|
Covered Entity’s Workforce Access to Protected Health Information
“MINIMUM NECESSARY”
|
The HIPAA Privacy regulation requires organizations to limit workforce access to protected health information (PHI) to the minimum amount of PHI necessary to do their jobs.
Use this worksheet to identify your job categories (including volunteers), the PHI individuals in those categories currently can access, the minimum needed to do their jobs effectively, information currently accessed that is not needed, and any conditions that should apply to their access to PHI.
1
|
| Job Category |
Categoris of PHI
currently accessed |
Minimum PHI needed for job |
Current PHI accessed but not needed for job |
Conditions on access |
| e.g., Appointment Scheduler |
Entire medical record |
Demographic,Billing |
Clinical information |
Demographic and billing information may only be accessed for appointment scheduling purposes. |
| |
|
|
|
|
| |
|
|
|
|
| |
|
|
|
|
| |
|
|
|
|
| |
|
|
|
|
| |
|
|
|
|
| |
|
|
|
|
|
| |
|
THIS DOCUMENT IS PROVIDED AS GENERAL GUIDANCE AND DOES
NOT CONSTITUTE LEGAL ADVICE.
(Document provided to MIEC policyholders with permission from
Physician Insurers Association of America)
|
|
__________________________
1NOTE: This analysis will be different for every health care organization, depending on the various functions each job category performs. |
|
Return to MIEC HIPAA "Starter Kit" |