Safeguarding EMS Clinician Data: A Critical Step in Protecting the Workforce
As EMS Clinicians, we dedicate our lives to protecting others—but who is protecting us? In a world where cyber threats are becoming more sophisticated and relentless, safeguarding our personal and professional information is no longer optional—it’s essential. From identity theft to targeted attacks, the risks of exposed licensure data are real, and the consequences can be serious. Recognizing these threats, the Interstate Commission for EMS Personnel Practice is taking decisive action to ensure that EMS Clinicians receive the same level of data security protections afforded to other frontline professionals.
The Interstate Commission for EMS Personnel Practice has taken a bold step in this direction with the adoption of Position Paper 2025-01: EMS Workforce Privacy Protection. This paper establishes a national stance on protecting EMS Clinician licensure data, ensuring that while transparency in credential verification remains intact, the personal and professional security of EMS Clinicians is not compromised.
As Donnie Woodyard, Executive Director of the United States EMS Compact, explains:
“The ability to verify an EMS Clinician’s credentials is essential, but it should never come at the cost of their safety. Just as we protect our first responders in the field, we must also protect their data. The adoption of Position Paper 2025-01 is a definitive statement that safeguarding the EMS workforce is non-negotiable."
This sentiment is echoed by Kraig Kinney, Chair of the Commission:
Position Paper 2025-01 calls for additional safeguards to protect EMS Clinicians who serve in these critical roles, including:
The implementation of the National EMS Identification Number (NEMSID) is also a key initiative in this effort. By allowing states to securely share licensure data for workforce planning and credentialing, NEMSID eliminates bureaucratic barriers while maintaining data security.
With nationwide adoption, these policies will:
“EMS Clinicians stand ready to serve their communities in moments of crisis,” Woodyard adds. “It’s time we stand ready to protect them—not just in the field, but in every aspect of their professional and personal lives.”
By working together, states can uphold the dual imperatives of transparency and security—ensuring that EMS Clinicians can serve with confidence, knowing that their personal and professional information is safe.
The future of EMS workforce protection starts now—and it starts with decisive action by each State.
The Interstate Commission for EMS Personnel Practice has taken a bold step in this direction with the adoption of Position Paper 2025-01: EMS Workforce Privacy Protection. This paper establishes a national stance on protecting EMS Clinician licensure data, ensuring that while transparency in credential verification remains intact, the personal and professional security of EMS Clinicians is not compromised.
The Rising Threat to EMS Clinician Data
Over the past decade, cyber threats have intensified, with healthcare professionals increasingly targeted in data breaches, identity theft, and doxxing attacks. The COVID-19 pandemic further exposed these vulnerabilities, as frontline responders—already under immense pressure—became the victims of harassment, threats, and privacy violations due to the widespread exposure of their personal information. The lack of uniform, standardized safeguards for EMS licensure data has left clinicians exposed to exploitation in ways that other frontline professionals are not.
Recognizing this critical gap, the Interstate Commission for EMS Personnel Practice established a Data Protection Work Group, conducting a year-long, comprehensive review of how EMS licensure data is stored, accessed, and utilized across Compact member states. What they found was concerning:
- While general personally identifiable information (PII) protection laws exist, many professions—such as law enforcement, physicians, military personnel, and even elected officials—benefit from additional legal safeguards that restrict public access to their professional data. EMS Clinicians, despite their critical role in emergency response, are frequently excluded from these protections, leaving their licensure data more vulnerable to misuse and unauthorized access.
- Some states provide only essential licensure verification details, while others release bulk data sets—which, in the wrong hands, can be exploited for malicious purposes.
- In some states EMS Clinicians lack the same privacy protections afforded to law enforcement and other public safety officials, despite serving on the front lines of emergencies and disasters.
Balancing Transparency and Security
The challenge lies in striking the right balance between public transparency and data security. The public and employers must have a reliable means of verifying an EMS Clinician’s credentials through primary source verification. However, unrestricted access to this data—especially when provided in bulk—creates an open door for cybercriminals, identity thieves, and bad actors.As Donnie Woodyard, Executive Director of the United States EMS Compact, explains:
“The ability to verify an EMS Clinician’s credentials is essential, but it should never come at the cost of their safety. Just as we protect our first responders in the field, we must also protect their data. The adoption of Position Paper 2025-01 is a definitive statement that safeguarding the EMS workforce is non-negotiable."
