Privacy Policy

5.1 CONFIDENTIALITY As a primary medical care entity, the Fire Department of Liberty Township has a responsibility to maintain confidential treatment for our patients and their families. Likewise, the Fire Department of Liberty Township is frequently involved in scene investigations that generate sensitive information. Therefore, this policy is established to strictly maintain confidentiality and protect health information. All personnel shall be responsible for keeping all information pertaining to the condition of or any other aspect of patient care or any other emergency scene strictly confidential. EMS reports are a portion of our patient’s medical records. Medical records are confidential and must not be viewed by anyone other than the patient and the caregiver. The patient may give consent to others to view the information, however, that process shall take place through a formal and written information request conducted at the direction of fire administration. Likewise, information concerning the patient’s condition or any circumstances about a specific incident shall not be given to anyone who is not immediately involved in the response effort.
Patient medical records shall only be released, as follows.
1. Court order
2. Upon request by and directly to the patient
3. Power of attorney on behalf of the patient.



5.2 HIPAA and STATE OF INDIANA LAW Liberty Township “Govt” is a Covered Entity under HIPAA, and the Fire Department of Liberty Township “FDLT” is a Covered Component under the Govt. As such, both must comply with all applicable HIPAA and State of Indiana laws and regulations related to the privacy of health information. There are four exceptions when HIPAA will NOT pre-emption state law: 1. When the state law is more stringent than HIPAA.
2. When the state law provides for the reporting of child abuse, birth, death, disease, injury, or public health surveillance.
3. When the state law deals with state governmental oversight of health plans.
4. When the Secretary of the Department of Health and Human Services has determined that the state law is exempt from the HIPAA preemption.

5.3 COVERED COMPONENTS As of the effective date of this policy, FDLT is considered a covered component of the Covered Entity, Liberty Township
5.4 RESPONSIBILITIES The fire chief or designee is responsible for the system’s overall HIPAA compliance:

HIPAA Compliance Officer The HIPAA Compliance Officer manages and coordinates compliance with the applicable sections of the HIPAA Privacy and Security Rules. The HIPAA Compliance Officer in coordination with the City Attorney’s Office and Information Technology will:

1. Develop, implement, maintain, and update as needed, policies and procedures related to the HIPAA privacy and security rules and state health privacy laws.

2. Act as a resource for FDLT regarding HIPAA training.

3. Receive, document, investigate, and monitor reported complaints, violations, and potential breaches.

4. Maintain all required HIPAA privacy rule documentation for a period of six years from the date created or the date last in effect, whichever is later.

5. Develop and implement privacy safeguards analyses and corrective action plans.

6. Serve as the point of contact concerning HIPAA privacy and security policies and procedures.

7. Ensure the provision of training and guidance to the System.

8. Investigate HIPAA security violations.

5.5 COMPLIANCE ACTIVITIES 

Training – FDLT shall provide HIPAA awareness training to all employees, interns / students and observers (guests of the FDLT given permission to ride with emergency services personnel) who may have contact with PHI, within a reasonable period following the commencement of their employment or service. FDLT shall also provide training to these same categories of individuals whenever there is a material change to the HIPAA regulations. The training officer shall maintain documentation of all HIPAA training including course descriptions, presentations, handouts, and sign-in sheets.

Privacy Notice – FDLT is required to have a Notice of Privacy Practices. The distribution and posting of such Notices shall be in accordance with applicable HIPAA regulations.

Safeguards - FDLT shall have appropriate administrative, technical, and physical safeguards and shall monitor compliance with these safeguards.

Security Rule - FDLT must comply with all applicable administrative, physical, and technical standards and implementation specifications of the HIPAA Security Rule. If an implementation specification is identified as being addressable, it must be implemented if reasonable and appropriate, or an equivalent alternative measure must be implemented.

Violations - Any actual or suspected violation of the HIPAA regulations must be reported immediately to a supervisor and the HIPAA Compliance Officer. The HIPAA Compliance Officer is responsible for overseeing investigations related to HIPAA violations including breaches.

Complaints - Any individual has the right to file a written complaint with the fire department if the individual believes their rights under HIPAA have been violated. All written complaints must be reported to the HIPAA Compliance Officer immediately. The HIPAA Compliance Officer is responsible for overseeing investigations related to a HIPAA privacy complaint.

Mitigation – FDLT will mitigate, to the extent practicable, any harmful effects known to have occurred because of a HIPAA violation

Discipline - Appropriate disciplinary actions may be imposed against any of its members for any violation of the HIPAA regulations or failure to comply with any Govt or department policy or procedure pertaining to HIPAA. In addition to any such disciplinary actions, civil or criminal penalties may be imposed under state and federal law.

Refraining from Intimidating or Retaliatory Acts – The Govt shall not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual for the exercise of any right established, or for participation in any investigation regarding a HIPAA complaint or violation.

Policies and Procedures - FDLT will implement policies and procedures to comply with HIPAA regulations. These policies and procedures will be reviewed periodically and updated whenever there are changes to the HIPAA regulations or applicable state privacy laws. FDLT will develop, implement, and revise policies and procedures that address applicable areas of the HIPAA Privacy and Security Rules. 

Retention - All documentation surrounding HIPAA activities and compliance must be retained for at least six years from the date of its creation or the date when it last was in effect, whichever date is later.

Substance Use Disorder (SUD) Record Protections: In accordance with federal best practices and 42 CFR Part 2, any records we receive that identify you as having a substance use disorder are granted enhanced protections. We may use and disclose these specific records for your treatment, our billing, and our healthcare operations with your broad written consent, which you may revoke at any time. Importantly, these records are strictly protected from use in legal, criminal, or administrative proceedings against you unless you provide specific consent or a court issues a unique order. If your records are shared for medical purposes, they may be subject to redisclosure by the recipient under HIPAA, but they will remain protected from use in legal proceedings as described above. If we use such information for fundraising, you will be provided a clear opportunity to opt out.