1,708
edits
Line 170: | Line 170: | ||
All other uses and disclosures of PHI not described in the sections above are prohibited unless the patient signs an authorization specifically permitting the use/disclosure (Form CON-MR-0074). Restrictions on the use and disclosure of psychotherapy notes are explained in UNMC Policy No. 6066, [[Psychotherapy Notes]]. | All other uses and disclosures of PHI not described in the sections above are prohibited unless the patient signs an authorization specifically permitting the use/disclosure (Form CON-MR-0074). Restrictions on the use and disclosure of psychotherapy notes are explained in UNMC Policy No. 6066, [[Psychotherapy Notes]]. | ||
===Minimum Necessary=== | ===Minimum Necessary=== | ||
When using, disclosing or requesting PHI, staff shall make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purposes of the use, disclosure or request.[http://www.hhs.gov/ | When using, disclosing or requesting PHI, staff shall make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purposes of the use, disclosure or request.[http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/minimum-necessary-requirement/index.html 45 CFR 164.502(b)] | ||
:#Role-based Access; access to PHI shall be based on role performed as specified in the following: | :#Role-based Access; access to PHI shall be based on role performed as specified in the following: | ||
:##Computer security matrices maintained by electronic health record system security and other system administrators listing staff roles, job codes/titles and associated levels of access to PHI | :##Computer security matrices maintained by electronic health record system security and other system administrators listing staff roles, job codes/titles and associated levels of access to PHI |