ComplianceOnline

HIPAA Privacy Rule - Information Access Management


Consistent with the HIPAA Privacy Rule standard limiting uses and disclosures of PHI to the "minimum necessary," the HIPAA Security Rule requires a covered entity to implement policies and procedures for authorizing access to e-PHI only when such access is appropriate based on the user or recipient's role (role-based access).