DECATUR TOWNSHIP
FIRE DEPARTMENT
 

HOME

TWP. TRUSTEE

FIRE PREVENTION

DEPARTMENT STAFF

STATIONS

OTHER DEPARTMENTS

LINKS

ABOUT US

PRIVACY NOTICE
                
       Employee Section
 

DEPARTMENT CALENDAR

EMPLOYEE BENEFITS

POLICIES/PROCEDURES

EMS PROTOCOLS

DECATUR LOCAL 416



Click Here if Outlook link does Not Work


 


Decatur Township Fire Department

Notice of Privacy Practices

IMPORTANT:  THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.  

As an essential part of our commitment to you, Decatur Township Fire Department maintains the privacy of certain confidential health care information about you, known as Protected Health Information or PHI.  We are required by law to protect your health care information and to provide you with the attached Notice of Privacy Practices. 

 The Notice outlines our legal duties and privacy practices respect to your PHI.  It not only describes our privacy practices and your legal rights, but lets you know, among other things, how Decatur Township Fire Department is permitted to use and disclose PHI about you, how you can access and copy that information, how you may request amendment of that information, and how you may request restrictions on our use and disclosure of your PHI. 

 Decatur Township Fire Department is also required to abide by the terms of the version of this Notice currently in effect. In most situations we may use this information as described in this Notice without your permission, but there are some situations where we may use it only after we obtain your written authorization, if we are required by law to do so.  

 We respect your privacy, and treat all health care information about our patients with care under strict policies of confidentiality that all of our staff is committed to following at all times. 

 PLEASE READ THE ATTACHED DETAILED NOTICE.  IF YOU HAVE ANY QUESTIONS ABOUT IT, PLEASE CONTACT Chuck VAlentine, OUR PRIVACY OFFICER, AT 317-856-5400.

 

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

 

Purpose of this Notice Decatur Township Fire Department is required by law to maintain the privacy of certain confidential health care information, known as Protected Health Information or PHI, and to provide you with a notice of our legal duties and privacy practices with respect to your PHI. This Notice describes your legal rights, advises you of our privacy practices, and lets you know how Decatur Township Fire Department is permitted to use and disclose PHI about you. 

Decatur Township Fire Department is also required to abide by the terms of the version of this Notice currently in effect. In most situations we may use this information as described in this Notice without your permission, but there are some situations where we may use it only after we obtain your written authorization, if we are required by law to do so.

 Uses and Disclosures of PHI: Decatur Township Fire Department may use PHI for the purposes of treatment, payment, and health care operations, in most cases without your written permission.  Examples of our use of your PHI: 

 For treatment.  This includes such things as verbal and written information that we obtain about you and use pertaining to your medical condition and treatment provided to you by us and other medical personnel (including doctors and nurses who give orders to allow us to provide treatment to you). It also includes information we give to other health care personnel to whom we transfer your care and treatment, and includes transfer of PHI via radio or telephone to the hospital or dispatch center as well as providing the hospital with a copy of the written record we create in the course of providing you with treatment and transport.

 For payment.  This includes any activities we must undertake in order to get reimbursed for the services we provide to you, including such things as organizing your PHI and submitting bills to insurance companies, management of billed claims for services rendered, medical necessity determinations and reviews, utilization review, and collection of outstanding accounts. 

 For health care operations.  This includes quality assurance activities, licensing, and training programs to ensure that our personnel meet our standards of care and follow established policies and procedures, obtaining legal and financial services, conducting business planning, processing grievances and complaints, creating reports that do not individually identify you for data collection purposes, fundraising, and certain marketing activities. 

 

Use and Disclosure of PHI Without Your Authorization.  Decatur Township Fire Department is permitted to use PHI without your written authorization, or opportunity to object in certain situations, including: 

 

·         For Decatur Township Fire Department’s use in treating you or in obtaining payment for services provided to you or in other health care operations;

·         For the treatment activities of another health care provider;

·         To another health care provider or entity for the payment activities of the provider or entity that receives the information (such as your hospital or insurance company);

·         To another health care provider (such as the hospital to which you are transported) for the health care operations activities of the entity that receives the information as long as the entity receiving the information has or has had a relationship with you and the PHI pertains to that relationship;

·         For health care fraud and abuse detection or for activities related to compliance with the law;

·         To a family member, other relative, or close personal friend or other individual involved in your care if we obtain your verbal agreement to do so or if we give you an opportunity to object to such a disclosure and you do not raise an objection.  We may also disclose health information to your family, relatives, or friends if we infer from the circumstances that you would not object. For example, we may assume you agree to our disclosure of your personal health information to your spouse when your spouse has called the ambulance for you.   In situations where you are not capable of objecting (because you are not present or due to your incapacity or medical emergency), we may, in our professional judgment, determine that a disclosure to your family member, relative, or friend is in your best interest. In that situation, we will disclose only health information relevant to that person's involvement in your care. For example, we may inform the person who accompanied you in the ambulance that you have certain symptoms and we may give that person an update on your vital signs and treatment that is being administered by our ambulance crew;

·         To a public health authority in certain situations (such as reporting a birth, death or disease as required by law, as part of a public health investigation, to report child or adult abuse or neglect or domestic violence, to report adverse events such as product defects, or to notify a person about exposure to a possible communicable disease as required by law;

·         For health oversight activities including audits or government investigations, inspections, disciplinary proceedings, and other administrative or judicial actions undertaken by the government (or their contractors) by law to oversee the health care system;

·         For judicial and administrative proceedings as required by a court or administrative order, or in some cases in response to a subpoena or other legal process;

·         For law enforcement activities in limited situations, such as when there is a warrant for the request, or when the information is needed to locate a suspect or stop a crime;

·         For military, national defense and security and other special government functions;

·         To avert a serious threat to the health and safety of a person or the public at large;

·         For workers’ compensation purposes, and in compliance with workers’ compensation laws;

·         To coroners, medical examiners, and funeral directors for identifying a deceased person, determining cause of death, or carrying on their duties as authorized by law;

·         If you are an organ donor, we may release health information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ donation and transplantation;

·         For research projects, but this will be subject to strict oversight and approvals and health information will be released only when there is a minimal risk to your privacy and adequate safeguards are in place in accordance with the law;

·         We may use or disclose health information about you in a way that does not personally identify you or reveal who you are.

 

Any other use or disclosure of PHI, other than those listed above will only be made with your written authorization, (the authorization must specifically identify the information we seek to use or disclose, as well as when and how we seek to use or disclose it). You may revoke your authorization at any time, in writing, except to the extent that we have already used or disclosed medical information in reliance on that authorization.   

 Patient Rights:  As a patient, you have a number of rights with respect to the protection of your PHI, including:

The right to access, copy or inspect your PHI.  This means you may come to our offices and inspect and copy most of the medical information about you that we maintain.  We will normally provide you with access to this information within 30 days of your request.  We may also charge you a reasonable fee for you to copy any medical information that you have the right to access.  In limited circumstances, we may deny you access to your medical information, and you may appeal certain types of denials. 

