This form not only asks for emergency contact information but request Pertinent Medical Data (Allergies, Diseases, Chronic Illnesses, Medications, etc) -- With all the military (as well as civilian laws) regulations now being published regarding medical information remaining private, in reading the CAP governing regulation for this form, there no emphasis whatsoever :-[ on 1. Considering information as sensitive with limited access. 2. Specific disposition (destruction method) of the filled out form upon completion of the activity it was used for. ???
I think most senior members are capable of determining what duties they can safely perform during missions and/or other special activities without review.
Basically now, many IF not most adults (as in senior members), who have any current/chronic medical issues normally carry pertinent information on their person either in written form and/or on a USB Memory Stick (in word format) ID'd as medical information.
Perhaps senior members could just indicate on the form a statement "YES --Medical history including chronic medical conditions & medications is carried on my person (in wallet) (USB memory stick in left front pocket) (etc)".
Surely, we want everyone to be safe & if a medical emergency occurs have adequate information is available. It just seems to me in an organization that has so much regulations as it is, that medical privacy regulation/policy would mirror what the civilian employers & the military current adhere to!
Did I miss something in a CAP regulation somewhere.
Comments?
RM
CAP is not a health care provider nor an employer, therefore HIPPA and related regulations do not apply.
As to your assertion that most people with chronic conditions carry USB sticks, wear bracelets, etc., I think you are being somewhat optimistic.
The only thing a member is "required" to provide is emergency contact information, anything else is purely voluntary and CAP would have no way to verify it.
Outside flight physicals, CAP expects senior members to make good decisions regarding their physical abilities and does not use Form 60's in making that determination. (Certainly not during any operation I've been a part of).
If you have a chronic heart condition and take 14 meds, but choose to indicate "no issues" you do so at your own peril, but without risk of ramifications from CAP.
As to securing the data - its required information for all participants during encampments as well - if you travel to another state and have a grabber, the only one who may be able to tell them you're allergic to the AED is me or my HSO. I do secure the medical data in a seperate spreadsheet with a password, distributed only to those who need to know. That is a command decision, however, not a specific requirement.
Quote from: Eclipse on April 09, 2009, 11:35:18 PM
CAP is not a health care provider nor an employer, therefore HIPPA and related regulations do not apply.
As to your assertion that most people with chronic conditions carry USB sticks, wear bracelets, etc., I think you are being somewhat optimistic.
The only thing a member is "required" to provide is emergency contact information, anything else is purely voluntary and CAP would have no way to verify it.
Outside flight physicals, CAP expects senior members to make good decisions regarding their physical abilities and does not use Form 60's in making that determination. (Certainly not during any operation I've been a part of).
If you have a chronic heart condition and take 14 meds, but choose to indicate "no issues" you do so at your own peril, but without risk of ramifications from CAP.
As to securing the data - its required information for all participants during encampments as well - if you travel to another state and have a grabber, the only one who may be able to tell them you're allergic to the AED is me or my HSO. I do secure the medical data in a seperate spreadsheet with a password, distributed only to those who need to know. That is a command decision, however, not a specific requirement.
While I agree that CAP is not a health care provider nor employer, I feel that HIPPA does apply to us.
I just wish I had somthing of substance to offer to help my opinion.
I am an EMT so to me everything I learn about an individual medically is covered by HIPPA. That is everything that concerns CAPF 60's to a casual chit chat on the street.
To a First Aid Trained GTM or GTL, I would hope that they would do the same.
Answers to the original questions really need to go beyond just HIPAA, but since it was brought up:
HIPAA applies to covered entities which include:
Health Plans
Most Health Care Providers
Health Care Clearinghouses
The rule restricts only the disclosure of "protected health information," which is defined as individually identifiable health information that is transmitted or received by a covered entity.
The Privacy Rule allows covered health care providers to share protected health information for treatment purposes without patient authorization, as long as they use reasonable safeguards when doing so. These treatment communications may occur orally or in writing, by phone, fax, e-mail, or otherwise.
HIPAA doesn't apply to employers
http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html
A couple of interesting "emergency" examples:
When a health care provider is sharing information with disaster relief organizations that, like the American Red Cross, are authorized by law or by their charters to assist in disaster relief efforts, it is unnecessary to obtain a patient's permission to share the information if doing so would interfere with the organization's ability to respond to the emergency.
