How HIPAA and EMTALA work together to prevent patient dumping

According to the National Law Review, “Patient dumping refers to situations when hospitals deny emergency medical screening and stabilization services. It also refers to instances when a hospital transfers an individual to another hospital after discovering that the individual does not have insurance or a means to pay for treatment.”

The historical context of patient dumping

Patient dumping has been impacting vulnerable populations for decades, making it difficult for many to receive healthcare. However, with EMTALA, some medical services must be provided to patients regardless of their economic status.

According to the U.S. Commission on Civil Rights report on Patient Dumping, “Historically, American law did not require hospitals to admit patients, despite sporadic legislative attempts to change this practice. In 1986, however, President Reagan signed EMTALA into law. Before the enactment of EMTALA, most hospitals enjoyed the common-law “no duty” rule, which allowed them to refuse treatment to anyone. Hospitals believed indigent patients should receive care through charitable organizations or through uncompensated care provided by hospitals.”

These practices affected vulnerable populations:

• Individuals living in poverty
• The uninsured and underinsured
• Racial and ethnic minorities
• People experiencing homelessness
• Those with chronic mental health conditions

As a result, “After EMTALA, Medicare-participating hospitals must provide a medical screening exam to any individual who comes to the emergency department and requests examination or treatment for a medical condition. If a hospital determines that an individual has a medical emergency, it must then stabilize the condition or provide for an appropriate transfer. The hospital is obligated to provide these services regardless of the individual’s ability to pay and without delay to inquire about the individual’s method of payment or insurance status.”

Based on the U.S. Commission on Civil Rights report, HHS OIG and Public Citizen's Health Research Group found increases in EMTALA-related activities between 1987 and 1998, with investigations rising by 390 percent and confirmed violations increasing by 683 percent.

Statistics on insurance status and patient dumping

A study, published in JAMA Internal Medicine in 2019, reviewed over 215,000 emergency department admissions for typical pulmonary conditions (pneumonia, COPD, and asthma) in 160 U.S. hospitals that possess intensive care capability and found disparities numerous, including:

Transfer patterns based on insurance status

• Uninsured patients were 2.41 times more likely to be transferred to another hospital compared to privately insured patients
• Medicaid beneficiaries were 1.19 times more likely to be transferred compared to privately insured patients 
• While only 1.2% of privately insured patients were transferred, 1.6% of uninsured patients and 1.3% of Medicaid recipients experienced transfers

Discharge patterns based on insurance status

• Uninsured patients were 1.66 times more likely to be discharged from the emergency department rather than admitted
• 88.8% of uninsured patients were discharged compared to 78.5% of privately insured patients
• Medicaid beneficiaries had similar discharge rates to privately insured patients after risk adjustment

Emergency Medical Treatment and Labor Act (EMTALA)

EMTALA established three core requirements for hospitals that participate in Medicare:

1. Required medical screening: Hospitals must provide an appropriate medical screening examination to anyone who comes to the emergency department for examination or treatment.
2. Stabilization requirement: If an emergency medical condition is diagnosed, the hospital must provide stabilizing treatment before transferring the patient.
3. Transfer limitations: Patients can be transferred to another facility only if:
   1. The transferring hospital cannot provide the required treatment
   2. The patient provides a written request for transfer
   3. The physician determines that the benefits of transfer outweigh the risks

Health Insurance Portability and Accountability Act (HIPAA)

1. Privacy as protection against financial discrimination

HIPAA's Privacy Rule placed requirements on when and how an individual patient's protected health information (PHI) can be accessed and shared. It encompasses financial information such as insurance status, payment history, and capacity to pay. By limiting how such data can be accessed during the process of triage and initial care, HIPAA creates a block between clinical decisions regarding care and financial issues to some extent.

In practice, this means:

• Emergency department staff cannot delay screening tests to confirm insurance status
• Clinical staff generally do not have immediate access to individual payment information during the first visit
• Financial screening must be conducted separately from clinical screening

In the abstract of Protecting Privacy to Prevent Discrimination, Jessica L. Roberts states, “A person cannot consider information that she does not have. Unlawful discrimination, therefore, frequently requires discriminators to have knowledge about protected status.”

2. Documentation and records management requirements

HIPAA added documentation and records management requirements that can prevent patient dumping, including:

Complete and accurate records: HIPAA requires that healthcare providers maintain complete, accurate, and accessible medical records. This gives a precise paper record of all clinical decisions, transfers, and discharges that can later be reviewed to determine whether the treatment decisions were medically sound or financially driven.

Transfer Documentation: During transfer from one facility to another, HIPAA requires documentation including:

• Reason for transfer
• Risk-benefit analysis
• Patient consent (where necessary)
• Receiving facility acceptance

Audit trails: Electronic health records (EHRs) employed to meet HIPAA requirements contain extensive audit trails that identify who accessed a patient's data and when. This allows tracing the sequence of events leading to a decision to transfer or discharge.

These record requirements engender transparency and accountability that make dumping patients harder to do without detection. They also provide evidence if inappropriate transfer or discharge is suspected.