 We have available forms to request access to your PHI and we will provide a written response if we deny you access and let you know your appeal rights.  If you wish to inspect and copy your medical information, you should contact the privacy officer listed at the end of this Notice. 

 The right to amend your PHI.  You have the right to ask us to amend written medical information that we may have about you.  We will generally amend your information within 60 days of your request and will notify you when we have amended the information.  We are permitted by law to deny your request to amend your medical information only in certain circumstances, like when we believe the information you have asked us to amend is correct.  If you wish to request that we amend the medical information that we have about you, you should contact the privacy officer listed at the end of this Notice.

 The right to request an accounting of our use and disclosure of your PHI.  You may request an accounting from us of certain disclosures of your medical information that we have made in the last six years prior to the date of your request.  We are not required to give you an accounting of information we have used or disclosed for purposes of treatment, payment or health care operations, or when we share your health information with our business associates, like our billing Fire Department or a medical facility from/to which we have transported you.

 We are also not required to give you an accounting of our uses of protected health information for which you have already given us written authorization.  If you wish to request an accounting of the medical information about you that we have used or disclosed that is not exempted from the accounting requirement, you should contact the privacy officer listed at the end of this Notice.

 The right to request that we restrict the uses and disclosures of your PHI. You have the right to request that we restrict how we use and disclose your medical information that we have about you for treatment, payment or health care operations, or to restrict the information that is provided to family, friends and other individuals involved in your health care.  But if you request a restriction and the information you asked us to restrict is needed to provide you with emergency treatment, then we may use the PHI or disclose the PHI to a health care provider to provide you with emergency treatment.  Decatur Township Fire Department is not required to agree to any restrictions you request, but any restrictions agreed to by Decatur Township Fire Department are binding on Decatur Township Fire Department. 

 Internet, Electronic Mail, and the Right to Obtain Copy of Paper Notice on Request.  This notice is posted at www.decaturfire.org and is available electronically through the web site.  If you allow us, we will forward you this Notice by electronic mail instead of on paper and you may always request a paper copy of the Notice.

 Revisions to the Notice:  Decatur Township Fire Department reserves the right to change the terms of this Notice at any time, and the changes will be effective immediately and will apply to all protected health information that we maintain.  Any material changes to the Notice will be promptly posted in our facilities and posted to our web site (www.decaturfire,org).  You can get a copy of the latest version of this Notice by contacting the Privacy Officer identified below.

 Your Legal Rights and Complaints:  You also have the right to complain to us, or to the Secretary of the United States Department of Health and Human Services if you believe your privacy rights have been violated. You will not be retaliated against in any way for filing a complaint with us or to the government.  Should you have any questions, comments or complaints you may direct all inquiries to the privacy officer listed at the end of this Notice.  Individuals will not be retaliated against for filing a complaint.

 If you have any questions or if you wish to file a complaint or exercise any rights listed in this Notice, please contact:  

                        Mary Ann Hibler (Privacy Officer)

                        Decatur Township Fire Department

                        5410 S High School Road

Indianapolis, IN 46221

317-856-5400

 

Effective April 10, 2003

 

BILLING AUTHORIZATION, RESPONSIBILITY FOR PAYMENT

 AND RECEIPT OF NOTICE OF PRIVACY RIGHTS  

I understand that I am financially responsible for the services provided to me by Decatur Township Fire Department (“DTFD”) regardless of insurance coverage.  I request that payment of authorized Medicare or other insurance benefits be made on my behalf to DTFD for any services provided to me by DTFD.  I authorize and direct any holder of medical information or documentation about me to release to the Centers for Medicare and Medicaid Services and its carriers and agents, as well as to DTFD and its billing agents and any other payers or insurers, any information or documentation needed to determine these benefits or benefits payable for any services provided to me by DTFD, now or in the future.  I agree to immediately remit to DTFD any payments that I receive directly from any source for the services provided to me and I assign all rights to such payments to Decatur Township Fire Department. 

 I also acknowledge that I have received a copy of the Decatur Township Fire Department Notice of Privacy Practices. A copy of this form is as valid as the original.

 

_____________________________________________   Date:_________________

Patient Signature

 

_____________________________________________    _______________________

Patient Representative’s Signature                               Relationship to Patient

 

Patient unable to sign because: 

 

________________________________________________________________________


 

 Decatur Township Fire Department

Policy on Patient Access, Amendment and Restriction on Use of Protected Health Information

Purpose

 Under the HIPAA Privacy Rule, individuals have the right to access and to request amendment or restriction on the use of their protected health information, or PHI, and restrictions on its use that is maintained in “designated record sets,” or DRS. (See policy on Designated Record Sets).

 To ensure that Decatur Township Fire Department only releases the PHI that is covered under the Privacy Rule, this policy outlines procedures for requests for patient access, amendment, and restriction on the use of PHI.

 This policy also establishes the procedure by which patients or appropriate requestors may access PHI, request amendment to PHI, and request a restriction on the use of PHI.

 Policy

Only information contained in the DRS outlined in this policy is to be provided to patients who request access, amendment and restriction on the use of their PHI in accordance with the Privacy Rule and the Privacy Practices of Decatur Township Fire Department.

Procedure

 Patient Access:

 

 1.                  Upon presentation to the business office, the patient or appropriate representative will complete a Request for Access Form. 

 2.                  The Fire Department employee must verify the patient’s identity, and if the requestor is not the patient, the name of the individual and reason that the request is being made by this individual. The use of a driver’s license, social security card, or other form of government-issued identification is acceptable for this purpose.

 3.                  The completed form will be presented to the Privacy Officer for action.

       4.                  The Privacy Officer will act upon the request within 30 days. 

       5.                  If the Fire Department is unable to respond to the request within these time frames, the requestor must be given a written notice no later than the initial due date for a response, explaining why the Fire Department could not respond within the time frame and in that case the Fire Department may extend the response time by an additional 30 days.

 

 6.                  Upon approval of access, patient will have the right to access the PHI contained in the DRS outlined below and may make a copy of the PHI contained in the DRS upon verbal or written request.

 7.                  The business office has established a reasonable charge of $5.00 for copying PHI for the patient or appropriate representative.

       8.                  Patient access may be denied for the reasons listed below, and in some cases the denial of access may be appealed to the Fire Department for review.

       9.                  The following are reasons to deny access to PHI that are not subject to review and are final and may not be appealed by the patient: 

 a.      If the information the patient requested was compiled in reasonable anticipation of, or use in, a civil, criminal or administrative action or proceeding;

 b.     If the information the patient requested was obtained from someone other than a health care provider under a promise of confidentiality and the access requested would be reasonably likely to reveal the source of the information.

