We’re hearing far too often that critical care providers like EMS (Emergency Medical Services) are being denied access to patient information, citing HIPAA as the barrier. There is no question that the obtainment, transmission, and exchange of patient health information must be secured. Those are the very basics of HIPAA that everyone — providers and patients — can get behind to ensure that the right folks have the right info at the right time. I don’t know about you, but if my life is hanging in the balance, I want to know that my first responders aren’t going to be limited based upon “Imaginary Barriers”.
We absolutely recognize and support some of the best practices that play out when it comes to implementing HIPAA in a health system or hospital. Role based and minimum necessary access per the Privacy Rule, determined on a “need to know” judgment, are totally fair. But where this line is breaking down in equipping EMS providers isn’t just access granted while the patient is actively receiving care (though this continues to be a pain point across the country)…it’s all in the follow-through.
The Gray Area of On-Going EMS Access to PHI
Let’s say that an EMT has a login to the hospital EHR or even a full blown integration with their ePCR system. This sets up EMS beautifully to promptly and efficiently respond to the patient at hand in the moment. Success, right? Sure, but what about what comes next? What aspect of this story are we missing if these providers lose visibility after the patient is transported and transitioned to the hospital?
This is exactly the “gray area” that EMS falls into in trying to monitor and track the outcomes for the patients for whom they’ve provided treatment, especially time sensitive events like Stroke, STEMI and Trauma. The data from their patients’ follow-up with their PCP, radiology results, lab tests, and specialists are critical to understanding not only how the patient fared, but also how appropriate and effective was the treatment provided by EMS. And yet, this breath of data is often withheld in the name of…you guessed it, HIPAA concerns.
Imagine watching through the first act of an award-winning film and then turning it off. “It was just ok.” Right, because you didn’t finish it! You didn’t get past the arc, you didn’t see the turning of events, the changing of hearts, the sweeping score and strong finish. How could you possibly appreciate something you didn’t see to completion?
You can’t. Of course.
Sharing (ePHI) is Caring
Imagine being a neurosurgeon who performs surgeries every day and is not readily informed of the outcomes of their patients. It makes no sense. Or what if we made the neurosurgeon make a phone call or flag down a nurse to find out how the patient is doing, or worse yet, what if we made them pay for the report that tells them what happened. I know…ridiculous for the neurosurgeon, so why is it the standard for EMS?
The outcome data should be free flowing and from system to system, using secure and encrypted standards-based methods, between two Covered Entities. The benefit is clearly seen when you consider that fact that Stroke, STEMI and Trauma registrars as well as EMS organizations are looking at the aggregated data to improve training and outcomes for you, me and our loved ones.