HIPAA’s minimum necessary standard requires a covered entity to develop and implement policies and procedures to:
• Limit uses and disclosures of protected health information (PHI) to the minimum necessary amount of PHI to accomplish the purpose of the use or disclosure;
• Limit requests for PHI to the minimum necessary amount of PHI to accomplish the purpose of the request; and
• Limit who among the covered entity’s workforce has access to PHI.
Public Officials - Local and State Government Roles
Topics - Local and State Government