It has always been expected of all clinicians to maintain confidentiality with the patient. This means if the patient confides in the EMS crew, they should be expected to only share the information with the continuum of care. Distribution of patient care reports should be relegated to the ambulance service (which has to keep up with the documentation for a period of time) and the staff taking care of the patient at the hospital.

Health Insurance Portability and Accountability Act (HIPAA) of 1996

Since the very outset of the desktop computing craze of the 1980’s and the start of the internet revolution in 1991, insurance companies and the Federal Government wanted to move documentation of medical records to digital. Unfortunately for the Feds, it was much harder than ever imagined. Even today, there is always a room at the doctor’s office filled full of medical files from patients past, present, and future. The number one concern from the public was data security, and HIPAA was born.

The goal of HIPAA was to secure databases and applications being used to transmit patient data to insurance companies. One problem that insurance companies have with the insured is a general lack of honesty about certain lifestyle choices the patient have made which would increase the risk of having to make an insurance claim. At the time, it was believed by many that insurance companies would steal the data and use the information to increase rates or deny coverage to a patient.

HIPAA is more of a technical document, however there was an in-person component to it which demanded healthcare providers do not speak of their interactions with the patient and safeguard documents (including how to dispose of sensitive information). HIPAA will also issue a fine for each violation and pledges to investigate infractions, possibly with criminal consequences. What is obvious is that the relationship with the Federal Government, healthcare agencies, and insurance companies is rather murky.

It is generally not permitted (and enforced with fines) to disclose protected health information without written consent from the patient. However, there are exceptions:

1. Sharing information about treatment or operations to insurance companies for reimbursement purposes.
2. Mandatory reporting situations such as cases of suspected child abuse
3. Public health monitoring such as discovering a new pandemic.
4. In some cases, law enforcement may need a copy of a patient care report for the purposes of a police investigation.
5. Certain legal situations, typically involving an attorney request and ordered by a judge as evidence in a criminal or civil case.