HIPAA [Healthcare Compliance Tips]
HIPAA & Marketing Rule [Healthcare Compliance Tips]
HIPAA [Healthcare Compliance Tips]
HIPAA & Marketing Rule [Healthcare Compliance Tips]

Minimum Necessary & PHI Use [Healthcare Compliance Tips]

Review and share the key components of HIPAA with all employees and patients.

We know that most of you are familiar with HIPAA; however, reviewing this from a compliance perspective is key. Let’s discuss the following, such as:

Protected Health Information (PHI)

PHI is defined as individually identifiable health information in any form, electronic or non-electronic, that is held or transmitted by a covered entity.

Examples of PHI are:

  • Patient’s name
  • Address
  • Birth dates
  • Telephone number
  • Social security number
  • Medical records

Minimum Necessary

Minimum necessary means to disclose the minimum amount of PHI needed for the intended purpose.

Your compliance team will play a role in creating a policy to limit the use of PHI so that the entire patient medical record is not disclosed unless it is necessary for the treatment or requested by the patient or third party.

An example of policy verbiage should include but not limited to:

  • Describing how the employee should access records.
  • Instructions on including only direct care information.
  • An explanation of how employees should not access their info or a co-worker’s (this is an example for larger practices).

Use and Disclosure of PHI

The following are disclosure examples that does not require an individual’s authorization, such as:

Example 1

  • Treatment, payment, and healthcare operations can be disclosed for treatment purposes, quality review activities, and fraud and abuse detection.

Example 2

  • PHI can be disclosed in emergencies and informal disclosures.

Example 3

  • Public interest and benefit activities, which would be law enforcement, public health issues such as FDA requirements, health surveillance, or victim abuse.

We suggest that you train your staff at least annually, which will protect the practice and reduce the number of possible OIG calls due to non-compliant factors.

**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties.  Research, modify, and tailor the advice to fit your specialty.

Joi Sherrod, MPH, CPC, CPCO
Joi Sherrod, MPH, CPC, CPCO
Joi is an educator and owner of JNC Healthcare Compliance Group. After working for distinguished academic teaching hospitals and clinics, she is passionate about helping medical, dental, and behavioral health practices rethink healthcare compliance one trend at a time. Contact Joi at info@jnccompliance.com.