HIPAA establishes national standards to protect patient health information. As emergency medical providers, you are considered part of a “covered entity” under HIPAA, meaning any patient information you create, receive, maintain, or transmit is protected. This information is referred to as Protected Health Information (PHI) and includes anything that can identify a patient—names, addresses, birthdates, medical records, treatment information, etc.

RESPONSIBILITIES UNDER HIPAA

Maintain Confidentiality

• Refrain from discussing patient details or sharing identifying information outside the scope of treatment, payment, or authorized healthcare operations.

• Do not share patient information unnecessarily, even with fellow staff members who are not involved in the patient’s care.

Limit Access and Disclosure

• Access only the minimum necessary patient information required to perform your duties.

• Verify the identity of anyone requesting patient information, and ensure they are authorized to have it.

Safeguard Verbal and Written Communications

• Use discretion when discussing PHI in public or on the radio. Find a private area to talk when possible or use communication methods designed for privacy.

• Keep printed/written documents containing PHI secure (e.g., in locked cabinets)

Protect and Secure Equipment

• Devices (tablets, laptops, computers, etc.) used to document patient care must be password-protected.

• Do not save passwords to devices, unless biometric identification is used to activate the password.

Report Potential Breaches Promptly

• If you suspect PHI has been accessed or disclosed improperly, notify your supervisor or compliance officer immediately.

• Quick reporting allows your organization to respond appropriately and limit potential damage.

KEY REMINDERS:

·      Minimum Necessary Rule: Share only what is needed for the immediate purpose.

·   Professional Conduct: Never share patient stories, photos, or identifying details on personal social media or outside of authorized medical purposes.

·    Ask if Unsure: When in doubt, consult your supervisor, the organization’s compliance officer, or HIPAA-trained personnel.