This sentiment is echoed by Kraig Kinney, Chair of the Commission:
“We must be proactive rather than reactive. Waiting until a major data breach or security incident affects EMS personnel is not an option. The Commission has taken a leadership role in setting best practices that prioritize both security and accessibility—ensuring that licensure verification remains robust without compromising personal safety.”
What Must Be Protected?
Position Paper 2025-01 sets clear, nationwide standards for data protection, aligning with federal definitions of PII. Under these guidelines, states should never disclose the following:- Social Security numbers, passport numbers, driver’s license numbers, and taxpayer identification numbers.
- Personal addresses, phone numbers, and private email addresses.
- Biometric data, such as fingerprints, retina scans, or facial recognition details.
- Bulk datasets that could be combined to target individuals or groups of EMS Clinicians.
- Allow searches by first and last name, state-issued EMS license number, or National EMS ID number.
- Restrict publicly displayed information to only what is necessary for credential verification, including:
- First and last legal name
- State/jurisdiction of licensure
- License level
- License expiration date
- License status (active, expired, restricted, revoked)
- Any final disciplinary actions, if legally required for public disclosure
- Prohibit wildcard or Boolean searches (e.g., “First Name: A*, Last Name: S*”), which can be used to generate massive lists of EMS Clinicians, putting them at risk.
A Matter of National Security
The protection of EMS Clinician data is not just a privacy issue—it is a matter of national security. Many EMS Clinicians also serve in critical roles within the military, law enforcement, and federal response agencies. Ensuring the confidentiality and security of their licensure records is essential to safeguarding both individual professionals and the integrity of emergency response operations. Moreover, the nation’s EMS system is a vital component of national security, preparedness, and response critical infrastructure. Any compromise to EMS workforce data could have far-reaching implications for emergency readiness and resilience. The Commission emphasizes the need for robust protections to prevent unauthorized access, reinforcing national preparedness and the stability of essential response systems.Position Paper 2025-01 calls for additional safeguards to protect EMS Clinicians who serve in these critical roles, including:
- Vetting all bulk data requests to ensure they are not originating from foreign, local actors or those with malicious intent.
- Implementing rigorous verification procedures for data requestors.
- Strictly prohibiting the release of EMS Clinician PII through public records requests.
- Ensuring that military and federal employee EMS licensure data is handled in compliance with federal security laws.
The Call for Nationwide Adoption
While the United States EMS Compact currently includes 24 member states, the Commission is urging all states—Compact members and non-members alike—to adopt these vital protections.The implementation of the National EMS Identification Number (NEMSID) is also a key initiative in this effort. By allowing states to securely share licensure data for workforce planning and credentialing, NEMSID eliminates bureaucratic barriers while maintaining data security.
With nationwide adoption, these policies will:
- Enhance public confidence in the integrity of EMS licensure systems.
- Reduce administrative burdens on state EMS offices.
- Strengthen cybersecurity protections against data breaches and targeted attacks.
- Provide EMS Clinicians with the same level of security afforded to law enforcement and other frontline professionals.
Moving Forward: A Unified Commitment to Protection
The adoption of Position Paper 2025-01 marks a pivotal moment in the effort to protect EMS Clinicians from unnecessary data exposure and security threats. The Interstate Commission for EMS Personnel Practice is leading the way, but state EMS offices, regulators, and policymakers must take action to implement these recommendations.“EMS Clinicians stand ready to serve their communities in moments of crisis,” Woodyard adds. “It’s time we stand ready to protect them—not just in the field, but in every aspect of their professional and personal lives.”
By working together, states can uphold the dual imperatives of transparency and security—ensuring that EMS Clinicians can serve with confidence, knowing that their personal and professional information is safe.
The future of EMS workforce protection starts now—and it starts with decisive action by each State.