: HOME  |  Privacy Policies  |  Frequently Asked Questions  |  Training

Privacy Forms - HCCs |  Privacy Information - Patients/Pacientes  

   Additional Information  |  Contact Information

YOU ARE HERE : HOME / HIPAA Frequently Asked Questions / HIPAA FAQ 3
3. The “Minimum Necessary Standard”?

HIPAA’s Minimum Necessary standard generally requires a Covered Entity to take reasonable steps to limit the use of, disclosure of, or request for PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. However, the Minimum Necessary standard does not apply to the following types of disclosures, including:

1. Disclosure to or request by a health care provider for treatment purposes.

2. Use or disclosure made to the individual who is the subject of the PHI.

3. Use or disclosure made under a valid Authorization.

4. Use or disclosure required for compliance with HIPAA’s electronic transaction standards.

5. Use or disclosure required by other laws.

6. Use or disclosure to the Department of Health and Human Services.

The Minimum Necessary standard requires Covered Entities to develop and implement policies and procedures identifying the persons or classes of persons who need access to certain Protected Health Information to carry out their job duties. The University meets this requirement through the Role-Based Access Worksheet.

A Role-Based Access Worksheet must be completed for each University employee who works for a Health Care Component of the University.

Return to FAQ List
TOP ^  

The University of Oklahoma Health Sciences Center

Office of Compliance
P. O. Box 26901
Oklahoma City, OK 73129
Phone: (405) 271-2511, (866) 836-3150
Fax: (405) 271-1076

Copyright © 2014 The Board of Regents of the University of Oklahoma, All Rights Reserved.
Disclaimer | Copyright