• E-mail
• Print
• RSS

Release of information to patients and minimum necessary requirements

HIM Connection, June 30, 2009

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

Q: When patients ask us to release their entire record, must we restrict disclosure to the minimum necessary?

A: The minimum necessary concept is important under HIPAA. It means that access to protected health information should be limited to the minimum amount that will achieve the purpose of the request. For example, when an insurer requests records to determine whether to pay the bill, staff members should release only the specific information necessary to process the claim. This concept also applies to employees. For example, a pharmacist, nurse, or orderly who is transporting a patient each requires access to different information, depending on the circumstance and the individual’s role. However, when patients request information and authorize the release of their entire medical record, we may comply with the request, as long as their request is clear.

Editor’s note: Chris Simons, RHIA, director of HIM and privacy officer at Spring Harbor Hospital in Westbrook, ME, answered this question. This information does not constitute legal advice. Consult your organization’s legal counsel for answers to specific privacy and security questions. This question and answer appeared in the July issue of Medical Records Briefing.

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• E-mail to a Colleague
• Print
• RSS
• Archive