 10.              The following reasons to deny access to PHI are subject to review and the patient may appeal the denial:

 a.      If a licensed health care professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to endanger the life or physical safety of the individual or another person;

 b.     If the protected health information makes reference to another person (other than a health care provider) and a licensed health professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to cause substantial harm to that person;

 c.      If the request for access is made by a requestor as a personal representative of the individual about whom the requestor is requesting the information, and a licensed health professional has determined, in the exercise of professional judgment, that access by you is reasonably likely to cause harm to the individual or another person.              

 d.     If the denial of the request for access to PHI is for reasons a, b, or c, then the patient may request a review of the denial of access by sending a written request to the Privacy Officer.

 e.     The Fire Department will designate a licensed health professional, who was not directly involved in the denial, to review the decision to deny the patient access.  The Fire Department will promptly refer the request to this designated review official.  The review official will determine within a reasonable period of time whether the denial is appropriate.  The Fire Department will provide the patient with written notice of the determination of the designated reviewing official.     

 f.        The patient may also file a complaint in accordance with the Procedure for Filing Complaints about Privacy Practices if the patient is not satisfied with the Fire Department’s determination. 

       11.              Access to the actual files or computers that contain the DRS that may be accessed by the patient or requestor should not be permitted.  Rather, copies of the records should be provided for the patient or requestor to view in a confidential area under the direct supervision of a designated Fire Department staff member.  UNDER NO CIRCUMSTANCES SHOULD ORIGINALS OF PHI LEAVE THE PREMISES.

 12.              If the patient or requestor would like to retain copies of the DRS provided, then the Fire Department will charge $5.00 for the cots of reproduction.

       13.              Whenever a patient or requestor accesses a DRS, a note should be maintained in a log book indicating the time and date of the request, the date access was provided, what specific records were provided for review, and what copies were left with the patient or requestor.

       14.              Following a request for access to PHI, a patient or requestor may request an amendment to his or her PHI, and request restriction on its use in some circumstances.

 Requests for Amendment to PHI

       15.              The patient or appropriate requestor may only request amendment to PHI contained in the DRS.  The “Request for Amendment of PHI” Form must be accompanied with any request for amendment. 

 16.              The Fire Department must act upon a Request for Amendment within 60 days of the request. If the Fire Department is unable to act upon the request within 60 days, it must provide the requestor with a written statement of the reasons for the delay, and in that case may extend the time period in which to comply by an additional 30 days.

 Granting Requests for Amendment

       17.              All requests for amendment must be forwarded immediately to the Privacy Officer for                    review. 

 18.              If the Privacy Officer grants the request for amendment, then the requestor will receive a letter indicating that the appropriate amendment to the PHI or record that was the subject of the request has been made. 

 19.              There must be written permission provided by the patient so that that the Fire Department may notify the persons with which the amendments need to be shared.  The Fire Department must provide the amended information to those individuals identified by having received the PHI that has been amended as well as those persons or business associates that have such information and who may have relied on or could be reasonably expected to rely on the amended PHI.

 20.              The patient must identify individuals who may need the amended PHI and sign the statement in the Request for Amendment form giving the Fire Department permission to provide them with the updated PHI.

       21.              The Fire Department will add the request for amendment, the denial or granting of the request, as well as any statement of disagreement by the patient and any rebuttal statement by the Fire Department to the designated record set.

 Denial of Requests for Amendment

       22.              The Fire Department may deny a request to amend PHI for the following reasons:  1) If the Fire Department did not create the PHI at issue; 2) if the information is not part of the DRS; or 3) the information is accurate and complete.

 23.              The Fire Department must provide a written denial, and the denial must be written in plain language and state the reason for the denial; the individual’s right to submit a statement disagreeing with the denial and how the individual may file such a statement; a statement that, if the individual does not submit a statement of disagreement, the individual may request that the provider provide the request for amendment and the denial with any future disclosures of the PHI; and a description of how the individual may file a complaint with the covered entity, including the name and telephone number of an appropriate contact person, or to the Secretary of Health and Human Services. 

24.              If the individual submits a “statement of disagreement,” the provider may prepare a written rebuttal statement to the patient’s statement of disagreement.  The statement of disagreement will be appended to the PHI, or at the Fire Department’s option, a summary of the disagreement will be appended, along with the rebuttal statement of the Fire Department.

 25.              If the Fire Department receives a notice from another covered entity, such as a hospital, that it has amended its own PHI in relation to a particular patient, the ambulance service must amend its own PHI that may be affected by the amendments.

 Requests for Restriction

       26.              The patient may request a restriction on the use and disclosure of their PHI.

 27.              The Fire Department is not required to agree to any restriction, and given the emergent nature of our operation, we generally will not agree to a restriction. 

28.              ALL REQUESTS FOR RESTRICTION ON USE AND DISCLOSURE OF PHI MUST BE SUBMITTED IN WRITING ON THE APPROVED FIRE DEPARTMENT FORM.   ALL REQUESTS WILL BE REVIEWED AND DENIED OR APPROVED BY THE PRIVACY OFFICER.

 29.              If the Fire Department agrees to a restriction, we may not use or disclosed PHI in violation of the agreed upon restriction, except that if the individual who requested the restriction is in need of emergency service, and the restricted PHI is needed to provide the emergency service, the Fire Department may use the restricted PHI or may disclose such PHI to another health care provider to provide treatment to the individual.

 30.              The agreement to restrict PHI will be documented to ensure that the restriction is followed.

 31.              A restriction may be terminated if the individual agrees to or requests the termination.  Oral agreements to terminate restrictions must be documented.  A current restriction may also be terminated by the Fire Department as long as the Fire Department notifies the patient that PHI created or received after the restriction is removed is no longer restriction.  PHI that was restricted prior to the Fire Department voiding the restriction must continue to be treated as restricted PHI.

 

 1.                  Upon presentation to the business office, the patient or appropriate representative will complete a Request for Access Form. 

 2.                  The Fire Department employee must verify the patient’s identity, and if the requestor is not the patient, the name of the individual and reason that the request is being made by this individual. The use of a driver’s license, social security card, or other form of government-issued identification is acceptable for this purpose.

 3.                  The completed form will be presented to the Privacy Officer for action.

       4.                  The Privacy Officer will act upon the request within 30 days. 

       5.                  If the Fire Department is unable to respond to the request within these time frames, the requestor must be given a written notice no later than the initial due date for a response, explaining why the Fire Department could not respond within the time frame and in that case the Fire Department may extend the response time by an additional 30 days.

 

 6.                  Upon approval of access, patient will have the right to access the PHI contained in the DRS outlined below and may make a copy of the PHI contained in the DRS upon verbal or written request.

 7.                  The business office has established a reasonable charge of $5.00 for copying PHI for the patient or appropriate representative.

       8.                  Patient access may be denied for the reasons listed below, and in some cases the denial of access may be appealed to the Fire Department for review.

       9.                  The following are reasons to deny access to PHI that are not subject to review and are final and may not be appealed by the patient: 

 a.      If the information the patient requested was compiled in reasonable anticipation of, or use in, a civil, criminal or administrative action or proceeding;

 b.     If the information the patient requested was obtained from someone other than a health care provider under a promise of confidentiality and the access requested would be reasonably likely to reveal the source of the information.

