Re: HIPPA question for Gene

January 15, 2004

Excellent question and one that needs to be asked.

HIPAA allows disclosure without consent or authorization (two different terms

with different meanings) for 4 separate situations:

1. For the patient's treatment. Any and all information may be passed along

the " chain of caregivers " freely.

2. For payment. Payment information is subject to the " minimum necessary

standard " which means that just the amount of information needed for billing may

be passed on. That can range from minimal information to complete PCRs when

Medicare or an insuror questions care.

3. For health care operations. This is where QA/QI comes into the picture.

All information is available for the QA/QI process. It assumes that the

person/persons doing QA/QI are a part of management with a need to know and that

they will have executed a confidentiality agreement. If outside QA/QI is

utilized, such as where a company is contracted to do it, that company must have

a

" business association agreement " with your service, which defines their

responsibility to follow HIPAA; further their personnel will need to sign

confidentiality agreements. Same goes for outside medical directors.

4. When the law requires disclosure.

Those are the situations when disclosure may be made without written

authorization.

When I used the terms QA/QI with reference to the medic's comments to

patient, I should also have included " lack of adequate supervision " which is

probably

where this service is going wrong. What I'm " hearing " about the medic's

conduct that I criticized is that this is a " system culture " that allows this.

It

probably has been going on for years and may even be encouraged by managers

who have retained the same attitudes that they had when they were street

medics. It is very hard to change culture like this, especially in a civil

service

based system.

But think of it this way: What if store clerks at, say, WalMart were allowed

to insult customers whose race, ethnicity, economic status, education, state

of hygiene, and appearance they did not like? How long do you think that

person would last?

Private EMS is a BUSINESS as well as a public service calling, and no private

company can afford to allow its employees to act in such a manner. It is

truly unfortunate that municipal fire departments tolerate this, but I know they

do. It will take a sea change in perception before that situation changes,

I'm afraid.

Best,

Gene

Best,

Gene

In a message dated 1/15/2004 8:54:54 AM Central Standard Time,

dfw_firefighter@... writes:

In your previous post, how does revealing " privledged " information

affect the QA/QI process or EMS education? The guidelines I heard

before HIPPA was not to disclose specifc information (i.e name,

medical history, etc.) My guess is now that QA/QI cannot review runs

due to the private info listed on them.

DFW

January 15, 2004

I can actually help you with that one. QA/QI falls under the section of the

law for exemptions for what is necessary for operations. QA/QI is not only

necessary for operations, but a good QA/QI system is mandated for us in

Texas. The catch is that you still have to keep information secured and only

use it in the proper manner. We have daily QA/QI of all charts which

includes QA of all appropriate signatures and billing information. This is

acceptable. But we keep those charts under lock and key and, following the

QI process, the copy of the chart used is shredded leaving only the result

sheet which has no patient sensitive information on it.

Jane Hill

HillGandy Associates

January 15, 2004