HIPAA Regulations: Limiting Or Disclosing PHI?

706 Words3 Pages
HIPAA regulations state that when using or disclosing PHI (protected health information) or when requesting PHI from another covered entity (a doctor’s office, dental practice, etc), a covered entity must make reasonable efforts to limit PHI, to the minimum necessary, to accomplish the intended purpose of the use, disclosure or request. So how do we accomplish the goal of limiting our PHI access and requests to the minimum necessary level? We look at three basic areas: levels of access to PHI, requesting PHI, and sending PHI. Giving employees specific levels of access to PHI Each employee should have just enough access to your medical record system to do their job. For instance, an employee who only answers the phone and sets appointments doesn’t generally need access to medical histories, x-rays, and other specific medical information. Therefore, their level of access to your practice software should be limited to seeing the schedule and creating or changing appointments. Alternatively, an employee who only treats patients and never handles billing information should not have access to credit card numbers, health insurance plan ID numbers, or other financial information in your systems. It may seem easier to just give everyone access to everything. However,…show more content…
When doing so, the outside specialist will likely request information about the patient: x-rays, medical histories, insurance information, etc. Therefore, it is important that you and your employees understand the difference between a routine request for information and a non-routine request for information. A routine request for information is the type of request you see all the time. The request is for the right amount of information for the third party specialist to perform their procedure. And the request shouldn’t make you question why they are asking for that specific

More about HIPAA Regulations: Limiting Or Disclosing PHI?

Open Document