I was recently involved in a pretty tense scene where several drunk friends tried to assist in the resuscitation of their drunk, half drowned buddy. By the time we were done, there were multiple patients, multiple TASER deployments and several of our local law enforcement officers requesting written statements from all crew members involved. While we sat around the E.R. break room, filling out forms in triplicate, the predictable HIPAA question was asked.
What can we say in this statement? Can I just write, “Information protected by HIPAA?”
The short answer is, no. It isn’t professional or cooperative to simply throw up the HIPAA flag as soon as a law enforcement officer requests information about your medical scene. And it’s also incorrect. There is a bunch of information that you can legally provide to the police.
1) Any information that your state laws requires you to disclose.
State laws often include provisions that require EMS to disclose information regarding certain types of situations and medical conditions. In many states, you are required to tell the police about stab wounds, gunshot wounds, assault wounds, child abuse and elder abuse. These disclosures aren’t necessarily related to physical injuries. Know what types of information disclosures your state mandates. None of these disclosures are a violation of HIPAA. If your state requires the disclosure, you can speak freely with police about the injuries or wounds, the identity of the patient and the identity of the possible assailant.
2 ) Any information that a police officer overhears during the course of routine care.
We sometimes get this idea that it is our job to sequester the patient to a private area before we ask any questions or perform any assessments. It isn’t our job to prevent information from being passed from the patient to police officers. We aren’t there to inhibit the police from doing their job. You can ask the patient any question in the presence of a police officer. You can allow the police to search and question your patient.
You are not the patients law enforcement shield. Information that passes from the patient OR the care provider to the police during routine care is considered an incidental disclosure.
3) Any information specifically regarding the commission of a crime.
HIPAA is intended to protect the patients personal medical information. It isn’t intend to protect them from prosecution for a crime. It also isn’t intended to prevent the collection of evidence of a crime. This is an important and often misunderstood facet of HIPAA. If you have evidence regarding the commission of a crime, you can tell the police what you know. That includes the location of the crime and the description and location of the perpetrator. (Even if they are your patient.)
You are also allowed to respond to any official law enforcement inquiry as long as the information requested is, “relevant and material to a legitimate law enforcement inquiry.”
4) Any information requested by a court order.
During a recent presentation by Doug Wolfberg to the Denver Metro Physicians group, he asked what the group thought was the most typically enforced HIPAA infraction? Every guess had something to do with the accidental or purposeful disclosure of protected medical information. None of the guesses were even close. The most common HIPAA infraction is not providing information to parties when agencies are legally obligated to do so.
To date, HIPAA governed agencies have paid far more fines for NOT releasing information than they have for improperly releasing information. If the court has ordered the release of medical documentation, we are legally obligated to release the subpoenaed information. Do so completely, accurately and without delay.
When it come to releasing information about the commission of a crime. EMS providers are fairly well protected under HIPAA. Don’t feel like you need to clam up when police officers want information about criminal activity. Chances are, the information you are providing is perfectly legal.