Effective: 06-25-24
Supersedes: 10-29-21
Brewster Ambulance Service is committed to maintaining the privacy of health information we obtain in the course of patient evaluation and treatment. Patient Care Reports (PCR) are considered confidential medical records and subject to the Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), and various privacy laws. Patient Care Reports are maintained in a secure manner, and may be released upon request to the patient named in the report or to other verified individuals or entities with a legal right to view the contents.
Patients or their Representatives
Patients or their Representatives who would like to obtain a copy of the ambulance Patient Care Report must complete a “Medical Records Request Form”. The form, along with a good quality photo identification (such as a driver’s license) of the patient, and any other required substantiating documentation may be sent to:
Or:
Brewster Ambulance Service
25 Main Street
Weymouth, MA 02188
Attn: Medical Records
Law Firms and Insurance Companies
Law Firms and Insurance Companies can submit their requests and upload a signed patient release and/or other required documentation via ChartSwap. ChartSwap is a SOC II Certified and HIPAA compliant platform designed to facilitate electronic medical and billing record exchange. It is free to register and requestors can use ChartSwap to request, track, pay, and download records. [ www.chartswap.com ]
Law Enforcement and Regulatory Agencies
The HIPAA Privacy Rule is balanced to protect an individual’s privacy while allowing important law enforcement functions to continue. The Rule permits covered entities to disclose protected health information (PHI) to law enforcement officials, without the individual’s written authorization, under specific circumstances.
· To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or a grand jury subpoena.
· To respond to an administrative request, including an administrative subpoena or summons, a civil or an authorized investigative demand, or similar process authorized under law, provided that: the request is specific and limited in scope to the extent reasonably practicable in light of the purpose for which the information is sought, and de-identified information could not reasonably by used.
· To respond to a request for PHI for purposes of identifying or locating a suspect, fugitive, material witness or missing person; but the covered entity must limit disclosures of PHI to name and address, date and place of birth, social security number, ABO blood type and rh factor, type of injury, date and time of treatment, date and time of death, and a description of distinguishing physical characteristics.
· This same limited information may be reported to law enforcement:
o About a suspected perpetrator of a crime when the report is made by the victim who is a member of the covered entity’s workforce;
o To identify or apprehend an individual who has admitted participation in a violent crime that the covered entity reasonably believes may have caused serious physical harm to a victim, provided that the admission was not made in the course of or based on the individual’s request for therapy, counseling, or treatment related to the propensity to commit this type of violent act.
To respond to a request for PHI about a victim of a crime, and the victim agrees. If, because of an emergency or the person’s incapacity, the individual cannot agree, the covered entity may disclose the PHI if law enforcement officials represent that the PHI is not intended to be used against the victim, is needed to determine whether another person broke the law, the investigation would be materially and adversely affected by waiting until the victim could agree, and the covered entity believes in its professional judgment that doing so is in the best interests of the individual whose information is requested.
Where child abuse victims or adult victims of abuse, neglect or domestic violence are concerned, other provisions of the Rule apply:
· Child abuse or neglect may be reported to any law enforcement official authorized by law to receive such reports and the agreement of the individual is not required.
· Adult abuse, neglect, or domestic violence may be reported to a law enforcement official If the individual agrees, or If the report is required by law.
To report PHI to law enforcement when required by law to do so (45 CFR 164.512(f)(1)(i)). For example, state laws commonly require health care providers to report incidents of gunshot or stab wounds, or other violent injuries; and the Rule permits disclosures of PHI as necessary to comply with these laws.
To alert law enforcement to the death of the individual, when there is a suspicion that death resulted from criminal conduct.
Information about a decedent may also be shared with medical examiners or coroners to assist them in identifying the decedent, determining the cause of death, or to carry out their other authorized duties.
To report PHI that the covered entity in good faith believes to be evidence of a crime that occurred on the covered entity’s premises.
When responding to an off-site medical emergency, as necessary to alert law enforcement about criminal activity, specifically, the commission and nature of the crime, the location of the crime or any victims, and the identity, description, and location of the perpetrator of the crime (45 CFR 164.512(f)(6)). This provision does not apply if the covered health care provider believes that the individual in need of the emergency medical care is the victim of abuse, neglect or domestic violence; see above Adult abuse, neglect, or domestic violence for when reports to law enforcement are allowed under 45 CFR 164.512(c).
When consistent with applicable law and ethical standards:
To a law enforcement official reasonably able to prevent or lessen a serious and imminent threat to the health or safety of an individual or the public; or
To identify or apprehend an individual who appears to have escaped from lawful custody.
For certain other specialized governmental law enforcement purposes, such as:
To federal officials authorized to conduct intelligence, counter-intelligence, and other national security activities under the National Security Act or to provide protective services to the President and others and conduct related investigations;
To respond to a request for PHI by a correctional institution or a law enforcement official having lawful custody of an inmate or others if they represent such PHI is needed to provide health care to the individual; for the health and safety of the individual, other inmates, officers or employees of or others at a correctional institution or responsible for the transporting or transferring inmates; or for the administration and maintenance of the safety, security, and good order of the correctional facility, including law enforcement on the premises of the facility.
Except when required by law, the disclosures to law enforcement summarized above are subject to a minimum necessary determination by the covered entity. When reasonable to do so, the covered entity may rely upon the representations of the law enforcement official (as a public officer) as to what information is the minimum necessary for their lawful purpose. Moreover, if the law enforcement official making the request for information is not known to the covered entity, the covered entity must verify the identity and authority of such person prior to disclosing the information.