3. Patient right to access records

HIPAA's patient right of access can also help patients be aware of potential patient dumping:

Informed patients: If patients are able to access their own records, they become better informed about their medical conditions and care plans. This makes them aware of improper discharges or transfers. 

Evidence for complaints: Medical records under HIPAA access provisions may be evidence in patient dumping complaints to regulatory agencies or in lawsuits.

Family advocacy: Patient advocates or family members, with proper authorization, can potentially view records to identify potential infractions and encourage appropriate care.

Post-discharge continuity: Access to complete records can enable transferred or discharged patients to seek adequate follow-up care, potentially preventing some of the negative impacts of early discharge.

4. Administrative Simplification and Coverage Verification

HIPAA's administrative simplification provisions standardize electronic transactions like eligibility verification, which has two contradictory implications for patient dumping:

Potential risk: Quicker verification of insurance means hospitals can report uninsured or underinsured patients more easily, potentially making discriminatory behavior simpler.

Potential protection: Standardized procedures bring more transparency and accountability to the use of insurance information in treatment decisions. More streamlined claims processing can also eliminate financial incentives that induce patient dumping.

The compliance intersection

HIPAA and EMTALA create a complementing compliance mechanism that, when properly implemented, provides effective safeguards against patient dumping practices. Health centers must operate through both systems simultaneously:

Documentation standardization: EMTALA requires certain documentation for emergency screening, stabilization process, and transfer. HIPAA requires these documents to be thorough, accurate and well-documented. Together, they create an overall documentation standard.

Information sharing: EMTALA authorizes (and in some instances mandates) some information sharing during transfers, but HIPAA's Privacy Rule limits how that information may be shared. Both sets of requirements need to be met by facilities at the same time.

Enforcement synergy: Noncompliance with either law will initiate investigations that usually reveal noncompliance with the other. Violation of EMTALA for an inappropriate transfer, for instance, may reveal HIPAA noncompliance in the handling of the patient information transfer process.

Compounded penalties: Hospitals that are found to violate the statutes have much more severe compounded penalties, such as:

• Civil monetary penalties (up to $50,000 per violation for EMTALA and tiered penalties up to $1.9 million per year for HIPAA)
• Exclusion from Medicare/Medicaid programs
• Civil liability to the affected patients
• Damage to reputation

Related: The complete guide to HIPAA violations

Case study: Nevada's Rawson-Neal Psychiatric Hospital

The Rawson-Neal Psychiatric Hospital in Nevada's case, which released patients by sending them across state lines without adequate continuity of care or follow-up treatment plans, has serious implications under both the EMTALA and HIPAA.

​

Violations of EMTALA

• Failure to accomplish proper medical screening and stabilization: Under EMTALA, hospitals have an obligation to conduct thorough medical screenings to determine the existence of an emergency medical condition and, where such exists, to stabilize the patient before discharging or transferring him/her. Rawson-Neal's discharge of the patients without correct discharge planning or suitable follow-up treatment arrangements could be considered a violation of EMTALA's obligations.
• Involuntary transfer without proper care: Under EMTALA, hospitals cannot transfer patients in an unstable condition unless certain criteria are fulfilled, like making certain the transfer is medically appropriate and the receiving center can provide suitable care. Transporting patients to unknown locations without proper care details may be an inappropriate transfer according to EMTALA.

HIPAA considerations

• Protection of patient privacy and confidentiality: HIPAA requires patient information to be treated with confidentiality, in such a way that disclosures are made only upon due consent or authorization. Even though the central concern in this scenario is the inappropriate discharge and transfer of patients, any release of patient information in the process needs to follow HIPAA's privacy standards.

Consequences and legal actions

• Loss of accreditation and medicare funding: The Joint Commission's decision to deny accreditation for Rawson-Neal Psychiatric Hospital was influenced by patient safety and discharge issues. Subsequently, the Centers for Medicare & Medicaid Services (CMS) action to withdraw Medicare funding came under the provisions citing deficiencies which have a harmful impact on the patient's health and safety.
• Legal settlements and lawsuits: Nevada state agreed to pay $400,000 to resolve claims that it improperly discharged patients to San Francisco without adequate care plans. Additionally, a class-action lawsuit resulted in a jury verdict of $250,000 awarded to James Flavy Coy Brown, a patient who was discharged as part of these practices.

FAQs

Can a hospital be penalized for patient dumping under both HIPAA and EMTALA simultaneously?

Yes, hospitals can face separate penalties under both HIPAA and EMTALA, leading to significant financial consequences and damage to their reputation.

Can a hospital discharge a patient if they have not been properly stabilized according to EMTALA?

No, under EMTALA, a hospital cannot discharge or transfer a patient who has not been properly stabilized, even if they lack insurance or cannot pay for treatment.

How does HIPAA ensure the continuity of care after a patient is transferred?

HIPAA requires proper transfer documentation and patient consent, ensuring that the receiving facility has the necessary information to continue appropriate care.

How do hospitals ensure compliance with both HIPAA and EMTALA when dealing with vulnerable populations like the uninsured?

Hospitals must prioritize medical treatment and stabilization first, ensure all documentation is complete and accurate, and protect patient privacy in compliance with both HIPAA and EMTALA.