Which statement best describes HIPAA Privacy Rule safeguards in EMS?

• A. No safeguards required.
• B. Implement safeguards to protect PHI; breach notification; business associate agreements.
• C. Only hospitals are regulated.
• D. Only patient consent forms are regulated.

Answer: (B)

HIPAA Privacy Rule safeguards in EMS are about protecting patient information and controlling how it’s shared. The best statement reflects three core requirements: implement safeguards to protect PHI (covering administrative, physical, and technical measures to limit access and disclosure), have breach notification procedures so patients and authorities are informed if PHI is compromised, and establish business associate agreements with outside entities that handle PHI to ensure they also protect the information. In EMS, this means securing patient data in the field and in transit, training staff on privacy and the minimum necessary information to disclose, promptly reporting breaches, and ensuring any vendors or partners with PHI are contractually obligated to protect it. The other options miss essential elements: HIPAA always requires safeguards, applies to more than hospitals, and covers more than just patient consent forms.