This is archived HHS content.
Skip to main content
HHS
.gov
Health Information Privacy
Search
U.S. Department of Health & Human Services
Search
Close
HHS A-Z Index
HIPAA for Individuals
Filing a Complaint
HIPAA for Professionals
Newsroom
HHS
>
HIPAA Home
>
For Professionals
>
FAQ
> Minimum Necessary
Text Resize
A
A
A
Print
Share
FAQs Categories
Authorizations (30)
Business Associates (42)
Compliance Dates (2)
Covered Entities (14)
Decedents (8)
Disclosures for Law Enforcement Purposes (7)
Disclosures for Rule Enforcement (2)
Disclosures in Emergency Situations (2)
Disclosures Required by Law (6)
Disclosures to Family and Friends (28)
Disposal of Protected Health Information (6)
Facility Directories (7)
Family Medical History Information (3)
FERPA and HIPAA (10)
Group Health Plans (3)
Health Information Technology (41)
Incidental Uses and Disclosures (10)
Judicial and Administrative Proceedings (8)
Limited Data Set (5)
Marketing (18)
Marketing - Refill Reminders (16)
Mental Health (35)
Minimum Necessary (14)
Notice of Privacy Practice (20)
Personal Representatives and Minors (13)
Preemption of State Law (10)
Privacy Rule: General Topics (12)
Protected Health Information (2)
Public Health Uses and Disclosures (13)
Research Uses and Disclosures (20)
Right to Access and Research (58)
Right to an Accounting of Disclosures (8)
Right to File a Complaint (1)
Right to Request a Restriction (2)
Safeguards (13)
Security Rule (25)
Smaller Providers and Businesses (147)
Student Immunizations (8)
Telehealth (11)
Transition Provisions (3)
Treatment, Payment, and Health Care Operations Disclosures (30)
Workers Compensation Disclosures (5)
Minimum Necessary
How are covered entities expected to determine what is the minimum necessary information that can be used, disclosed, or requested for a particular purpose?
Won't the HIPAA Privacy Rule's minimum necessary restrictions impede the delivery of quality health care by preventing or hindering necessary exchanges of patient medical information among health care providers involved in treatment?
Do the HIPAA Privacy Rule's minimum necessary requirements prohibit medical residents, medical students, nursing students, and other medical trainees from accessing patient medical information in the course of their training?
Must the HIPAA Privacy Rule's minimum necessary standard to be applied to uses or disclosures that are authorized by an individual?
Are providers required to make a minimum necessary determination to disclose to Federal or state agencies, such as the Social Security Administration (SSA) or its affiliated agencies, for individuals' applications for federal or state benefits?
Doesn't the HIPAA Privacy Rule minimum necessary standard conflict with the HIPAA transaction standards?
Does the HIPAA Privacy Rule strictly prohibit the use, disclosure, or request of an entire medical record? If not, are case-by-case justifications required each time the entire medical record is disclosed?
A provider might have a patient's medical record that contains older portions of a medical record that were created by another previous provider. Will the HIPAA Privacy Rule permit a provider who is a covered entity to disclose a complete medical record even though portions of the record were created by other providers?
In limiting access, are covered entities required to completely restructure existing workflow systems, including redesigning office space and upgrading computer systems, in order to comply with the HIPAA Privacy Rule's minimum necessary requirements?
Is a covered entity required to apply the HIPAA Privacy Rule's minimum necessary standard to a disclosure of protected health information it makes to another covered entity?
May a covered entity accept documentation of an external Institutional Review Board's (IRB) waiver of authorization for purposes of reasonably relying on the request as the minimum necessary?
Are business associates required to restrict their uses and disclosures to the minimum necessary? May a covered entity reasonably rely on a request from a covered entity's business associate as the minimum necessary?
Won't the HIPAA Privacy Rule's minimum necessary standard impede the ability of workers' compensation insurers, state administrative agencies, and employers to obtain the health information needed to pay injured or ill workers the benefits guaranteed them under State workers' compensation system?
May a covered entity that is a plaintiff or defendant in a legal proceeding use or disclose protected health information for the litigation?
Back to
T
op
This is archived HHS content.