Tip: Restrict PHI disclosures
Compliance Monitor, December 15, 2010
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
The HIPAA Privacy Rule requires that access to and disclosure of protected health information (PHI) be limited to the minimum necessary, with some exceptions, such as for treatment. The HITECH Act modifies that requirement so that covered entities will be in compliance if the PHI access, use, and disclosure are limited to either the minimum necessary or a “limited data set.”
The Privacy Rule permits a covered entity to use and disclose PHI in a limited data set without individual authorization for research, public health, and the covered entity’s healthcare operations. A limited data set must not include any direct identifiers for the individual, relatives, household members, or employers, including:
- Name
- Street address
- Telephone and fax numbers
- E-mail address
- Social Security number
- Certificate/license numbers
- Vehicle identifiers and serial numbers
- URLs and IP addresses
- Full-face photos and any other comparable images
This week’s question and answer was adapted from The HIPAA and HITECH Toolkit: A Business Associate and Covered Entity Guide to Privacy and Security. For more information about the book or to order your copy, visit the HCMarketplace.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
HIPAA Training Handbook for Business Associates
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Executive, Administrative and Corporate Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- Q/A: Coding infusions to correct low potassium levels
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- HIPAA Q&A: Level of encryption needed for email
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- CMS has reformulated payments for some bilateral procedures
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Understand the spine to code back procedures correctly
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- Searched