reporting consulting training partners FirstWatch events about us contact us

 The Health Insurance Portability & Accountability Act of 1996 (HIPAA)

  • We have set aside this section of our website to provide this very brief introduction to HIPAA, as we believe that it will affect most of our customers in one way or another.
  • One of HIPAA's primary goals is to protect the privacy of patients (there are other, significant goals, which are worth knowing, but not addressed here).
  • Most of my customers interact with EMS patients as first responders and/or health care providers.
  • Some information about these interactions is entered into Computer Aided Dispatch (CAD) and ProQA & Aqua databases, even if it is merely the address of the call.
  • And many of these organizations hire Stout Solutions to write software that makes it easy for my customers to get their data from these databases into reports and utilities, so they can share this information within and outside their organizations.

So, we're recommending to all our customers that they look into HIPAA to find out how their organization may be affected by HIPAA.  Questions to consider include who can see what information about calls on your desks and on your website.  Also, is it OK to send patient information electronically on reports or screenshots to your software developer to discuss features or bugs?  How about sending it to responders via Pagers or Faxes?

We are looking into these questions from a developer's perspective and will be prepared to become Business Associates (as defined by our government) with our customers, as well ensure that our internal policies and procedures will satisfy the most stringent HIPAA requirements to maintain our customers' chain of privacy and patient confidentiality.

To quote the US Department of Health and Human Services: The Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule) took effect on April 14, 2001. The Privacy Rule creates national standards to protect individuals' personal health information and gives patients increased access to their medical records. As required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Privacy Rule covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions electronically. Most covered entities must comply with the Privacy Rule by April 14, 2003. Small health plans have until April 14, 2004 to comply with the Rule.

And, there are penalties for non-compliance: HIPAA calls for severe civil and criminal penalties for noncompliance, including: -- fines up to $25K for multiple violations of the same standard in a calendar year -- fines up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information

We're not claiming to be HIPAA experts, in fact, we're in the learning process ourselves.  But in the interest of getting information to our customers (many of whom tell me they don't really know if they are affected by HIPAA or not), we are adding this section to our website, and will update it occasionally with more information, but mostly with good links we find to HIPAA information.

EMS Law Site

hipaa advisory

health & human services

find out more


Developers of FirstWatchâ„¢, the Early Warning Biosurveillance System   Copyright 2000-2011 by Stout Solutions, LLC.