Paramedic Information Privacy Security and Assurance Alliance iCERT 2015

Paramedic Information Privacy Security & Assurance Alliance

Nick Nudell, MS, NRP• Licensed paramedic with BA in IT Management and MS

in InfoSec• Project Manager for national EMS Compass

performance measure initiative• Federal advisory committee member• A PrioriHealth Partner and board member of the

Paramedic Foundation• Executive Director of PIPSAA and the Ultra Medical

Team

© 2015 Paramedic Foundation

Paramedic Perspectives• 12/24/48/72 hour shifts are common• Deployed to street corners or station based• Responds to 0-20 calls per 24hrs• Time on task commonly 45-90 minutes• Training is moving towards degrees• Mobile medicine evolving with health reform• 900k in US working for 19k agencies caring for 45m

patients annually

© 2015 Paramedic Foundation

Paramedic Technologies

© 2015 Paramedic FoundationImage: LifeBot®

Paramedic Data Sources

© 2015 Paramedic FoundationImage: LifeBot®

R.E.S.C.U.M.E.

© 2015 Paramedic FoundationImage: FHWA/RITA

• Response, Emergency Staging and Communications, Uniform Management, and Evacuation

• Oncoming Vehicles - Warns drivers of lane closing and reduced speeds when approaching incident zones.

• Responder Vehicles - Warns on-scene responders of vehicles approaching the incident zone at speeds or in lanes that pose a high risk to their safety.

Connected Vehicles

© 2015 Paramedic FoundationVideo: FHWA/RITA

Intelligent Trans Systems

© 2015 Paramedic FoundationVideo: FHWA/RITA

Community Integration

© 2015 Paramedic FoundationVideo: PulsePoint Foundation

Paramedic Data• Electronic Patient Care Records (ePCR) are incident based records• National EMS Information System (NEMSIS) is the ONLY health care

data standard used nationally• Records are entered by smartphone, tablet, laptop, or station based

PC• Records are NOT integrated with hospital data systems in most

places• HIPAA is often inaccurately used as the excuse for data sharing

obstacles• Federal HealthIT programs have not included paramedic data

systems

© 2015 Paramedic Foundation

Paramedic Data Process• Usually given <20 minutes to ready for next call• Draft (or final) version of record is left at ED for

continuity of care• Data entry rules govern the process• Validation rules are applied to data for

transmission• Web services are used to send records through

workflow© 2015 Paramedic Foundation

PIPSAA• Formed in 2014 to address the many vulnerabilities of

paramedic data• A first of its kind collaboration between academia,

regulators, vendors, labor, and trade groups• Three primary work groups:

– PIPSAA Governance– Education & Certification Development– Communication & Outreach

• The “voice” of Paramedic Information Security

© 2015 Paramedic Foundation

Education Model

• Department of Homeland Security model

– Awareness 101 (Tier 1)

– Operations 201 (Tier 2)

– Technician 301 (Tier 3)

– Train The Trainer (eventually)

• Virtually provided

© 2015 Paramedic Foundation

Certification Model

• Paramedic Information Management Practitioner (PIMP)

• Oriented to bachelor’s prepared with IT background/skills

• Setting the standard for consultants or employees who will work with paramedic data systems

© 2015 Paramedic Foundation

PIMP Model

• Paramedic Data Analyst (PDA)

• Paramedic Data Manager (PDM)

• Paramedic Decision Support (PDS)

• Paramedic Data Integration (PDI)

• Paramedic Data Protection (PDP)

• Paramedic Data Governance (PDG)

© 2015 Paramedic Foundation

Outreach Efforts

• Writing paramedic & management journal articles

• Conference presentations (EMS, HIMSS, etc)

• Federal Agency liaison (FirstNet, SafeCom, NHTSA EMS, DOT ITS JPO, HHS ONC, HHS ASPR, WH, etc)

• Website & Social Media

• InfoSec consulting services

© 2015 Paramedic Foundation

Contact

Nick NudellPIPSAA Executive Director &

The Paramedic Foundation Board Member(760) 405-6869

[email protected]://www.facebook.com/groups/1395516920758227/

Hashtag #PIPSAA

© 2015 Paramedic Foundation