HIPAA Minimum Necessary Standard Violations

566 Words Jan 31st, 2018 2 Pages
In addition under the HIPAA Rules, covered entities and business associates are required to establish protocols that define the minimum necessary amount of PHI for routine uses, disclosures and requests, and how to apply the minimum necessary standard with respect to non-routine uses, disclosures and requests. Minimum necessary violations should be investigated and, if appropriate, reported according to the new breach notification rules. Business associates may be directly liable for minimum necessary standard violations. Covered entities may be liable for business associates' minimum necessary standard violations.
Important Employee Notes:
• Staff access to information must be based on the positions duties.
• Minimum information needed to do ones job is standard.
• All employees are expected to exercise reasonable efforts not to use or…
Open Document