Use and Disclosure of Protected Health Information: Difference between revisions

Use and Disclosure of Protected Health Information (view source)

7 bytes removed , February 11, 2016

1,707

edits

@@ Line 170: / Line 170: @@
 All other uses and disclosures of PHI not described in the sections above are prohibited unless the patient signs an authorization specifically permitting the use/disclosure (Form CON-MR-0074). Restrictions on the use and disclosure of psychotherapy notes are explained in UNMC Policy No. 6066, [[Psychotherapy Notes]].
 ===Minimum Necessary===
-When using, disclosing or requesting PHI, staff shall make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purposes of the use, disclosure or request.[http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/coveredentities/minimumnecessary.pdf 45 CFR 164.502(b)]
+When using, disclosing or requesting PHI, staff shall make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purposes of the use, disclosure or request.[http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/minimum-necessary-requirement/index.html 45 CFR 164.502(b)]
 :#Role-based Access; access to PHI shall be based on role performed as specified in the following:
 :##Computer security matrices maintained by electronic health record system security and other system administrators listing staff roles, job codes/titles and associated levels of access to PHI