What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act of 1996.

Learn more about HIPAA from the Health and Human Services summary page.

“The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used.”

– U.S. Department of Health and Human Services

HIPAA and Radio Communication

HIPAA, as with any complex law, is often the source of myths and misunderstandings.

Myth No. 1: Dispatch centers can’t give out any identifiable information over the radio.

Fact: HIPAA doesn’t prevent dispatch centers from communicating all information necessary for EMS response and treatment to EMS agencies. While patient names shouldn’t be given out unless truly necessary, a dispatch center may transmit any information necessary to facilitate the EMS treatment of a patient.

Myth No. 2: Ambulance services are violating HIPAA if they give patient information to the hospital over the radio.

Fact: HIPAA permits any and all treatment-related disclosures of patient information between health care providers. Ambulances are freely permitted to give patient information to hospitals over the radio for treatment purposes.

Source: HIPAA: The Intersection of Patient Privacy with Emergency Dispatch (PDF)

A U.S. Department of Health and Human Services document titled Incidental Uses and Disclosures explains how, in the course of communication between healthcare providers, protected health information may be disclosed or overheard incidentally. It explains that HIPAA “is not intended to impede these customary and essential communications and practices and, thus, does not require that all risk of incidental use or disclosure be eliminated to satisfy its standards.”

Question: Why don’t you use encryption? Doesn’t HIPAA require it?

The majority of radio users in our surrounding counties have radios without encryption capability. In order to provide interoperable communications and the potential capability for our neighbors to communicate with hospitals on the BRICS network, we did not use encryption. No, it is not required by HIPAA. The Department of Health and Human Services states that the HIPAA privacy rule does not require encryption of wireless or other emergency medical radio communications which can be intercepted by scanners.

Source: HIPAA Incidental Uses and Disclosures (PDF)