Of course, the HIPAA Privacy Rule does not apply to disclosures if they are not made by entities covered by the Privacy Rule. Thus, for instance, the HIPAA Privacy Rule does not restrict the American Red Cross from sharing patient information.
http://www.hhs.gov/ocr/privacy/hipaa/faq/permitted/emergency/960.html
Mike
Quote from: sardak on April 10, 2009, 06:45:55 AM
Thus, for instance, the HIPAA Privacy Rule does not restrict the American Red Cross from sharing patient information.
http://www.hhs.gov/ocr/privacy/hipaa/faq/permitted/emergency/960.html
Mike
Correct, people tend to lose sight of how the scope of HIPAA is specifically crafted.
HOWEVER, there are a number of other Federal Laws, and MANY State Statutes now which do place restrictions on other entities (possibly including CAP) in regards to the sharing of personally identifiable medical info.
I concur with the sentiment of the original poster, that NHQ needs to turn some more attention to this issue. The likely result, in order to be legally safe in all States, and not be a mishmash of regulations Wing by Wing, would be to simply stop asking for this info. Take it off all the forms and we eliminate the problem of how to handle it.
openmind
I believe that information is mainly used so that, in the event of an emergency, if the member is unable to communicate, there's some form of background/past medical history that can be given to emergency responders to aid in their care of the member.
I know if I come up upon an unconscious S'Member, one of the things i'm gonna ask is if anyone knows the person and knows anything about the person's medical history. A F60 would definitely help in that aspect.
Does anyone really think that pertanent medical information should be removed from the Form 60? Really?
Several years ago, my fire department started using accountability tags to track firefighters (think 101 card). They were laminated in plastic, and folded on the inside was a medical history form. If someone got hurt, you cut open the tag and the info was available. We actually had one guy, with a significant medical history and multiple allergies to medication, tell us that it would be an invasion of his privacy to put his medical history inside of a sealed tag. So we didn't.
Does NHQ need to look at this? No. If someone doesn't want to share their history, that's their choice. A little common sense in protecting the records is all that's needed.
I never turn one in at a activity unless they plan on handing the form back to me at the end of the activity.
Quote from: Strick on April 10, 2009, 01:00:34 PM
I never turn one in at a activity unless they plan on handing the form back to me at the end of the activity.
Interesting, as submitting one is
required, and there is no specific provision of returning it. In some states, you can't even get qualified unless this info is entered electronically.
Quote from: CAPR35-2
See Section A (below) of CAPR35-2 Notification Procedures in Case of Death, Injury, or Serious Illness
SECTION A - EMERGENCY NOTIFICATION DATA
1. Individual Member Responsibility. Before participating in any CAP special activity away from the local unit where the member may not be known personally, the individual member is responsible for completing one copy of CAPF 60 Emergency Notification Data. This form should be completed before leaving the unit to ensure that the member has the unit commander's full name and correct telephone numbers. It should then be hand carried to the activity site and filed with the project officer for easy reference in the event of emergency. CAPFs 60 should be completed for all activities sponsored by National Headquarters (Cadet Officers' School, National Staff College, International Air Cadet Exchange (IACE), etc.). This form should also be completed for region and wing sponsored events attended by members from several different units; that is, drill team competition, summer encampments, etc., or any activity away from the local area where a member might require emergency notification data.
A "medical history" is not required, only emergency contact information, so this is a non-privacy issue. If you choose to give more data than required, so be it, and there should be some expectation out of common courtesy that the info won't be posted on the status board, but there's no specific law or regulation requiring it.
If there is a field to collect medical history or information on the form there may be a privacy issue. I would assume National's legal beagles reviewed the form 60 and came to a conclusion on this issue. :-\
I would check with a lawyer familiar with HIPAA law before I would dismiss the potential liability out of hand. There absolutely are laws on the books concerning the proper disclosure and security of personal medical information, and it does not only apply to your local Dr's office.
Quote from: Eclipse on April 10, 2009, 02:03:14 PM
Interesting, as submitting one is required, and there is no specific provision of returning it. In some states, you can't even get qualified unless this info is entered electronically.
