Emergency Medical Dispatch (EMD) and Confidentiality
    Emergency Notification Services Home  |   Contact Us  |   About Us  |   Sign Up  |   FAQ
blizzards hurricanes tornados floods forest fires

911 broadcast articles

Emergency Notification Systems and Services

emergency alert systems This section of our technical library presents articles written about Emergency Alert Systems and Disaster Recovery definitions, terms and related information.

The 911Broadcast emergency notification and alert service can deliver a large number of phone calls using a network of phone systems employing digital phone lines simultaneously. Should a disaster such as a snow storm, wild fire or flood hit your area, 911Broadcast systems can alert your community quickly providing specific instructions if an evacuation is required.

This service is available using our emergency broadcasting systems. If a dangerous chemical spill occurs in your community, you can target specific areas to call. If a severe snow storm hits your area, your community can be notified of school closings or event cancellations.

Emergency Medical Dispatch (EMD) and Confidentiality

Making sense of HIPAA confidentiality regulations as they pertain to emergency medical dispatch can be a difficult path to navigate. EMD Consultant Geoff Cady outlines the basics of this new ruling as it pertains to 9-1-1 dispatchers.

By Geoff Cady

Perhaps the saying "Be careful for what you ask for, you just might get it!" epitomizes the origins of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Originally conceptualized by the healthcare industry as a way to streamline administrative processes, HIPAA has become the stuff of consultants' dreams. When the dust finally settles, many healthcare experts expect HIPAA compliance costs to significantly exceed Y2K costs. Given the organization and complexity of today's healthcare environment, there are very few healthcare providers that will escape the reach of HIPAA. Given the relationship of the public safety communication centers to EMS providers, it's reasonable to assume that some if not all communication centers need to at least look at whether or not they would be subject to the Act as a "covered entity."

The question of HIPAA and public safety communication centers was addressed at this year's National Academies of Emergency Dispatch (NAED) Navigator Conference in Anaheim, Ca. by Doug Wolfberg of Page, Wolfberg and Wirth, LLC. Given the importance of HIPAA compliance and the significance of penalties for noncompliance (e.g., up to $250,000 in penalties and 10 years in prison), this issue's column provides some highlights of that presentation as well as from other sources of information on HIPAA.

While its name appears to focus on health insurance issues, HIPAA covers a broad spectrum of healthcare information exchange issues. Specific to communications, however, are requirements that relate to the exchange and use of "Protect Health Information" or PHI. Protected Health Information is any information relating to the treatment, diagnosis, or payment for healthcare services that identifies an individual (e.g., name, social security number, condition, address, age, etc.) in written or oral forms. It doesn't take a rocket scientist to figure out that an EMS or law enforcement communication center could obtain and transmit PHI on a typical response. In an effort to protect individuals from the misuse of PHI, the Act:

  • Grants patients more control over their health information;

  • Sets limits on the use and release of healthcare records

  • Establishes safeguards to protect the privacy of health information; and,

  • Establishes penalties for violators of the Act.
The difficulty for most providers to date has been the determination of whether the delivery of EMS and emergency communication services would cause the agency to be a "covered entity." National expert and attorney Doug Wolfberg pointed out in his Navigator presentation that "covered entities" fall into basically three categories; health care clearinghouses, health plans or health care providers. While the first one is easily eliminated given the stark differences in function, the second may be applicable, and the third (healthcare provider) had some activity similarities and relationships that could result in a communication center being subject to HIPAA.

Doug's presentation defined healthcare providers as "...any person or organization who furnishes, bills or is paid for health care as the normal course of business." Healthcare is defined as "care, services or supplies related the health of an individual..." While this definition would appear to exclude most communication centers, Doug points out that dispatch agencies that are al so healthcare providers, such as, ambulance services (private or public operated) may be "covered entities" since they probably engage in covered electronic transactions. Covered transactions are related to exchange of patient information and include claims filling (e.g., billing for services). Since Medicare is requiring providers to file electronically as of October 16, 2003, most EMS agencies that bill for services or receive reimbursement would be "covered entities." A municipal communication center that is part of a municipality that also provides municipal ambulance service would be affiliated with the agency via the municipality and thus a covered entity.

