Data Privacy

This past January, the AAA hosted a webinar presented by EMS/healthcare Attorneys Matthew Streger, Margaret Keavney, and Rebecca Ragkoski, titled Cybersecurity, Top 10 Considerations in Healthcare and How to Address Them. During this very informative webinar, Matt, Margaret, and Rebecca covered one of the biggest issues facing EMS and other healthcare providers today, data security. If you did not get chance to listen in on this program, it is available on-demand at the AAA website.

As highlighted in their webinar, data security and data breach concerns are one of the most frequently encountered issues facing EMS agencies as healthcare providers but also as employers. Ensuring that patient and employee protected health information (PHI) and personally identifiable information (PII) is adequately protected from access or intrusion is critically important.

Alabama becomes the 50th state to enact data breach requirements for all individuals and businesses in the state. The Society for Human Resource Management (SHRM) provides a great summary of the new breach requirements in several article resources published this week. The National Conference on State Legislatures is a great resource for learning the laws that apply to your organization. Of course, it is recommended that all members engage a law firm that is familiar with data security requirements both at the federal and state level.

It is critically important for EMS agencies to perform a risk analysis for all data systems. This analysis should include all third party hosted web platforms that contain or may contain PHI or PII. EMS leaders should inquire with their IT departments and all EMS leadership to identify where PHI or PII might be found. Be sure to include any incident reporting system utilized by the agency. Often these systems include information about response locations, which can include patient addresses or other PHI. Also found in many incident reporting systems is employee incident and injury data which can include PII. Be sure that these often-overlooked systems meet the security requirements detailed in the applicable federal and state data protection laws.

Print Friendly, PDF & Email

cybersecurity, Society for Human Resource Management (SHRM)


Scott Moore

Scott A. Moore, Esq. has been in the emergency medical services field for over 26 years. Scott has held various executive positions at several ambulance services in Massachusetts. Scott is a licensed attorney, specializing in Human Resource, employment and labor law, employee benefits, and corporate compliance matters. Scott has a certification as a Professional in Human Resources (PHR) and was the Co-Chair of the Education Committee for the American Ambulance Association (AAA) for several years. In addition, Scott is a Site Reviewer for the Commission on the Accreditation of Ambulance Services (CAAS). Scott earned his Bachelor’s Degree in Psychology from Salem State College and his Juris Doctor from Suffolk University Law School. Scott maintains his EMT and still works actively in the field as a call-firefighter/EMT in his hometown. Scott is a member of the American Bar Association, the Massachusetts Bar Association, the Society for Human Resource Management, and the Northeast Human Resource Association.

Leave a Reply