Tip for your beginner staff
HIPAA Weekly Advisor, December 27, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Editor's note: Share this tip this week with your staff:
The HIPAA Privacy Rule requires that access to and disclosure of protected health information (PHI) be limited to the minimum necessary, with some exceptions, such as for treatment. The HITECH Act modifies that requirement so that covered entities will be in compliance if the PHI access, use, and disclosure are limited to either the minimum necessary or a “limited data set.”
The Privacy Rule permits a covered entity to use and disclose PHI in a limited data set without individual authorization for research, public health, and the covered entity’s healthcare operations. A limited data set must not include any direct identifiers for the individual, relatives, household members, or employers, including:
- Name
- Street address
- Telephone and fax numbers
- E-mail address
- Social Security number
- Certificate/license numbers
- Vehicle identifiers and serial numbers
- URLs and IP addresses
- Full-face photos and any other comparable images
This was adapted from The HIPAA and HITECH Toolkit: A Business Associate and Covered Entity Guide to Privacy and Security. For more information about the book or to order your copy, visit the HCMarketplace.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- Identify potential Medicaid RAC target areas
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched