Add to collection(s) Add to saved
  1. Science
  2. Health Science

Document 12875368

advertisement 
JANUARY 2015 ISSUE – MINIMUM NECESSARY
THE MINIMUM NECESSARY REQUIREMENT
Vanderbilt University Medical Center makes a reasonable effort to ensure that the use or disclosure of
Protected Health Information (PHI) is limited to the minimum necessary to satisfy a particular purpose or carry
out a specific function unless it meets the following exceptions:
Exceptions to the Minimum Necessary Rule:
•
Disclosures to providers for treatment
•
Disclosures with a patient signed authorization
•
Verify the identity of the person requesting PHI
and the authority of that person to have access to
PHI. Release only the information about the patient
that is needed to complete the needed task
• Do not collect the social security number from an
individual if another identifier will work. SSNs are
protected to a higher standard than other patient
identifiers.
•
Limit the amount of amount of information
accessed or disclosed to only the minimum
necessary to accomplish the specific task.
For example: When communicating a MRN or an
Account number there is no reason to include the
patient full name and DOB since the recipient should
be able to access that information if needed using the
MRN or Account numbers.
• Leave only your name and phone number on
message machines when you are asking patients to
call you back. For example: DO NOT disclose any
details of the patient’s condition, appointments, test
results, or financial information on the answering
machine allowing access by others not authorized by
the patient to have access to the information unless
the patient has instructed you to do so.
•
Only share specific information that is requested
regarding an admission or a visit in response to a
Release of Information. For example: Do not
share or release more information than requested
just because more information is available.
• When emailing always follow the minimum
necessary rule and the electronic messaging policy.
For example: Use the MRN or Account number and
no other patient identifiers when including patient
protected health information (PHI) in an email or use
only the patient’s initials or just the patient’s last
name in combination with PHI. (You can also use the
File Transfer Application (Accellion) and send in a
secure attachment).
IM 10-30.02:
IM 10-30.15:
•
Disclosures directly to the patient
•
Disclosures required by HIPAA, the Office of Civil
Rights and required by Law
"Breach Notification: Unauthorized Access, Use, or Disclosure of Individually Identifiable patient or Other
Personal Information"
"Electronic Messaging of Individually Identifiable Patient and Other Sensitive Information"
For more information go to: www.mc.vanderbilt.edu/privacy or e-mail the Privacy Office at privacy.office@vanderbilt.edu
Created by the VUMC Privacy Office (936-3594)
Last Revised: 1/27/2015
Related documents
G2Endo Endocrinology & Metabolism
G2Endo Endocrinology & Metabolism
word - New England Neurological Associates, PC
word - New England Neurological Associates, PC
hipaa - Humboldt Neurological Medical Group
hipaa - Humboldt Neurological Medical Group
GASTROINTESTINAL AND LIVER CLINIC, PC
GASTROINTESTINAL AND LIVER CLINIC, PC
Notice Of Privacy Practices
Notice Of Privacy Practices
POLICY: HANDLING PATIENTS` CLINICAL PHONE CALLS
POLICY: HANDLING PATIENTS` CLINICAL PHONE CALLS
EAST CAROLINA UNIVERSITY ACCOUNTING OF DISCLOSURES
EAST CAROLINA UNIVERSITY ACCOUNTING OF DISCLOSURES
HIPAA – Health Insurance Portability and Accountability Act of 1996
HIPAA – Health Insurance Portability and Accountability Act of 1996
Policy Regarding Minimum Necessary Standard Applicable to Uses, Disclosures and Requests of
Policy Regarding Minimum Necessary Standard Applicable to Uses, Disclosures and Requests of
Document15573851 15573851
Document15573851 15573851
NOTICE OF PRIVACY PRACTICES FROM YOUR EMPLOYER’S EMERITI RETIREE HEALTH PLAN
NOTICE OF PRIVACY PRACTICES FROM YOUR EMPLOYER’S EMERITI RETIREE HEALTH PLAN
POLICY
POLICY
Download
advertisement