EHRSelector Blog

What’s New on the EHRSelector Blog

By

Does HIPAA Limit Emergency Communications?

David Sumner is not a name you’d normally see associated with EHRs, HIPAA or anything else to do with medical health technology. However, Sumner the CEO of the American Radio Relay League (ARRL) – the main US ham radio association – just made an important point that effects HIE, EHRs and medical health technology. Why did he venture into alien territory? He was concerned that HIPAA’s privacy requirements could severely limit hams emergency operations.

When it comes to emergencies, main communications systems often go down. Amateurs are often the only communications available. Whether it’s a hurricane, tornado, tsunami or earthquake these volunteers often react when others can’t. For example, hams have provided communications for the Boston Marathon for years. When the bombings occurred, cell systems were overwhelmed. They quickly switched from coordinating race operations to aiding relief efforts.

In an editorial in the October issue of QST, the ARRL’s magazine, Sumner noted that international agreements and federal law require amateur radio to communicate in the open and not use encryption. (Morse code, etc., are open standards and are not considered encryption.) Keeping things in the open is a guard against fraud and abuse. However, he wanted to know if this meant medically identifiable information, was an exception to the openness requirement?

In a word, no. To answer the question, he looked at HIPAA’s legislative history and the FCC’s opinion on transmitting patient information. Sumner found that HIPAA’s “regulations do not require encryption of radio transmissions of medical patient information.” (QST, October 2013, p. 9. It Seems to Us.

However, he goes on to say:

While HIPAA may not require encryption of radio transmissions, it is clear that medical care providers are very protective of patient privacy. Information identifying a patient is seldom transmitted anyway. Our served agencies may well prefer that the messages we send on their behalf not be intercepted by unknown listeners. If so there are steps, we can take such as using less-popular frequencies, directional antennas, minimum power and voice modes other than FM that will greatly reduce the likelihood of eavesdropping. (Ibid)

What this means for CIOs, emergency coordinators, etc., is that they need to discuss patient privacy, and amateur radio communications as part of their emergency planning.

[Disclosure: I hold Advanced Class amateur radio license, W3HBK, and am an ARRL member, but have no connection to Sumner or QST.]David Sumner is not a name you’d normally see associated with EHRs, HIPAA or anything else to do with medical health technology. However, Sumner the CEO of the American Radio Relay League (ARRL) – the main US ham radio association – just made an important point that effects HIE, EHRs and medical health technology. Why did he venture into alien territory? He was concerned that HIPAA’s privacy requirements could severely limit hams emergency operations.

When it comes to emergencies, main communications systems often go down. Amateurs are often the only communications available. Whether it’s a hurricane, tornado, tsunami or earthquake these volunteers often react when others can’t. For example, hams have provided communications for the Boston Marathon for years. When the bombings occurred, cell systems were overwhelmed. They quickly switched from coordinating race operations to aiding relief efforts.

In an editorial in the October issue of QST, the ARRL’s magazine, Sumner noted that international agreements and federal law require amateur radio to communicate in the open and not use encryption. (Morse code, etc., are open standards and are not considered encryption.) Keeping things in the open is a guard against fraud and abuse. However, he wanted to know if this meant medically identifiable information, was an exception to the openness requirement?

In a word, no. To answer the question, he looked at HIPAA’s legislative history and the FCC’s opinion on transmitting patient information. Sumner found that HIPAA’s “regulations do not require encryption of radio transmissions of medical patient information.” (QST, October 2013, p. 9. It Seems to Us.

However, he goes on to say:

While HIPAA may not require encryption of radio transmissions, it is clear that medical care providers are very protective of patient privacy. Information identifying a patient is seldom transmitted anyway. Our served agencies may well prefer that the messages we send on their behalf not be intercepted by unknown listeners. If so there are steps, we can take such as using less-popular frequencies, directional antennas, minimum power and voice modes other than FM that will greatly reduce the likelihood of eavesdropping. (Ibid)

What this means for CIOs, emergency coordinators, etc., is that they need to discuss patient privacy, and amateur radio communications as part of their emergency planning.

[Disclosure: I hold Advanced Class amateur radio license, W3HBK, and am an ARRL member, but have no connection to Sumner or QST.]

So, what do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: