HIPAA Privacy Rule - Minimum Necessary
A central aspect of the HIPAA Privacy Rule is the principle of "minimum necessary" use and disclosure.
- A covered entity must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.
- A covered entity must develop and implement policies and procedures to reasonably limit uses and disclosures to the minimum necessary.
When the minimum necessary standard applies to a use or disclosure, a covered entity may not use, disclose, or request the entire medical record for a particular purpose, unless it can specifically justify the whole record as the amount reasonably needed for the purpose.
The minimum necessary requirement is not imposed in any of the following circumstances:
- disclosure to or a request by a health care provider for treatment;
- disclosure to an individual who is the subject of the information, or the individual's personal representative;
- use or disclosure made pursuant to an authorization;
- disclosure to HHS for complaint investigation, compliance review or enforcement;
- use or disclosure that is required by law; or
- use or disclosure required for compliance with the HIPAA Transactions Rule or other HIPAA Administrative Simplification Rules.
ComplianceOnline Training on Healthcare Regulations
Make your Electronic Health Records HIPAA Compliant
HIPAA compliance requirements for Electronic Health Records (EHR) - Stage 1 and Stage 2 Meaningful Use Attestation
HIPAA compliance requirements for Electronic Health Records (EHR) - Stage 1 and Stage 2 Meaningful Use Attestation
How To Conduct a HIPAA Meaningful Use Risk Analysis
Risk Analysis - Meaningful Use Stage I objectives - privacy and security of protected health information (PHI)
Risk Analysis - Meaningful Use Stage I objectives - privacy and security of protected health information (PHI)
Social Media and Healthcare - Meeting Patient Needs and Desires, and Ensuring Privacy and Security
Requirements, the risks, and the issues in using mobile devices - social networking for patient communications
Requirements, the risks, and the issues in using mobile devices - social networking for patient communications
HIPAA Breach Notification - New rules significantly change how you determine what to report
New HIPAA Breach Notification rules-tips for preventing and preparing for breaches-the new penalties for non compliance- how to prepare for HIPAA audits
New HIPAA Breach Notification rules-tips for preventing and preparing for breaches-the new penalties for non compliance- how to prepare for HIPAA audits
HIPAA and Business Associates - New Rules, New Obligations, New Agreements
Significant changes to the HIPAA rules for Business Associates - the new challenges for HIPAA Covered Entities and Business Associates - new risks for non-compliance and penalties
Significant changes to the HIPAA rules for Business Associates - the new challenges for HIPAA Covered Entities and Business Associates - new risks for non-compliance and penalties
