May 21, 2012

You are here: Home / Archives for patient privacy

HIPAA vs EMS Bloggers

January 22, 2010 By 15 Comments

Yes I’m bringing up the much feared “H” word…..but for a good reason!

I read various EMS-related blogs and Twitter posts every day. Most come with some pretty interesting stories about calls ran. Unfortunately, some are a little too detailed and have the potential to get some people in trouble. I know this because I speak from first hand experience.

Being guilty of sharing my calls for the day with the world, I have been known to give out a little too much information. On one occasion, my boss actually called me into his office because he received a complaint about a story I posted on my blog. Luckily it just amounted to me pulling the post off my blog and no real damage was done. However, had it have been pushed any further, I could have easily been fined thousands of dollars. My employer would have also been fined, which would have probably translated into me being unemployed.

Many EMS bloggers violate HIPAA and don’t even know it. There is a huge misconception that leaving out patient names protects us from privacy laws. The truth is, you have to pretty much leave out any details that could even remotely link the story to a patient. For example; if the patient can read your blog and identify the story as being their incident, then HIPAA has been violated.

So how do I HIPAA-Proof my blog?

The only way to make your blog 100% compliant is to just not reference calls without a patient’s permission. If you read my blog, you obviously know this is not how I practice. I do however, take several steps to minimize my risks.

First and foremost, NEVER use patient names, addresses, pictures, etc. Anything that directly links your story to the patient is just an attorneys payday waiting to happen. Making up fake names or not using names at all is an easy way around this.

We all like to brag about who we work for right? Well don’t do it. Don’t even mention what agency or company you work for. Doing so places yourself and your employer at risk. This goes for the entire blog, not just the story.

Don’t talk about where you work, or even where you live.  Be vague when discussing your location. Use terms like “Southern California” rather than “Los Angeles California”. This also applies to the entire blog.

Don’t get detailed when discussing call locations. Describing your scene as “Chili’s Restaurant on 4th street”, is a bad idea. Instead either make up a fake establishment or just don’t even mention any business names.

Blogging is like journalism, so aren’t I covered under the “freedom of the press?”

No, no and hell no.

Sure Geraldo Rivera can pretty much say anything he wants on TV and be covered under the constitution, but Geraldo isn’t a paramedic (thank god). We are healthcare providers and we sign HIPAA agreements when we go through school and start employment. As a matter of fact, posting protected information on the internet is about the worst way you can violate privacy laws.

Don’t get me wrong people, I love reading about how you intubated 2 people at the same time or successfully stuck an IV in someones earlobe. Just please be careful and protect yourself!

If anyone is interested, more HIPAA information can be found at http://www.hhs.gov/ocr/privacy.


Filed Under: Education, Politics Tagged With: , , , , , ,