Tip: Restrict PHI disclosures
Compliance Monitor, December 15, 2010
The HIPAA Privacy Rule requires that access to and disclosure of protected health information (PHI) be limited to the minimum necessary, with some exceptions, such as for treatment. The HITECH Act modifies that requirement so that covered entities will be in compliance if the PHI access, use, and disclosure are limited to either the minimum necessary or a “limited data set.”
The Privacy Rule permits a covered entity to use and disclose PHI in a limited data set without individual authorization for research, public health, and the covered entity’s healthcare operations. A limited data set must not include any direct identifiers for the individual, relatives, household members, or employers, including:
- Name
- Street address
- Telephone and fax numbers
- E-mail address
- Social Security number
- Certificate/license numbers
- Vehicle identifiers and serial numbers
- URLs and IP addresses
- Full-face photos and any other comparable images
This week’s question and answer was adapted from The HIPAA and HITECH Toolkit: A Business Associate and Covered Entity Guide to Privacy and Security. For more information about the book or to order your copy, visit the HCMarketplace.
Related Products
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
-
The HIPAA Omnibus Rule
Understand the HIPAA Omnibus Rule and what you must do to ensure compliance
-
HIPAA Handbook for Behavioral Health Staff
This update will help covered entities and business associates provide their workforce members the training that is a...
-
HIPAA Handbook for Business Associates
This update will help covered entities and business associates provide their workforce members the training that is a...
-
HIPAA Handbook for Coders, Billers, and HIM Staff
This update will help covered entities and business associates provide their workforce members the training that is a...
Most Popular
- Articles
-
- Note from Hugh
- Jury sides with blood lab technician in New Jersey whistleblower case
- Questions surround when time starts for proposed inpatient presumption
- Q/A: Should we use modifier -Q0 to override edits for ICDs?
- Five tips for an effective hospital patient safety program
- Overnight physicians in ICU show little effect on outcomes
- QAPI is coming: Is your facility preparing for its arrival?
- CMS releases updated MDS 3.0 RAI User's Manual
- Tip: Review codes that are now packaged
- CNO Tech Decisions May Fail to Meet Staff Nurse Needs
- E-mailed
-
- Questions surround when time starts for proposed inpatient presumption
- Jury sides with blood lab technician in New Jersey whistleblower case
- Q/A: Should we use modifier -Q0 to override edits for ICDs?
- Overnight physicians in ICU show little effect on outcomes
- Tip: Review codes that are now packaged
- QAPI is coming: Is your facility preparing for its arrival?
- ACDIS/AHIMA brief provides guidance on query best practices
- Maine comes in first in hospital safety
- Surgical residents disapprove of duty hour restrictions
- Tip: Nursing documentation requirements for observation services
- Searched