25
edits
Use and Disclosure of Protected Health Information: Difference between revisions
Use and Disclosure of Protected Health Information (view source)
Revision as of 08:53, June 24, 2013
, June 24, 2013no edit summary
No edit summary |
No edit summary |
||
| Line 186: | Line 186: | ||
===Minimum Necessary=== | ===Minimum Necessary=== | ||
When using, disclosing or requesting PHI, staff shall make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purposes of the use, disclosure or request. [45 CFR 164.502(b)] | When using, disclosing or requesting PHI, staff shall make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purposes of the use, disclosure or request. [[http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/minimumnecessary.pdf 45 CFR 164.502(b)]] | ||
:#Role-based Access; access to PHI shall be based on role performed as specified in the following: | :#Role-based Access; access to PHI shall be based on role performed as specified in the following: | ||
:##Computer security matrices maintained by electronic health record system security and other system administrators listing staff roles, job codes/titles and associated levels of access to PHI | :##Computer security matrices maintained by electronic health record system security and other system administrators listing staff roles, job codes/titles and associated levels of access to PHI | ||