 10.              The following reasons to deny access to PHI are subject to review and the patient may appeal the denial:

 a.      If a licensed health care professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to endanger the life or physical safety of the individual or another person;

 b.     If the protected health information makes reference to another person (other than a health care provider) and a licensed health professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to cause substantial harm to that person;

 c.      If the request for access is made by a requestor as a personal representative of the individual about whom the requestor is requesting the information, and a licensed health professional has determined, in the exercise of professional judgment, that access by you is reasonably likely to cause harm to the individual or another person.              

 d.     If the denial of the request for access to PHI is for reasons a, b, or c, then the patient may request a review of the denial of access by sending a written request to the Privacy Officer.

 e.     The Fire Department will designate a licensed health professional, who was not directly involved in the denial, to review the decision to deny the patient access.  The Fire Department will promptly refer the request to this designated review official.  The review official will determine within a reasonable period of time whether the denial is appropriate.  The Fire Department will provide the patient with written notice of the determination of the designated reviewing official.     

 f.        The patient may also file a complaint in accordance with the Procedure for Filing Complaints about Privacy Practices if the patient is not satisfied with the Fire Department’s determination. 

       11.              Access to the actual files or computers that contain the DRS that may be accessed by the patient or requestor should not be permitted.  Rather, copies of the records should be provided for the patient or requestor to view in a confidential area under the direct supervision of a designated Fire Department staff member.  UNDER NO CIRCUMSTANCES SHOULD ORIGINALS OF PHI LEAVE THE PREMISES.

 12.              If the patient or requestor would like to retain copies of the DRS provided, then the Fire Department will charge $5.00 for the cots of reproduction.

       13.              Whenever a patient or requestor accesses a DRS, a note should be maintained in a log book indicating the time and date of the request, the date access was provided, what specific records were provided for review, and what copies were left with the patient or requestor.

       14.              Following a request for access to PHI, a patient or requestor may request an amendment to his or her PHI, and request restriction on its use in some circumstances.

 Requests for Amendment to PHI

       15.              The patient or appropriate requestor may only request amendment to PHI contained in the DRS.  The “Request for Amendment of PHI” Form must be accompanied with any request for amendment. 

 16.              The Fire Department must act upon a Request for Amendment within 60 days of the request. If the Fire Department is unable to act upon the request within 60 days, it must provide the requestor with a written statement of the reasons for the delay, and in that case may extend the time period in which to comply by an additional 30 days.

 Granting Requests for Amendment

       17.              All requests for amendment must be forwarded immediately to the Privacy Officer for                    review. 

 18.              If the Privacy Officer grants the request for amendment, then the requestor will receive a letter indicating that the appropriate amendment to the PHI or record that was the subject of the request has been made. 

 19.              There must be written permission provided by the patient so that that the Fire Department may notify the persons with which the amendments need to be shared.  The Fire Department must provide the amended information to those individuals identified by having received the PHI that has been amended as well as those persons or business associates that have such information and who may have relied on or could be reasonably expected to rely on the amended PHI.

 20.              The patient must identify individuals who may need the amended PHI and sign the statement in the Request for Amendment form giving the Fire Department permission to provide them with the updated PHI.

       21.              The Fire Department will add the request for amendment, the denial or granting of the request, as well as any statement of disagreement by the patient and any rebuttal statement by the Fire Department to the designated record set.

 Denial of Requests for Amendment

       22.              The Fire Department may deny a request to amend PHI for the following reasons:  1) If the Fire Department did not create the PHI at issue; 2) if the information is not part of the DRS; or 3) the information is accurate and complete.

 23.              The Fire Department must provide a written denial, and the denial must be written in plain language and state the reason for the denial; the individual’s right to submit a statement disagreeing with the denial and how the individual may file such a statement; a statement that, if the individual does not submit a statement of disagreement, the individual may request that the provider provide the request for amendment and the denial with any future disclosures of the PHI; and a description of how the individual may file a complaint with the covered entity, including the name and telephone number of an appropriate contact person, or to the Secretary of Health and Human Services. 

24.              If the individual submits a “statement of disagreement,” the provider may prepare a written rebuttal statement to the patient’s statement of disagreement.  The statement of disagreement will be appended to the PHI, or at the Fire Department’s option, a summary of the disagreement will be appended, along with the rebuttal statement of the Fire Department.

 25.              If the Fire Department receives a notice from another covered entity, such as a hospital, that it has amended its own PHI in relation to a particular patient, the ambulance service must amend its own PHI that may be affected by the amendments.

 Requests for Restriction

       26.              The patient may request a restriction on the use and disclosure of their PHI.

 27.              The Fire Department is not required to agree to any restriction, and given the emergent nature of our operation, we generally will not agree to a restriction. 

28.              ALL REQUESTS FOR RESTRICTION ON USE AND DISCLOSURE OF PHI MUST BE SUBMITTED IN WRITING ON THE APPROVED FIRE DEPARTMENT FORM.   ALL REQUESTS WILL BE REVIEWED AND DENIED OR APPROVED BY THE PRIVACY OFFICER.

 29.              If the Fire Department agrees to a restriction, we may not use or disclosed PHI in violation of the agreed upon restriction, except that if the individual who requested the restriction is in need of emergency service, and the restricted PHI is needed to provide the emergency service, the Fire Department may use the restricted PHI or may disclose such PHI to another health care provider to provide treatment to the individual.

 30.              The agreement to restrict PHI will be documented to ensure that the restriction is followed.

 31.              A restriction may be terminated if the individual agrees to or requests the termination.  Oral agreements to terminate restrictions must be documented.  A current restriction may also be terminated by the Fire Department as long as the Fire Department notifies the patient that PHI created or received after the restriction is removed is no longer restriction.  PHI that was restricted prior to the Fire Department voiding the restriction must continue to be treated as restricted PHI.


 

Decatur Township Fire Department

Policy on Procedure for Request for Amendment to Protected Health Information

 

Purpose

To provide consistent guidelines for Decatur Township Fire Department staff so that they may assist a patient in amending the protected health information (PHI) of their patient care record in accordance with their rights under the federal Privacy Regulations.

 

Policy

 

An individual has the right to amend his/her patient care records, as long as their protected health information is maintained by Decatur Township Fire Department, except in the following circumstances: 

  • The originator of the record is no longer available.

  • The information the patient is requesting to amend was not created by Decatur Township Fire Department

  • The information is not part of the patient care record

  • The information is accurate and complete

The information would not be available for inspection as provided by law, and therefore DTFD in not required to consider an amendment.  This exception applies to information compiled in anticipation of a legal proceeding

  • Information received from someone else under a promise of confidentiality

Procedure

1.  Confirm the identity of requestor or legal representative. If the requestor is legal representative, ask for legal proof of their representative status;

2.  The patient must fill out the Request for Amendment of Protected Health Information form completely;

3.  The Fire Department, with the assistance of legal counsel, will act on the request for amendment within 60 days of the request;

4.  If the Fire Department agrees with the amendment,

      a.                  Then the record will be amended;

      b.                 The Fire Department will then notify the individual of the agreement to amend the record;

      c.                  Copies of the amended record will be provided to our business associates, facilities to or from which we have transported the patient, and others involved in the patient’s treatment.

