8. What is meant when people refer to the “minimum necessary” requirement?
HIPAA’s minimum necessary standard generally requires a health care organization to take reasonable steps to limit the use of, disclosure or, and request for PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. However, the minimum necessary standard does not apply to the following types of disclosures:
1. Disclosure to or request by a health care provider for treatment purposes.
2. Use or disclosure made to the individual who’s the subject of the information.
3. Use or disclosure made under a valid authorization.
4. Use or disclosure required for compliance with HIPAA’s electronic transaction standards.
5. Use or disclosure required by other laws.
6. Use or disclosure to the Department of Health and Human Services.
The minimum necessary standard requires covered entities to develop and implement policies and procedures identifying the persons or classes of persons who need access to certain protected health information to carry out their job duties.
A Role Based Access Worksheet will be completed for each University employee that works for a health care component of the University.
Return to FAQ List
|
YOU ARE HERE : HOME / HIPAA Frequently Asked Questions / FAQ 8
