- Home
- Campus
- Employment Services
- Employee Handbook
Employee Handbook
- Table of Contents
- HIPAA Policies and Procedures
- Minimum Necessary Standard
14.7 Minimum Necessary Standard
14.7.1 Policy Statement
Whenever practical/feasible, the Health Plan will make reasonable efforts to limit use and disclosure of protected health information (PHI) to the minimum necessary to accomplish the appropriate intended purpose.
14.7.2 Policy Interpretation and Implementation
Minimum Necessary Standard |
When using, disclosing or requesting PHI, the Health Plan shall make reasonable efforts to limit PHI to the minimum necessary to accomplish the purpose. |
|
|
Access to PHI |
The Health Plan requires relevant staff to have access only to the minimum necessary PHI required by their job functions. It is the responsibility of the HIPAA Privacy Officer to limit the access of relevant staff to only the minimum necessary PHI required by their job function. The HIPAA Privacy Officer may delegate certain job functions to be performed by other individuals; however, the ultimate responsibility for compliance with HIPAA remains with the HIPAA Privacy Officer. |
|
|
Where Minimum Necessary Standard Does Not Apply |
Limiting use, disclosure or request of PHI to the minimum necessary does NOT apply in the following situations:
|
|
|
Disclosures of PHI by Health Plan |
From time to time relevant staff of the Health Plan will be asked to disclose PHI to other Covered Entities, regulatory agencies, law enforcement authorities and others. Many of these disclosures are permitted or required by law and do not require authorization of the individual. Others may require authorization of the individual whose PHI is to be disclosed. Except for those instances identified previously, the Health Plan will apply the minimum necessary standard to all disclosures. Relevant staff of the Health Plan may treat a request for a disclosure as being for the minimum necessary PHI when the request is:
|
|
|
Requests for PHI by Health Plan |
Relevant staff of the Health Plan must limit requests made by them for PHI to that which is reasonably necessary to accomplish the purpose of the request. |
|
|
Entire Medical Record |
The Health Plan will not use, disclose or request an entire medical record unless the entire medical record is specifically justified as reasonably necessary. Unjustified use, disclosure or request of an entire medical record will be considered a violation of this policy. The only exception regarding the entire medical record is when the information is provided to persons involved in the treatment of the individual. |
|
|
Record Retention |
A copy of all HIPAA covered information and any revisions shall be maintained for a period of at least six (6) years. Such retention may be in printed or electronic format, or both. |
|
|
HIPAA Privacy Officer |
The HIPAA Privacy Officer is responsible for the development and implementation of the HIPAA policies and procedures. The HIPAA Privacy Officer is also the contact person for any questions or complaints regarding HIPAA. Questions or concerns about HIPAA rights should be directed to the HIPAA Privacy Officer during regular business office hours Monday through Friday, except holidays at (651) 696-6280. |
|
|
Violations |
Violations of this policy will be subject to discipline. |