5.  If the Fire Department denies the request for amendment,

     a.      Then the individual that requested the amendment will be notified of the denial, and the reason for the denial in writing;

     b.     A statement will be given to the individual that he/she may submit a short written statement disagreeing with the denial, and how the individual may file such a statement;

     c.      A statement will be given to that individual that he/she may, if they do not wish to submit a statement of disagreement, that they may request that the Request for Amendment and the denial become a permanent part of their medical record;

     d.      A statement that the individual may complain to the Privacy Officer of the Fire Department at 5410 S High School Rd Indianapolis, IN 46221 (317) 856-5400, or to the federal agency that oversees enforcement of the federal Privacy Rule, the Department of Health and Human Services;

6.   All documentation pertaining to the request for amendment will be kept in      the medical record.

 

Decatur Township Fire Department

Policy on Designated Record Sets

 Purpose

 

To ensure that Decatur Township Fire Department releases Protected Health Information (PHI) in accordance with the Privacy Rule, this policy establishes a definition of what information should be accessible to patients as part of the DRS, and outlines procedures for requests for patient access, amendment, and restriction on the use of PHI.

 

Under the Privacy Rule, the DRS include medical records that are created or used by the Fire Department to make decisions about the patient.

 

Policy

 

The DRS should only include HIPAA covered PHI, and should not include information used for the operational purposes of the organization, such as quality assurance data, accident reports, and incident reports.   The type of information that should be included in the DRS is medical records and billing records.

 

Procedure

 

The Designated Record Set

 

1.         The DRS for any requests for access to PHI includes the following records:

 

a.      The patient care report or PCR created by EMS field personnel (this includes any photographs, monitor strips, Physician Certification Statements, Refusal of Care forms, or other source data that is incorporated and/or attached to the PCR.

 

b.     The electronic claims records or other paper records of submission of actual claims to Medicare or other insurance companies.

 

c.      Any patient-specific claim information, including responses from insurance payers, such as remittance advice statements, Explanation of Medicare Benefits (EOMBs), charge screens, patient account statements, and signature authorization and agreement to pay documents.

 

d.     Medicare Advance Beneficiary Notices, Notices from insurance companies indicating coverage determinations, documentation submitted by the patient, and copies of the patient’s insurance card or policy coverage summary, that relate directly to the care of the patient.

e.     Amendments to PHI, or statements of disagreement by the patient requesting the amendment when PHI is not amended upon request, or an accurate summary of the statement of disagreement.

 

2.      The DRS also include copies of records created by other service providers and other health care providers such as first responder units, assisting ambulance services, air medical services, nursing homes, hospitals, police departments, coroner’s office, etc., that are used by the Fire Department as part of treatment and payment purposes related to the patient.


 

 Decatur Township Fire Department

Policy on Security, Levels of Access and Limiting Disclosure and Use of PHI

 

Purpose

 

To outline levels of access to Protected Health Information (PHI) of various staff members of Decatur Township Fire Department and to provide a policy and procedure on limiting access, disclosure, and use of PHI.  Security of PHI is everyone’s responsibility.

 

Policy

 

Decatur Township Fire Department retains strict requirements on the security, access, disclosure and use of PHI.   Access, disclosure and use of PHI will be based on the role of the individual staff member in the organization, and should be only to the extent that the person needs access to PHI to complete necessary job functions.

 

When PHI is accessed, disclosed and used, the individuals involved will make every effort, except in patient care situations, to only access, disclose and use PHI to the extent that only the minimum necessary information is used to accomplish the intended purpose.

 

Procedure

Role Based Access

Access to PHI will be limited to those who need access to PHI to carry out their duties.  The following describes the specific categories or types of PHI to which such persons need access is defined and the conditions, as appropriate, that would apply to such access.

 

Job Title

Description of PHI to Be Accessed

Conditions of Access to PHI

EMT

Intake forms from dispatch, patient care reports,

May access only as part of completion of a patient event and post-event activities and only while actually on duty

Paramedic

Intake forms from dispatch, patient care reports

May access only as part of completion of a patient event and post-event activities and only while actually on duty

Billing Clerk

Intake forms from dispatch, patient care reports, billing claim forms, remittance advice statements, other patient records from facilities

May access only as part of duties to complete patient billing and follow up and only during actual work shift

Field Supervisors (Captains & Lieutenants)

Intake forms from dispatch, patient care reports

May access only as part of completion of a patient event and post-event activities, as well as for quality assurance checks and corrective counseling of staff

Dispatcher

Intake forms, preplanned CAD information on patient address

May access only as part of completion of an incident, from receipt of information necessary to dispatch a call, to the closing out of the incident and only while on duty

EMS Training Staff

Intake forms from dispatch, patient care reports

May access only as a part of training and quality assurance activities.  All individually identifiable patient information should be redacted prior to use in training and quality assurance activities

Department Managers (EMS Chief)

 

May access only to the extent necessary to monitor compliance and to accomplish appropriate supervision and management of personnel

Access to PHI is limited to the above-identified persons only, and to the identified PHI only, based on the Fire Department’s reasonable determination of the persons or classes of persons who require PHI, and the nature of the health information they require, consistent with their job responsibilities.

 

Access to a patient’s entire file will not be allowed except when provided for in this and other policies and procedures and the justification for use of the entire medical record is specifically identified and documented.

Disclosures to and Authorizations From the Patient

 

You are not required to limit to the minimum amount of information necessary required to perform your job function, or your disclosures of PHI to patients who are the subject of the PHI. In addition, disclosures authorized by the patient are exempt from the minimum necessary requirements unless the authorization to disclose PHI is requested by the Fire Department.

Authorizations received directly from third parties, such as Medicare, or other insurance companies, which direct you to release PHI to those entities, are not subject to the minimum necessary standards.

For example, if we have a patient’s authorization to disclose PHI to Medicare, Medicaid or another health insurance plan for claim determination purposes, the Fire Department is permitted to disclose the PHI requested without making any minimum necessary determination.


Fire Department Requests for PHI

 

If the Fire Department needs to request PHI from another health care provider on a routine or recurring basis, we must limit our requests to only the reasonably necessary information needed for the intended purpose, as described below.   For requests not covered below, you must make this determination individually for each request and you should consult your supervisor for guidance.  For example, if the request in non-recurring or non-routine, like making a request for documents via a subpoena, we must review make sure our request covers only the minimum necessary PHI to accomplish the  purpose of the request.