Quote from: CAPR35-2
See Section A (below) of CAPR35-2 Notification Procedures in Case of Death, Injury, or Serious Illness
SECTION A - EMERGENCY NOTIFICATION DATA
1. Individual Member Responsibility. Before participating in any CAP special activity away from the local unit where the member may not be known personally, the individual member is responsible for completing one copy of CAPF 60 Emergency Notification Data. This form should be completed before leaving the unit to ensure that the member has the unit commander’s full name and correct telephone numbers. It should then be hand carried to the activity site and filed with the project officer for easy reference in the event of emergency. CAPFs 60 should be completed for all activities sponsored by National Headquarters (Cadet Officers’ School, National Staff College, International Air Cadet Exchange (IACE), etc.). This form should also be completed for region and wing sponsored events attended by members from several different units; that is, drill team competition, summer encampments, etc., or any activity away from the local area where a member might require emergency notification data.
Where does that say a CAPF 60 is required? It only says
should not must. Now, if an activity CC mandates it, then yes, but under your cite; there is no such requirement.
Quote from: RogueLeader on April 10, 2009, 02:54:26 PM
Quote from: Eclipse on April 10, 2009, 02:03:14 PM
Interesting, as submitting one is required, and there is no specific provision of returning it. In some states, you can't even get qualified unless this info is entered electronically.
Quote from: CAPR35-2
See Section A (below) of CAPR35-2 Notification Procedures in Case of Death, Injury, or Serious Illness
SECTION A - EMERGENCY NOTIFICATION DATA
1. Individual Member Responsibility. Before participating in any CAP special activity away from the local unit where the member may not be known personally, the individual member is responsible for completing one copy of CAPF 60 Emergency Notification Data. This form should be completed before leaving the unit to ensure that the member has the unit commander's full name and correct telephone numbers. It should then be hand carried to the activity site and filed with the project officer for easy reference in the event of emergency. CAPFs 60 should be completed for all activities sponsored by National Headquarters (Cadet Officers' School, National Staff College, International Air Cadet Exchange (IACE), etc.). This form should also be completed for region and wing sponsored events attended by members from several different units; that is, drill team competition, summer encampments, etc., or any activity away from the local area where a member might require emergency notification data.
Where does that say a CAPF 60 is required? It only says should not must. Now, if an activity CC mandates it, then yes, but under your cite; there is no such requirement.
I'll grant you that, however I have never been involved in an ES activity, mission, or large cadet activity that didn't mandate it for all participants.
WMU states won't allow the issue of a 101 card w/o "something" in the Form 60 area.
I have seen the forms thrown in the trash after the activity, not cool. This is why is demand accountability of my info. If there is accountability I hand it over without hesitation. :)
Quote from: Strick on April 10, 2009, 03:38:02 PM
I have seen the forms thrown in the trash after the activity, not cool. This is why is demand accountability of my info. If there is accountability I hand it over without hesitation. :)
What, specifically, is the risk of your emergency contact's phone number and your Dr.'s name getting into the wild?
Medical Condition is the only thifng I care about. I always list it on the form. I just dont want it out there for any person to read. Dont get me wrong, if I am a mission and a team memeber ask if I have meds or a condition they should be aware of , I tell them.
I passed this question up my Chain of Command, and according to the Wing CV, HIPPA does not apply at all.
Now that I have someone higher than me on the totem pole telling me that, i feel ok with it. Lets call it "Pass the buck-ability"
If it is helpful, I know that NHQ has a committee aggresively working this very issue (along with the related issue of cadet medications and medical forms at activities).
As has been mentioned, state laws vary widely in this area, and some of them change every year. It has been a challenge just trying to figure out what is required of us. Remember, we are talking about all 50 states, the DC, and Puerto Rico, not to mention the overseas units.
There are also problems related to record retention. You can imagine the problems that could result if a CAP activity director simply keeps the data in her/his files (or even the garage) for a year after the activity. If there is any litigation, it is the NHQ legal folks that will be responding, and it is impossble for them to know what information is being kept where and by whom in these kinds of situations.
And simply returning the information after the activity creates it's own problems. An issue may easily arise over "who know what when"? And if we have returned the data, that question may be impossible to answer accurately.
This is a complex issue, with a lot of wrinkles and no easy answers. But NHQ is working the issue. Any one interested in helping can volunteer through the CoC.
You might also take a look at the CAP HSO Yahoo Discussion Group that has a lot of discussion over these very issues (and others.)
Ned Lee
Former Legal Officer
Quote from: Ned on April 10, 2009, 07:05:03 PM
If it is helpful, I know that NHQ has a committee aggresively working this very issue (along with the related issue of cadet medications and medical forms at activities).
