Question: Relaying medical info on PERS response
******************************
Ken,
What are the ramifications of keeping “medical” data on a client’s PERS account? For example, do we increase our liability, or violate HIPPA by noting on the account, and relaying during dispatch: “82 year old female with diabetes and high blood pressure”. Even though we are only repeating info that was originally given to us by the client, it may not be up to date (medications changed and customer never told us), or maybe their medical condition we have on record has nothing to do with why they pushed the button. As always, your insight and guidance is much appreciated.
Anon
*******************************
Answer
*******************************
Excellent question and a timely one too. Personal Emergency Response, PERS, used to be confined to a base unit, usually in the bedroom, with a push button to activate. Then remote pendants to be used in the house in close proximity to the base unit became available. Then, remotes that had a greater range and the subscriber could wander outside the house, but not too far. Range increased with repeaters. Now comes mPers. That's mobile PERS. The carry device, pendant or watch can go anywhere. But that's not the latest technology. mPers is available on the subscriber's smart phone, and when monitored by the right central station, the central station can locate the subscriber via GPS, talk to the subscriber and even have face to face. This service will be used as mobile panic alert, medical response, locator facilitator. Offered by the alarm dealer or by services directly to consumers you can expect these devices to add to the ever increasing list of RMR technology services.
One new service is offered by SmartTek, who you will find on The Alarm Exchange under the category: Technology and Services that increase or preserve your RMR.
If you are offering PERS or mPERS be sure to use the Standard Form Contract for PERS. If you are selling within your geographic area you only need the single state version. You get that at www.alarmcontracts.com. However, if you're offering PERS or mPERS throughout the country you will need the "nationwide" version and you should call our Contract Administrator Eileen Wagda at (516) 747- 6700 x 312 for information and pricing for that agreement.
Getting to your question, finally. There are laws that require the safeguarding of personal and particularly medical information, specifically the HIPAA Security, Privacy and Breach Notification Rules (45 CFR Part 160 and Part 164), that apply to “covered entities” which in all likelihood you do not qualify as. However, you may qualify as a “business associate” depending on what services you are offering and what other parties you are interacting with on behalf of your subscribers, and if that is the case, you may be open to extreme exposure and huge fines for failing to comply. Because the PERS service lends itself to accumulation and dissemination of personal and medical information you, your central station and any data accumulator in the middle, needs to be certain that the information is safeguarded using the most up to date technology, that personnel are trained properly in the use of such information, and of course e safeguards should be in place to ensure that mistakes in communicating medical alerts are averted. None of us want to think about a central station operator conveying the wrong medical information that leads to aggravated personal injury or death. Never mind sending responders to the wrong location or missing the signal. Is it any wonder that the traditional E&O carries servicing the alarm industry shy away from medical alert E&O coverage. You can get it, and you better get it if you're providing the service.
If subscriber personal data is hacked, stolen or misused you may have a duty to notify the subscribers affected and/or the authorities promptly. Don't freeze, do nothing, and hope for the best. You won't like the result.
If you are concerned your company or your central station may have exposure or not be in compliance with the HIPAA Rules, contact Eileen at (516) 747-6700 x. 312 or EWagda@kirschenbaumesq.com to schedule a consultation with Jennifer Kirschenbaum, Esq to discuss how to get in compliance. Stay tuned for Webinar details on this topic.
************************
Comment
**************************
The medical aspect of the PERS and mPERS must be taken very seriously. First I always recommend to send out regular reminders to the subscribers to keep medical information up to date. Many companies put this notice on the bills when they are sent out along with a reminder to test the system. I have also recommended that that the information be dated and that the date of the last update be given when dispatching, this helps to provide a perspective of accuracy of information. Internally the data must be handled in a confidential manor and not discussed, a operator or data entry person that happens to mention to friend that Mrs. Jones has xyz condition would be opening door to a violation, which is probably more likely than a database hack. So education about privacy to those handling the data from salesman to data entry, to operator is a must.
The issue and concern is not only real, but wide spread. I have had companies that are using the SmartAlert product ask that the medical activation icon be replaced with the less specific Emergency designation. Central Stations handling medical information should have written procedures for handling subscriber data and managers educating staff and enforcing policy.
Mark S. Fischer
Technical Consultant
mfischer@smartteksystems.com
844-762-7801 ext 203
516-384-6064 Cell
***************************
Note: Mark Fischer is listed on The Alarm Exchange in the category of Technical Support
***************************
TO SUBMIT QUESTIONS OR COMMENTS REPLY TO THIS EMAIL OR EMAIL Ken@Kirschenbaumesq.com. Most comments and questions get circulated.
********************************************************************************************************************
Speaking Engagements
*******************************************************************************************************************
Quick Response Dealer and Integrator Information and Technical Conference. July 15 -16, 2014 at Holiday Inn - Independence Ohio. All alarm dealers are invited. For more information, schedule and to RSVP contact Margie or Renee at reneet@quickresponse.net or call Margie/Renee at 800 462 5353 www.quickresponse.net
***************************
Alarm Association of Greater St. Louis. September 16, 2014. at Tech Electronics HQs office at 6437 Manchester Ave, St. Louis, MO 63139. Meeting is from 11:45 – 1:30 Video conference presentation starting at 12:15 CST. For more information or to register contact Tony Drago adrago@tyco.com www.alarmstl.org
********************
NYSESA - September 17, 2014 at Honor's Haven Resort, Ellenville, NY. This is the NYS Electronic Security Assoc annual meeting. Presentation on updated contracts and current legal issues will be at 10:30 AM. For more information or reservations contact Dale R. Eller, Executive Director (814) 838-0301 dalereller@itzsolutions.com
**********************
Alabama Alarm Association. AAA's Fall Meeting and Trade Show - October 21, 2014 from 3 to 5 PM at DoubleTree Hotel 808 South 20th Street Birmingham, AL 35205 for more info contact AAA Executive Director: director@alabamaalarm.org (205) 933-9000
*********************
Electronic Security Summit for 2014. October 22-24, 2014 at the landmark Broadmoor Hotel. Colorado Springs, CO. For more information contact Alexander J. Quirin, CEO & Managing Partner, Advisory Summit Providers, LLC., (786) 999-9738 alex.quirin@aspsummits.com www.aspsummits.com
**********************