Release of information to patients and minimum necessary requirements
HIM Connection, June 30, 2009
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Q: When patients ask us to release their entire record, must we restrict disclosure to the minimum necessary?
A: The minimum necessary concept is important under HIPAA. It means that access to protected health information should be limited to the minimum amount that will achieve the purpose of the request. For example, when an insurer requests records to determine whether to pay the bill, staff members should release only the specific information necessary to process the claim. This concept also applies to employees. For example, a pharmacist, nurse, or orderly who is transporting a patient each requires access to different information, depending on the circumstance and the individual’s role. However, when patients request information and authorize the release of their entire medical record, we may comply with the request, as long as their request is clear.
Editor’s note: Chris Simons, RHIA, director of HIM and privacy officer at Spring Harbor Hospital in Westbrook, ME, answered this question. This information does not constitute legal advice. Consult your organization’s legal counsel for answers to specific privacy and security questions. This question and answer appeared in the July issue of Medical Records Briefing.
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
HIPAA Handbook for Coders, Billers and HIM Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
The Privacy Officer's Handbook, Second Edition
Privacy and security requirements now extend to business associates and vendors of personal health records. Individuals, not...
-
ICD-10 Trainer
ICD-10 Trainer is a bi-weekly e-newsletter with the latest tips from the experts about how to get ready for the new coding...
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- HealthDataInsights posts new issues for medical necessity claims
- Running an effective peer review committee meeting
- Q&A: Incidental disclosures and patient privacy
- New FAQ posted on storing laryngoscope blades
- Sneak Peek: Effort underway to establish caseload benchmarks
- Tip: Perform your own internal investigation prior to government audit
- What does case-mix index mean to you?
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- What does case-mix index mean to you?
- HHS task force: Consider privacy, security with text messages
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Tip: Correctly code bilateral pain management procedures
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- COT basics to best
- Documentation and coding for toxic metabolic encephalopathy
- Guidance and tact key to compliant, effective physician queries
- Searched