H
Definition
A US federal law that protects the privacy and security of patients' medical information (Protected Health Information or PHI). In NEMT, it governs how transport providers handle passenger names, addresses, and medical conditions.
Overview
Why it Matters
NEMT providers are "Business Associates" of the health plan. A data breach (e.g., losing a manifest with patient names) can result in fines of $50,000+ per violation.
How it Works
All software must be encrypted. Paper manifests must be shredded, not thrown in the trash. Drivers must not discuss patient ailments with others.
Code Comparison
Comparison: HIPAA vs. PCI (Payment Card Industry)
HIPAA protects Medical Data (Name + Diagnosis). PCI protects Credit Card Data. NEMT providers taking private pay must comply with both.
Common Questions
- The "Dashboard" Breach: Drivers leaving a paper manifest on the dashboard while parked, visible to passersby.
- Radio Chatter: Dispatchers reading full patient names and addresses over an open radio channel that anyone can scan.
- Use "Driver IDs" or "Trip IDs" over the radio instead of patient names.
- Ensure all mobile devices (tablets/phones) are password-protected and have remote-wipe capabilities.
Sources
HHS.gov - HIPAA for Professionals