As has been mentioned, state laws vary widely in this area, and some of them change every year. It has been a challenge just trying to figure out what is required of us. Remember, we are talking about all 50 states, the DC, and Puerto Rico, not to mention the overseas units.
There are also problems related to record retention. Ned Lee
Former Legal Officer
Ned, thank you for the information. HOWEVER, I don't think we need a committee to basically do an emergency regulation change to state that Form 60 data is considered sensitive information, and access will be restricted to only those who have "a need to know". Records Retention would be an issue. Seems to me 3 months max & than destruction by shreading (unless their is an incident in which a claim might be submitted, than it should be sent to national headquarters for retention. Where the completed forms are kept would be another issue but under lock with restricted access would seem reasonable.
I think you also have to differentiate between senior members & cadets. Perhaps the best idea is to provide an on line data base expansion for this information (actually for the 101 card, any major medical issues can currently be inputed as well as NOK emergency notification information). Senior members could decide what they want to provide, update the information directly & for cadets the parents would decide & let the appropriate squadron commander update the system on their behalf. A CYA letter/email could be generated every so often to senior members and for cadets to the parent/guardian, reminding them of the importance of updated emergency medical & contact information.
Since we are the Official Auxiliary of the USAF, it would seem to me that at least in the spirt of AF regulations (which not only protects medical information, but also protect its' members home addresses, telephone #'s, next of kin emergency notification information, & other information from disclosure to unauthorized personnel), we would want to adhere to such standards. In the end though, it is "THE RIGHT THING TO DO" -- kind of puzzling why this lack of control on sensitive information hasn't already been corrected ???
RM
Quote from: RADIOMAN015 on April 19, 2009, 03:45:47 PMHOWEVER, I don't think we need a committee to basically do an emergency regulation change to state that Form 60 data is considered sensitive information, and access will be restricted to only those who have "a need to know".
You would think so, but the devil is in the details. As you remember from your recent on-line training that CAP already has several different classifications of "sensitive" information and some procedures in place to safeguard information with that kind of classification.
It does get a little complicated to add a whole new "flavor" of sensitive information with it's own special requirements for storage, retention, access, and destruction.
I'm not in any sense saying we don' have to get this done. I'm only saying that "if it were easy, we'd have done it by now."
Ned is right on. 50 states with different legal requirements poses a problem for CAP.
I Thought we might be under HIPAA, bu went back and looked to see why not as per a previous post.
Turns out in MD, we likely are effected due to MD law.
From office of Attorney General of MD:
Federal HIPAA regulates only a limited portion of organizations and individuals, called "covered entities," who have access to health care. Maryland law covers only healthcare providers and facilities on original disclosures of information, but everyone on re-disclosure. Further complicating matters, the selective preemption scheme legislated by the federal government means that individuals holding protected health care information will have to compare both federal and state law to determine which legal rule or principle governs the disclosure of the information.
(emphasis mine)
As you can see, this get complicated fast.
What I don't get is: several activities require BOTH a Form 31 and a Form 60.
If you are requiring the Form 31, then why the Form 60 ?
Quote from: rebowman on April 20, 2009, 03:47:19 PM
What I don't get is: several activities require BOTH a Form 31 and a Form 60.
If you are requiring the Form 31, then why the Form 60 ?
You must be new.
Civil Air Patrol doesn't just fall under the USAF as it's auxiliary. We're also a strong component of another federal agency...
(http://static.squidoo.com/resize/squidoo_images/-1/draft_lens1957075module9243266photo_1208983673Department_of_Redundancy_Department.gif)
Quote from: rebowman on April 20, 2009, 03:47:19 PM
What I don't get is: several activities require BOTH a Form 31 and a Form 60.
If you are requiring the Form 31, then why the Form 60 ?
An excellent point. In my experience the 60's have been for ES and the 31's / 17's for other activities as directed by the PIC.
This is why each wing has a legal officer. Check with the JA - each state is going to have separate requirements. But under no circumstances should these forms be left unprotected or, even worse, thrown away. If they can't be shredded, they should be returned to the member when it's time to be discarded.
Or your friendly Nurse Officer:) HIPAA is often the least of your worries. But since private membership information is already restricted access, and mentioned specifically as such, then the information on the CAPF 60 should be treated as sensitive information. I have no issue with sticking a statement on the form that says as much.