To aid cardiac arrest victims quickly, The PulsePoint Foundation and Dignity Health St. Mary Medical Center are making the PulsePoint app available to individuals in the Long Beach area today. Aimed at average citizens and off-duty professionals trained in CPR, the app alerts registered users when a sudden cardiac arrest occurs in a public place in their immediate vicinity. Informed at the same time as emergency responders, users are given detailed instructions, including the location of automatic external defibrillators (AEDs) nearby.
How does the app work?
The application has three primary components – the mobile app, a middle tier web service, and a dispatch system interface. The mobile app is provided and maintained by the PulsePoint Foundation. Apps are currently available for the iPhone and iOS device platform and Android devices. One version of the software (on each platform) supports all agencies using the app (there is not a separate app for each agency). A configuration screen within the app allows users to select their desired agency or agencies. Member agencies can also provide a connection to local radio traffic to enable a streaming radio feed within the app. The middle tier is a (Amazon EC2) cloud-‐based web service that manages communications between the personal mobile devices and the emergency communication centers of member agencies. The service provides encrypted communication and secure identification (HTTPS with SSL/TLS protocol) to connected agencies within a highly reliable environment. This service is also provided and maintained by the PulsePoint Foundation. Emergency communication centers communicate with the middle tier service through an application programming interface (API). An API is simply a set of rules and specifications that software programs can follow to communicate with each other. The PulsePoint API serves as an interface between Computer-‐aided Dispatch (CAD) systems and PulsePoint services.
Does the app raise any HIPAA or other privacy concerns?
The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of individually identifiable health information. On a ‘CPR Needed’ notification, the app reports only an address (in a public place) and a business name, if available. Individually identifiable health information, such as name, birth date, or Social Security Number are not reported or known to the PulsePoint application. In addition, PulsePoint has retained Page, Wolfberg & Wirth, LLC to assist agencies understand legal issues related to the implementation of PulsePoint. PWW is a well respected EMS law firm specializing in dispatch liability and HIPAA issues. The PulsePoint app is a Location-‐Based Service (LBS) with the ability to make use of the geographical position of your mobile device. The LBS capabilities of the app allow you to see your current location relative to the incidents occurring around you. This is an optional feature that is not enabled by default – you must specially opt-‐in to utilize this functionality. In addition, if you opt-‐in to the CPR/AED notification, the PulsePoint server will store your current location for immediate reference during an emergency where you may be nearby. In this case, only the current location of your device is stored (no movement history is maintained) and your identity is never known to the PulsePoint application.
How do you know if people subscribing to the CPR/AED notification are really trained and qualified?
CPR today is very easy to perform and can be learned quickly in informal settings such as community street fairs, group training sessions, take-‐home DVD-‐based courses, or even by watching brief online videos. These types of training environments do not provide certificates of other forms of skill documentation. Automated External Defibrillators (AEDs) actually require no training to use. Therefore, there is no ability or even reason to verify that someone volunteering to help others with CPR or an AED has been formally trained.
Is there a risk that the app will draw too many bystanders to the emergency medical scene?
Only about a third of Sudden Cardiac Arrest victims receive bystander CPR, and public access Automated External Defibrillators (AEDs) are used less than 3% of the time when needed and available. The current situation is far too few bystander rescuers – not too many. The goal of the app is to engage additional bystanders in these lifesaving acts. If this situation was to truly materialize in the future it would be a major success and the radius of the notification could be reduced.
How do you prevent someone from using the CPR/AED notification to steal from or otherwise take advantage of a cardiac arrest victim?
For the app to be activated someone must first call the local emergency number (such as 911) to begin a normal public safety response. This means that the victim is likely not alone when the CPR/AED notifications are made. In addition, the app is only activated for incidents occurring in public places (not at someone’s home for example) furthering the likelihood that others will be present. Also, since the app is only activated on devices in the immediate vicinity of the victim, a “Bad Samaritan” has little opportunity to be in the right place at the right time.
How big is the notification radius for CPR/AED events?
The app aims to notify those essentially within walking distance of the event location. However, this distance is configurable on an agency by agency basis. Higher population densities usually warrant a smaller notification radius. Likewise, a rural area with longer local government response times may choose to notify over a broader area.
Can I be successfully sued if I voluntarily help a victim in distress?
The purpose of the Good Samaritan Law is to protect individuals that assist a victim during a medical emergency. Most Good Samaritan laws are created specifically for the general public. The law assumes that there is no medically trained person available to assist the victim. Since the Good Samaritan typically does not have medical training, the law protects him or her from being liable from injury or death caused to the victim during a medical emergency. A general layperson is protected under the Good Samaritan laws as long as he or she has good intentions to aid the victim to the best of his or her ability during a medical emergency. Since each state law has specific guidelines, and this text does not provide a worldwide view of this matter, you should familiarize yourself with the laws or acts applicable to you. A typical example of the wording appears below.
“…a person, who, in good faith, lends emergency care or assistance without compensation at the place of an emergency or accident, and who was acting as a reasonable and prudent person would have acted under the circumstances present at the scene at the time the services were rendered, shall not be liable for any civil damages for acts or omissions performed in good faith.”
Could the app make a CPR/AED notification when CPR isn’t needed?
Yes. With dispatchers making rapid over–‐the–‐telephone assessments of patients based on the observations of untrained callers, an incorrect determination can be made. For example, such a situation could occur with someone who has just had a grand mal seizure, passed out from too much alcohol, or has a very high blood sugar level. However, if you tried to do CPR on such an individual he or she would probably moan and possibly even try to push you away. Also, an AED would not deliver a shock to a person in any condition where an effective heartbeat was present.
How does PulsePoint determine if a location is Public?
The application first checks with the originating agency, as this is the most accurate source of local information of this nature. It does this by checking the value of the “Public” field sent in the interface (API) record for the incident. An agency can set this value to True if it is able to determine this through the computer–‐aided dispatch (CAD) system, a GIS layer, local database, etc. For example, if the CAD system of the local agency knows that the incident address is at a local park, it can inform PulsePoint, through the interface, to consider the location as public. Likewise, if CAD can determine that the address is an apartment building, it can set the value of “Public” in the interface to False. If the value of “Public” is left blank, PulsePoint will query public data sources such as the Residential/Commercial Indicator (RDI) from the USPS (PulsePoint uses the USPS address validation API from SmartyStreets) along with other sources such as the Google Places API to make this determination.