS provider's responsibility to develop and present a "business associates" agreement.
- Uses/disclosures required by law
- Public health-related activities (i.e. disease surveillance);
- Abuse, neglect or domestic violence;
- Government health oversight activities;
- Judicial proceedings;
- Law enforcement purposes; and,
- Organ/tissue donation.
Finally, all covered entities must provide HIPAA privacy training to ensure personnel understand and comply with agency policies to protect PHI. This training program must be presented to new employees within a reasonable time frame and presented to all members of the workforce (e.g, volunteers, independent contractors, etc.).
Original published in the July/August 2003 issue of 9-1-1 Magazine.
Geoff Cady is the Fire/EMS Analyst for the Gilroy (CA) Fire Department, and a long time communication center and EMS consultant. Geoff is also a member of College of Fellows of the National Academy of EMD. He regularly lectures and writes on EMS and communications related topics. He can be contacted at firstname.lastname@example.org.