However, there are methods for "walling off" the communication center as a noncovered function. Described as "hybrid entities," these agencies must be documented in case of a HIPAA compliance audit. Also, the hybrid entity must institute specific controls to prohibit the misuse PHI.

The three permitted uses of PHI include its use for treatment, payment and operations (a.k.a. TPO). What is important to note about TPO use is that consent or patient authorization or permission is not required. Perhaps the most applicable use of PHI for communication centers is its use in the treatment of patients. In this case, HIPAA permits PHI to be freely shared with other agencies. As a covered or hybrid entity, communication centers are permitted to give PHI over the radio and/or digitally to first responder or ambulance services. When making permitted disclosures, "incidental disclosures" are bound to occur. HIPAA requires the application of "reasonable safeguards" to minimize these occurrences, but does not require the implementation of new technology to accomplish this. For example, a review of current dispatch policies and procedures related to what response or incident information is announced over the radio and its potential to result in the disclosure of PHI would be an important activity to document. Other reviews should include a review of CAD and records management software. The basic rule of thumb is to avoid the use of names whenever possible.

Other permissible disclosures of PHI without patient authorization include:
  • Uses/disclosures required by law;

  • Public health-related activities (i.e. disease surveillance);

  • Abuse, neglect or domestic violence;

  • Government health oversight activities;

  • Judicial proceedings;

  • Law enforcement purposes; and,

  • Organ/tissue donation.
While HIPAA mandates the protection of PHI, ethically every communication center has an obligation to protect the privacy of patients. However, for the purposes of HIPAA it will be important to establish the existence or nonexistence of a business association with a "covered entity." If the communication center performs services on behalf of an EMS provider it could be a business associate. However, it is the EMS provider's responsibility to develop and present a "business associates" agreement.

Finally, all covered entities must provide HIPAA privacy training to ensure personnel understand and comply with agency policies to protect PHI. This training program must be presented to new employees within a reasonable time frame and presented to all members of the workforce (e.g, volunteers, independent contractors, etc.).

Original published in the July/August 2003 issue of 9-1-1 Magazine.

Geoff Cady is the Fire/EMS Analyst for the Gilroy (CA) Fire Department, and a long time communication center and EMS consultant. Geoff is also a member of College of Fellows of the National Academy of EMD. He regularly lectures and writes on EMS and communications related topics. He can be contacted at geoff_cady@hotmail.com.

Authors note: The author would like acknowledge and thank Doug Wolfberg of Page, Wolfberg and Wirth for his contribution to this issue's column. For more information on HIPAA-related issues see www.pwwemslaw.com.

Activating Your Emergency Broadcasts

DSC systems allow you to initiate an emergency broadcast using several methods. Because emergencies can arise at any hour of the day or night, we have provided these multiple techniques so that you are not required to staff a center 24 by 7.

  • Emergency Control Center - DSC provides an Emergency Control Center PC interface to our phone systems that manages one emergency phone dialer or an entire network of dialers. Our emergency control program runs either on your local dialer or on the network where your dialer resides. This program lets you download phone lists and emergency phone messages and initiate the emergeny broadcast. This program likewise lets you configure your network or emergency dialers and produces reports on the performance of your system or network.

  • Web Based Control Center - Our web based emergency notification system lets you access a web page for managing and activating emergency broadcasts. After entering a secure user id and password, you can download phone lists and recorded emergency messages. Using a menu selection, you can select any phone list/message combination to be broadcast online and initiate the emergency alert.
    emergency phone dialer for civil alerts and disasters
  • Phone Activated Emergency Dialing - If you are not able to access the internet and use our web based emergency dialing interface, we allow you to initiate an emergency phone campaign using a simple touchphone into our phone system. After properly validating your account id and password, the phone system lets you select a pre-recorded messsage (or record one while you are on the phone). It then prompts you to identify the list of phone numbers to be called (previously maintained under your account). Finally this phone program will let you listen to the message to be sent and inform you of the size of the list of numbers to be called as a final check. If everything is ok, then pressing a touchphone key activates the calling program.

  • Computer Activated Dialing - Our emergency notification network also supports computer and web connectivity using XML technology. Thus, emergency communication can be initiated from your website or computer by automatically sending our emergency phone system a message containing a list of one or more phone numbers and a message to be sent to these individuals. The message can be text (which is automatically converted to voice) or a voice file. For further information, visit our Emergency XML messaging web page.