The Health Insurance Portability & Accountability
Act of 1996 (HIPAA)
- We have set aside this
section of our website to provide this very brief
introduction to HIPAA, as we believe that it will affect
most of our customers in one way or another.
- One of HIPAA's primary
goals is to protect the privacy of patients (there are
other, significant goals, which are worth knowing, but not
- Most of my
customers interact with EMS patients as first responders
and/or health care providers.
- Some information
about these interactions is entered into Computer Aided
Dispatch (CAD) and ProQA & Aqua databases, even if it is
merely the address of the call.
- And many of these
organizations hire Stout Solutions to write software
that makes it easy for my customers to get their data from
these databases into reports and utilities, so they can
share this information within and outside their
So, we're recommending
to all our customers that they look into HIPAA to find out how
their organization may be affected by HIPAA. Questions to
consider include who can see
what information about calls
on your desks and on your website.
Also, is it OK to send patient information electronically on
reports or screenshots to your software developer
to discuss features or bugs? How about sending it to
responders via Pagers or
We are looking into
these questions from a developer's perspective and will be
prepared to become Business Associates (as defined by
our government) with our customers, as well ensure that our
internal policies and procedures will satisfy the most stringent
HIPAA requirements to maintain our customers' chain of privacy
and patient confidentiality.
To quote the US
Department of Health and Human Services: The Standards for
Privacy of Individually Identifiable Health Information (the
Privacy Rule) took effect on April 14, 2001. The Privacy Rule
creates national standards to protect individuals' personal
health information and gives patients increased access to their
medical records. As required by the Health Insurance Portability
and Accountability Act of 1996 (HIPAA), the Privacy Rule covers
health plans, health care clearinghouses, and those health care
providers who conduct certain financial and administrative
transactions electronically. Most covered entities must comply
with the Privacy Rule by April 14, 2003. Small health plans have
until April 14, 2004 to comply with the Rule.
And, there are penalties
for non-compliance: HIPAA calls for severe civil and
criminal penalties for noncompliance, including: -- fines up to
$25K for multiple violations of the same standard in a calendar
year -- fines up to $250K and/or imprisonment up to 10 years for
knowing misuse of individually identifiable health information
We're not claiming to be
HIPAA experts, in fact, we're in the learning process ourselves.
But in the interest of getting information to our customers
(many of whom tell me they don't really know if they are
affected by HIPAA or not), we are adding this section to our
website, and will update it occasionally with more information,
but mostly with good links we find to HIPAA information.