{"elements":{"metas":{"hidden":true},"confluencelogo":{"hidden":true},"comments":{"hidden":true},"childpages":{"hidden":true},"profile":{"hidden":true},"admin":{"hidden":true},"people":{"hidden":true},"tools":{"hidden":true},"labels":{"hidden":true},"help":{"hidden":true},"breadcrumb":{"hidden":true},"watch":{"hidden":true},"sidebar":{"hidden":true},"spaces":{"hidden":true},"create":{"hidden":true},"share":{"hidden":true},"favorite":{"hidden":true},"notifications":{"hidden":true},"spacelogo":{"hidden":true},"likes":{"hidden":true}},"cssSelector":"","cssSelectorLocked":false}

EMTrack is designed to aid you in ensuring only qualified administrators and users have access to patients' and clients' protected health information (PHI).

Access Levels

If your facility or agency has encountered a patient, your organization has full access. This means you can search for and access that patient's information, including PHI. "Encountering" a patient means you and your organization are or have been directly involved in providing care to that client. This can occur during daily operations, such as when a patient presents at your ED or is being transported in one of your vehicles, or can be due to an incident. The more you are involved in caring for the patient, the more access you have to that patient's information.

EMTrack users involved in patient location efforts, such as family reunification, have limited access to patients through the Locate tab. If you have this role, you can search on a number of details in a patient's record, including some PHI. This is necessary to help you locate the individual patient. However, you are required to conduct very focused searches. You cannot conduct general searches that result in many patient records.

When an incident occurs, your facility or agency may be involved. Your organization determines your access, as follows:

Provider Facility

Your division is involved in the incident and you have full access to clients and their PHI when the clients are en route to, arrive at, or encountered by your facility.

Mobile Provider

Your division is involved in the incident and you have full access to clients and their PHI while the clients are at the incident site. After the client leaves the site, you have access to only the clients your agency encounters.

For more details, refer to:

• Roles and Access
• Incidents: Participation and Access Level

Logging and Auditing

To aid in compliance with HIPAA standards, EMTrack automatically logs user actions that provide or could provide access to client details, including PHI. This provides the support needed when an action must be traced to the date and time it occurred, as well as the user who performed the action.

Client actions that are logged include, but are not limited to, the following:

• Adding, editing, archiving, or deleting a patient record.
• Reinstating an archived or deleted patient record.
• Viewing a patient's detailed information.
• Acknowledging, receiving, or discharging a patient.
• Searching for a patient's record and viewing details.