Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:HIPAA Privacy Rule
Slide content:Authorizations Providers must obtain authorization before using PHI for purposes other than TPO They may not condition treatment on an individuals authorization Covered entities must make reasonable safeguards to limit the use or disclosure of PHI to the minimum amount necessary Non-treatment disclosure governed by Minimum Necessary standard (HHS, 2003) 13
Slide notes:The HIPAA Privacy Rule requires that an authorization be obtained for the use of PHI for purposes other than for TPO. The covered entity is not allowed to condition treatments of the patient on whether or not an individual gives authorization for use of PHI beyond TPO. When covered entities release PHI, reasonable safeguards must be in place to limit the use to the minimum necessary standard, as defined by the statute from the HHS Office for Civil Rights. 13