 

Holder of PHI

Purpose of Request

Information Reasonably Necessary to Accomplish Purpose

Skilled Nursing Facilities

To have adequate patient records to determine medical necessity for service and to properly bill for services provided

Patient face sheets, discharge summaries, Physician Certification Statements and Statements of Medical Necessity, Mobility Assessments

Hospitals

To have adequate patient records to determine medical necessity for service and to properly bill for services provided

Patient face sheets, discharge summaries, Physician Certification Statements and Statements of Medical Necessity, Mobility Assessments

Mutual Aid Ambulance or Paramedic Services

To have adequate patient records to conduct joint billing operations for patients mutually treated/transported by the Fire Department

Patient care reports

 

For all other requests, determine what information is reasonably necessary for each on an individual basis.

 

Incidental Disclosures

 

The Fire Department understands that there will be times when there are incidental disclosures about PHI in the context of caring for a patient.  The privacy laws were not intended to impede common health care practices that are essential in providing health care to the individual.  Incidental disclosures are inevitable, but these will typically occur in radio or face-to-face conversation between health care providers, or when patient care information in written or computer form is left out in the open for others to access or see.

 The fundamental principle is that all staff needs to be sensitive about the importance of maintaining the confidence and security of all material we create or use that contains patient care information.  Coworkers and other staff members should not have access to information that is not necessary for the staff member to complete his or her job.  For example, it is generally not appropriate for field personnel to have access to billing records of the patient.

 But all personnel must be sensitive to avoiding incidental disclosures to other health care providers and others who do not have a need to know the information.  Pay attention to who is within earshot when you make verbal statements about a patient’s health information, and follow some of these common sense procedures for avoiding accidental or inadvertent disclosures:

 

Verbal Security

 

Waiting or Public Areas:  If patients are in waiting areas to discuss the service provided to them or to have billing questions answered, make sure that there are no other persons in the waiting area, or if so, bring the patient into a screened area before engaging in discussion.

 

Garage Areas: Staff members should be sensitive to that fact that members of the public and other agencies may be present in the garage and other easily accessible areas.  Conversations about patients and their health care should not take place in areas where those without a need to know are present.   

 

Other Areas:  Staff members should only discuss patient care information with those who are involved in the care of the patient, regardless of your physical location.  You should be sensitive to your level of voice and to the fact that others may be in the area when you are speaking.  This approach is not meant to impede anyone’s ability to speak with other health care providers freely when engaged in the care of the patient.  When it comes to treatment of the patient, you should be free to discuss all aspects of the patient’s medical condition, treatment provided, and any of their health information you may have in your possession with others involved in the care of the patient.   

 

Physical Security

Patient Care and Other Patient or Billing Records:  Patient care reports should be stored in safe and secure areas.  When any paper records concerning a patient are completed, they should not be left in open bins or on desktops or other surfaces.  Only those with a need to have the information for the completion of their job duties should have access to any paper records.

Billing records, including all notes, remittance advices, charge slips or claim forms should not be left out in the open and should be stored in files or boxes that are secure and in an area with access limited to those who need access to the information for the completion of their job duties. 

Computers and Entry Devices:  Computer access terminals and other remote entry devices such as PDAs and laptops should be kept secure.  Access to any computer device should be by password only.  Staff members should be sensitive to who may be in viewing range of the monitor screen and take simple steps to shield viewing of the screen by unauthorized persons.  All remote devices such as laptops and PDAs should remain in the physical possession of the individually to whom it is assigned at all times.  See the Decatur Township Fire Department Policy on Use of Computer Equipment and Information Systems.

 

Decatur Township Fire Department

Policy on Use of Computer and Information Systems and Equipment

       

Purpose

 

Decatur Township Fire Department is committed to protecting our staff members, the patients we serve and the Fire Department from illegal or damaging actions by individuals and the improper release of protected health information and other confidential or proprietary information.

The purpose of this policy is to outline the acceptable use of computer equipment at Decatur Township Fire Department. These rules are in place to protect the employee and patients of Decatur Township Fire Department.  Inappropriate use exposes Decatur Township Fire Department to risks including virus attacks, compromise of network systems and services, breach of patient confidentiality and other legal claims.  

             

Scope 

This policy applies to employees, volunteers, contractors, consultants, temporary employees, students, and others at Decatur Township Fire Department who has access to computer equipment, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by Decatur Township Fire Department.  

           

Procedure 

Use and Ownership of Computer Equipment 

  1. All data created or recorded using any computer equipment owned, controlled or used for the benefit of Decatur Township Fire Department is at all times the property of Decatur Township Fire Department.   Because of the need to protect the Decatur Township Fire Department computer network, the Fire Department cannot guarantee the confidentiality of information stored on any network device belonging to Decatur Township Fire Department, except that it will take all steps necessary to secure the privacy of all protected health information in accordance with all applicable laws. 

  1. Staff members are responsible for exercising good judgment regarding the reasonableness of personal use and must follow operational guidelines for personal use of Internet/Intranet/Extranet systems and any computer equipment. 

  1. At no time may any pornographic or sexually offensive materials be viewed, downloaded, saved, or forwarded using any Fire Department computer equipment.  Please refer to the Fire Department’s Policy on Preventing Sexual and Other Harassment for further information.

  2. For security and network maintenance purposes, authorized individuals within Decatur Township Fire Department may monitor equipment, systems and network traffic at any time, to ensure compliance with all Fire Department policies.

 

Security and Proprietary Information

 

  1. Confidential information should be protected at all times, regardless of the medium by which it is stored. Examples of confidential information include but are not limited to: individually identifiable health information concerning patients, Fire Department financial and business information, patient lists and reports, and research data. Staff members should take all necessary steps to prevent unauthorized access to this information.

  1. Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. System level passwords should be changed quarterly, and user level passwords should be changed every 30 days. 

  1. All PCs, laptops, workstations and remote devices should be secured with a password-protected screensaver, wherever possible, and set to deactivate after being left unattended for 10 minutes or more, or by logging-off when the equipment will be unattended for an extended period.

  1. All computer equipment used by staff, whether owned by the individual staff member or Decatur Township Fire Department, shall regularly run approved virus-scanning software with a current virus database in accordance with Fire Department policy.

  1. Staff members must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses. 

 

Unacceptable Use

 

Under no circumstances is a staff member of Decatur Township Fire Department authorized to engage in any activity that is illegal under local, state, or federal law while utilizing Decatur Township Fire Department computer resources.

The lists below are by no means exhaustive, but attempt to provide a framework for activities that fall into the category of unacceptable use.

 

System and Network Activities

 

The following activities are strictly prohibited, with no exceptions:

 

1.            Violations of the rights of any person or Fire Department protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Decatur Township Fire Department.

2.             Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Decatur Township Fire Department or the end user does not have an active license is strictly prohibited.  

3.             Exporting system or other computer software is strictly prohibited and may only be done with express permission of management.  

4.             Introduction of malicious programs into the network or server (e.g., viruses, worms, etc.).  

5.             Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.  

6.             Using a Decatur Township Fire Department computer device to actively engage in procuring or transmitting material that is in violation of the Fire Department’s prohibition on sexual and other harassment. 

7.             Making fraudulent statements or transmitting fraudulent information when dealing with patient or billing information and documentation, accounts or other patient information, including the facsimile or electronic transmission of patient care reports and billing reports and claims.  

8.             Causing security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the staff member is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties.  

9.      Providing information about, or lists of, Decatur Township Fire Department staff members or patients to parties outside Decatur Township Fire Department.

 

E-mail and Communications Activities

 

 

   

  1. Sending unsolicited e-mail messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (e-mail spam).

  1. Any form of harassment via e-mail, telephone or paging, whether through language, frequency, or size of messages.

  1. Unauthorized use, or forging, of e-mail header information.

  1. Solicitation of e-mail for any other e-mail address, other than that of the poster's account, with the intent to harass or to collect replies.

  1. Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.

  1. Use of unsolicited e-mail originating from within Decatur Township Fire Department's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by Decatur Township Fire Department or connected via Decatur Township Fire Department's network.

 

Use of Remote Devices

 

The appropriate use of Laptop Computers, Personal Digital Assistants (PDAs), and remote data entry devices is of utmost concern to Decatur Township Fire Department.  These devices, collectively referred to as “remote devices” pose a unique and significant patient privacy risk because they may contain confidential patient, staff member or Fire Department information and these devices can be easily misplaced, lost, stolen or accessed by unauthorized individuals

  1. Remote devices will not be purchased or used without prior Fire Department approval.

  2. The Fire Department must approve the installation and use of any software used on the remote device. 

  3. Remote devices containing confidential or patient information must not be left unattended. 

  4. If confidential or patient information is stored on a remote device, access controls must be employed to protect improper access.  This includes, where possible, the use of passwords and other security mechanisms. 

  5. Remote devices should be configured to automatically power off following a maximum of 10 minutes of inactivity.

  6. Remote device users will not permit anyone else, including but not limited to user's family and/or associates, patients, patient families, or unauthorized staff members, to use Fire Department-owned remote devices for any purpose. 

  7. Remote device users will not install any software onto any PDA owned by Decatur Township Fire Department except as authorized by the Fire Department. 

  8. Users of Fire Department-owned remote devices will immediately report    the loss of a remote device to a supervisor or the Privacy Officer.

 

Enforcement

Any staff members found to have violated this policy may be subject to disciplinary action, up to and including suspension and termination.

  Decatur Township Fire Department

Procedure for Filing Complaints about Privacy Practices

 

YOU MAY MAKE A COMPLAINT DIRECTLY TO US       

 

You have the right to make a complaint directly to the Privacy Officer of Decatur Township Fire Department concerning our policies and procedures with respect to the use and disclosure of protected health information (PHI) about you.  You may also make a complaint about concerns you have regarding our compliance with any of our established policies and procedures concerning the confidentiality and use or disclosure of your PHI, or about the requirements of the federal Privacy Rule. 

 

            All complaints should be directed to our Privacy Officer at the following address and phone number: Mary Ann Hibler 5410 S High School Rd Indianapolis, IN (317) 856-7706

 

YOU MAY ALSO MAKE A COMPLAINT TO THE GOVERNMENT

If you believe Decatur Township Fire Department is not complying with the applicable requirements of the Federal Privacy Rule you may file a complaint with the Secretary of the U.S. Department of Health and Human Services.  The Privacy Rule states the following:

Requirements for filing complaints. Complaints under this section must meet the following requirements:

(1) A complaint must be filed in writing, either on paper or electronically.

(2) A complaint must name the entity that is the subject of the complaint and describe the acts or omissions believed to be in violation of the applicable requirements of the Federal Privacy Rule or the applicable standards, requirements, and implementation specifications of subpart E of part 164 of the Federal Privacy Rule.

(3) A complaint must be filed within 180 days of when the complainant knew or should have known that the act or omission complained of occurred, unless the Secretary for good cause shown waives this time limitation.  

(4) The Secretary may prescribe additional procedures for the filing of complaints, as well as the place and manner of filing, by notice in the Federal Register.

(c) Investigation. The Secretary may investigate complaints.   Such investigation may include a review of the pertinent policies, procedures, or practices of the covered entity and of the circumstances regarding any alleged acts or omissions concerning compliance.



 

DECATUR TOWNSHIP FIRE DEPARTMENT

JOB DESCRIPTION

 

JOB TITLE:               Privacy Officer

 

JOB IDENTIFICATION

 Department:        ADMIN                    

Reports to:            DEPUTY CHIEF of EMS                                   

 

JOB PURPOSE AND SUMMARY

The Privacy Officer oversees all activities related to the development, implementation, and maintenance of Decatur Township Fire Department’s policies and procedures covering the privacy of patient health information.  This person serves as the key compliance officer for all federal and state laws that apply to the privacy of patient information, including the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA). 

This individual is tasked with the responsibility of ensuring that all of the organization’s patient information privacy policies and procedures related to the privacy of, and access to, patient health information are followed. 

DUTIES AND RESPONSIBILITIES

Principle Responsibilities

1.                  Develop policies and procedures on staff training related to the privacy of patient health information and protected health information;

2.                  Develop policies on the security of health care information including computer and password security and patient data integrity;

3.                  Defines levels of staff access to PHI and minimum necessary requirement for staff based on the required job responsibilities;

4.                  Oversees, directs, delivers, and ensures the delivery of initial and ongoing privacy training and orientation to all staff members, employees, volunteers, students and trainees.

5.                  Serves as the contact person for the dissemination of PHI to other health care providers;

6.                  Serves as the contact person for patient complaints and requests;

7.                  Processes patient requests for access to and amendment of health information and consent forms;

8.                  Processes all patient accounting requests;

9.                  Ensures the capture and storage of patient PHI for the minimum period required by law;

10.              Ensures ambulance service compliance with all applicable Privacy Rule requirements and works with legal counsel and other managers to ensure the Fire Department maintains appropriate privacy and confidentiality notices and forms and materials.

11.              Cooperates with the state and federal government agencies charged with compliance reviews, audits and investigations.

QUALIFICATIONS:

Educational Requirements

 

High school Diploma or GED Equivalent.  Four-year college degree preferred, with a working knowledge of the Privacy Rule required.

 

Maintains current knowledge of applicable federal and state privacy laws and monitors changes in privacy practices for the ambulance industry to ensure current organizational compliance.

 

Mental Requirements of the Job

 

Reading and writing skills required.  Experience working with the public is essential.

 

Demonstrated organizational, facilitation, communication and presentation skills.

 

Job Responsibilities Related to Patient Privacy

 

1.                  The incumbent is expected to protect the privacy of all patient information in accordance with the Fire Department’s privacy policies, procedures, and practices, as required by federal [and state] law, and in accordance with general principles of professionalism as a health care provider.  Failure to comply with the Fire Department’s policies and procedures on patient privacy may result in disciplinary action up to and including termination of employment or of membership or association with Decatur Township Fire Department. 

2.                  The incumbent may access protected health information and other patient information only to the extent that is necessary to complete your job duties.  The incumbent may only share such information with those who have a need to know specific patient information you have in your possession to complete their job responsibilities related to treatment, payment or other Fire Department operations. 

