Minimum Necessary
What is the HIPAA Minimum Necessary Standard?
HIPAA-covered entities are required to make reasonable efforts to ensure that access to Protected Health Information (PHI) is limited to the minimum necessary to accomplish the intended purpose of a particular use, disclosure, or request. USA Health continually monitors and evaluates practices and procedures to limit unnecessary and inappropriate access to, disclosure of, and requests for PHI.
Expanded Protection
USA Health expands protection of protected health information through the use of Maize Analytics®, a privacy monitoring software that utilizes artificial intelligence to evaluate the appropriateness of access and actions involving a patient’s protected health information maintained in the electronic medical record.
Patients trust USA Health as their healthcare provider and ensuring the privacy of their protected health information is an essential part of maintaining that trust, thus impacting patient compliance and outcomes. Protecting this information gives patients the confidence to share their most sensitive information and to seek care from USA Health.
Among the activities detected by Maize are:
- Accessing medical records outside the normal scope of business.
- Detecting shared or compromised login credentials (usernames and passwords).
USA Health employees who access medical records should:
- Only access patient health information when there is a business need.
- Not access a family member’s record, a co-worker’s record, or any record in which the employee is not a part of the care team or performing a job-related duty.
- Only access the minimum necessary information to perform one’s job.
Policy Spotlight:
In the News! – Violations to the Minimum Necessary rule:
