-
Notifications
You must be signed in to change notification settings - Fork 1
Governmental and Regulatory Environment
EMS providers are healthcare providers. EMS agencies that transport and bill for their services are Covered Entities per the Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA). They have National Provider Identifiers (NPIs). Their software vendors are Business Associates.
- Open issue: Describe the regulatory status of EMS agencies that do not transport and do not bill for their services.
EMS providers and hospitals are permitted to share protected healthcare information (PHI) with each other to carry out treatment, payment, or health care operations. Examples include:
- Treatment: An EMS provider receives patient medical history information to inform the care decisions it makes for its patient. A hospital provider receives a patient care report from an EMS provider to inform the care decisions it makes for the patient delivered to the hospital by EMS.
- Payment: An EMS provider receives patient insurance information from another healthcare provider so it can bill for its services.
- Health Care Operations: An EMS provider receives information about the outcome of a patient it treated and transported to a hospital so it can conduct quality improvement activities.
EMS providers that bill for their services provide a notice of privacy practices for protected health information to their patients. However, HIPAA does not require patient consent to share PHI for treatment, payment, or healthcare operations. HIPAA also permits sharing data without requiring patient consent for public health, health oversight, research, and other purposes.
A key barrier in EMS interoperability is that current regulations and existing networks require participants to respond to treatment queries, but responses to health care operations queries are optional. EMS can reliably obtain patient history information during a patient encounter, because the purpose of use is treatment, and other participants must respond if they have data; but EMS is not guaranteed access to hospital outcome data after an encounter, because the purpose of use is health care operations, and other participants are not required to respond, even though the information being requested by EMS exists.
The 21st Century Cures Act prohibits "information blocking," which is defined as practices that are "likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information." Information blocking includes:
- "Practices that restrict authorized access, exchange, or use under applicable State or Federal law of such information for treatment and other permitted purposes under such applicable law, including transitions between certified health information technologies"
- "Implementing health information technology in nonstandard ways that are likely to substantially increase the complexity or burden of accessing, exchanging, or using electronic health information"
- "Implementing health information technology in ways that are likely to restrict the access, exchange, or use of electronic health information with respect to exporting complete information sets or in transitioning between health information technology systems; or lead to fraud, waste, or abuse, or impede innovations and advancements in health information access, exchange, and use, including care delivery enabled by health information technology."
If an EMS provider requests electronic health information about its patient via a health information network, and holders of the information do not provide it, the EMS provider may claim that information blocking has occurred.
Health information technology vendors cannot charge unreasonable or discriminatory fees for implementing health information exchange (45 CFR 171.302).
Federal regulation 42 CFR Part 2 restricts the disclosure of patient records by federally-assisted substance use disorder diagnosis, treatment, or referral programs without patient consent. The regulation is "intended to ensure that a patient receiving treatment for a substance use disorder in a part 2 program is not made more vulnerable by reason of the availability of their record than an individual with a substance use disorder who does not seek treatment" (42 CFR 2.2(b)(2)). The regulation is primarily intended to restrict disclosures that would expose a patient seeking help for substance use disorder to criminal or civil liability, but it also restricts disclosures for treatment, payment, and health care operations without patient consent.
The regulation includes an exception that allows such programs to disclose records for "medical emergencies" without patient consent if consent cannot be obtained and they notify the patient of the disclosure immediately afterward (42 CFR 2.51).
The overall effect of the regulation on EMS interoperability is that,
- A federally-assisted substance use disorder diagnosis, treatment, or referral program may disclose patient records to EMS during a medical emergency for the purpose of EMS treatment without patient consent.
- EMS cannot obtain patient outcomes from a federally-assisted substance use disorder diagnosis, treatment, or referral program to which it transferred a patient unless the program has obtained the patient's consent.
- The regulation does not affect the disclosure of substance use disorder information about a patient by healthcare providers that are not federally-assisted substance use disorder diagnosis, treatment, or referral programs.
- HIPAA Home, at the U.S. Department of Health & Human Services
- An Imaginary Barrier: How HIPAA Promotes Bidirectional Patient Data Exchange With Emergency Medical Services, by Page, Wolfberg & Wirth (PWW)
- NEMSMA Position Statement and White Paper: Process and Outcomes Data Sharing Between EMS and Receiving Hospitals, in Prehospital Emergency Care
- Information Blocking, at the Office of the National Coordinator for Health Information Technology (ONC)