3.                  The incumbent is encouraged and expected to report, without the threat of retaliation, any concerns regarding the Fire Department’s policies and procedures on patient privacy and any observed practices in violation of that policy to the designated Privacy Officer.  

4.                  The incumbent is expected to actively participate in Fire Department privacy training and is required to communicate privacy policy information to coworkers, students, patients and others in accordance with Fire Department policy.

 


Decatur Township Fire Department

Policy on Privacy Training

 

Purpose

 

To ensure that all members of Decatur Township Fire Department including all employees, volunteers, students and trainees (collectively referred to as “staff members”)who have access to patient information understand the organization’s concern for the respect of patient privacy and are trained in the Fire Department’s policies and procedures regarding Protected Health Information (PHI).

 

Policy

 

1.                  All current staff will be required to undergo privacy training in accordance with the HIPAA Privacy Rule prior to the implementation date of the HIPAA Privacy Rule, which is April 14, 2003.

 

2.                  All new staff members will be required to undergo privacy training in accordance with the HIPAA Privacy Rule within a reasonable time upon association with the organization, as scheduled by the Privacy Officer. 

 

3.                  All staff members will be required to undergo privacy training in accordance with the HIPAA Privacy Rule within a reasonable time after there is a material change to the Fire Department’s policies and procedures on privacy practices.

 

Procedure

 

1.                  The Privacy Training will be conducted by the Privacy Officer or his or her designee.

 

2.                  All attendees will receive copies of the Fire Department’s policies and procedures regarding privacy.

 

3.                  All attendees must attend the training in person and verify attendance and agreement to adhere to the Fire Department’s policies and procedures on privacy practices.

 

4.                  Training will be conducted in the following manner: 

 

a.      A combination of self- study and classroom sessions involving computer based materials.   

5.                  Topics of the training will include a complete review of the Fire Department’s Policy on Privacy Practices and will include other information concerning the HIPAA Privacy Rule, such as, but not limited to the following topic areas:

 

a.      Overview of the federal and state laws concerning patient privacy including the Privacy Regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

b.     Description of protected health information (PHI)

c.      Patient rights under the HIPAA Privacy Rule

d.     Staff member responsibilities under the Privacy Rule

e.     Role of the Privacy Officer and reporting employee and patient concerns regarding privacy issues

f.        Importance of and benefits of privacy compliance

g.     Consequences of failure to follow established privacy policies

h.     Use of the Fire Department’s specific privacy forms

  Decatur Township Fire Department


 

List of Designated Privacy Officials

 

The following is a list of individuals who are responsible for various aspects of Federal Privacy Rule.  When in doubt, you should contact the designated Privacy Officer, who oversees the Fire Department’s privacy compliance issues:

 

PRIVACY OFFICER

 

            Name                                    Mary Ann Hibler

            Title                                    EMS Clerk

            Address                        5410 S High School Rd

            Phone Number            317-856-5400

            E-mail Address            mhibler@ decaturfire.org

 

TO FILE AN INTERNAL OR EXTENAL COMPLAINT ABOUT PRIVACY RELATED ISSUES, CONTACT:

 

            Name                                    Mary Ann Hibler

            Title                                    EMS Clerk

            Address                        5410 S High School Rd

            Phone Number            317-856-5400

            E-mail Address            mhibler@ decaturfire.org

 

 

FOR QUESTIONS ABOUT DENIAL OF ACCESS TO PROTECTED HEALTH INFORMATION, CONTACT:

 

            Name                                    Mary Ann Hibler

            Title                                    EMS Clerk

            Address                        5410 S High School Rd

            Phone Number            317-856-5400

            E-mail Address            mhibler@ decaturfire.org

 

 

FOR QUESTIONS ABOUT RECEIVING AND PROCESSING REQUESTS FOR ACCESS OR AMENDMENT TO PROTECTED HEALTH INFORMATION, CONTACT:

 

            Name                                    Mary Ann Hibler

            Title                                    EMS Clerk

            Address                        5410 S High School Rd

            Phone Number            317-856-5400

            E-mail Address            mhibler@decaturfire.org  


Decatur Township Fire Department

Policy on Medical Records of Employees

Policy:

 To provide guidance to management and staff concerning the privacy of medical records which involve staff members of Decatur Township Fire Department.

Procedure: 

Decatur Township Fire Department will, to the extent required by law, protect medical records it receives about employees or other staff in a confidential manner.  Generally, only those with a need to know the information will have access to it, and, even then, they will only have access to as much information as is minimally necessary for the legitimate use of the medical records. 

In accordance laws concerning disability discrimination, all medical records of staff will be kept in separate files apart from the employee’s general employment file.  These records will be secured with limited access by management.

In accordance with the Privacy Rule of the Health Insurance Portability and Accountabilities Act, medical records that are not considered employment records will be treated in accordance with the safeguards of the Privacy Rule with respect to their use and disclosure. 

Employment records are not considered to be protected health information, or PHI, subject to HIPAA safeguards, including certain medical records of employees that are related to the job.  These employment records not covered under HIPAA include, but are not limited to: information obtained to determine my suitability to perform the job duties (such as physical examination reports), drug and alcohol tests obtained in the course of employment, doctor’s excuses provided in accordance with the attendance policy, work-related injury and occupational exposure reports, and medical and laboratory reports related to such injuries or exposures, especially to the extent necessary to determine workers’ compensation coverage. 

Nonetheless, despite the fact that such records are not considered HIPAA protected, Decatur Township Fire Department will limit the use and disclosure of these records to only those with a need to have access to them, such as certain management staff, the Fire Department’s designated physician, and state agencies pursuant to state law. 

With respect to staff members of Decatur Township Fire Department, only health information that is obtained about staff in the course of providing ambulance or other medical services directly to them is considered PHI under HIPAA.  In other words, if Decatur Township Fire Department provides ambulance service to an employee, the protections typically given to such information to our ambulance service patients applies to the employee.  These protections are subject to HIPAA exceptions, such as in the situation in which the staff member used Decatur Township Fire Department Service involved in a work-related injury while on duty.  

As another example, if we receive a staff member's medical record in the course of providing the employee with treatment and/or transport, it does not matter that Decatur Township Fire Department happens to be the employer – that record is PHI. If, however, the employee submits a doctor's statement to a supervisor to document an absence or tardiness from work, Decatur Township Fire Department does not need to treat that statement as PHI. Other health information that could be treated as employment related, and not PHI, includes medical information that is needed for Decatur Township Fire Department to carry out its obligations under the FMLA, ADA and similar laws, as well as files or records related to occupational injury, disability insurance eligibility, drug screening results, workplace medical surveillance, and fitness-for-duty-tests of employees.

If you have any questions about how medical information about you is used and disclosed by Decatur Township Fire Department, please contact our Privacy Officer, Mary Ann Hibler.

 

 

CATUR TOWNSHIP
FIRE DEPARTMENT
COPYRIGHT © 2006