tsrl01 Posted April 7, 2011 Posted April 7, 2011 I am trying to find specifically in the regs/guidance where it provides, in essence, that just because a person is "behind the firewall" and works for the plan, it doesn't mean that person has the right to any and all information about individuals. I need to point to the fact that they are only entitled to information they need to do their job.. The best I can come up with is the minimum necessary requirement. Any other ideas and/or suggestions?
Chaz Posted April 7, 2011 Posted April 7, 2011 You may want to take a look at 45 CFR 164.502(a), which is I think where the regs spell out the permitted uses and disclosures of PHI (e.g., for TPO purposes). These permitted disclosures are limited by the minimum necessary standard as you state, except in limited circumstances.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now