Is a covered entity required to apply the HIPAA Privacy Rules minimum necessary standard to a disclosure of PHI it makes to another covered entity?
Covered entities are required to apply the minimum necessary standard to their own requests for PHI. One covered entity may reasonably rely on another covered entity’s request as the minimum necessary, and then does not need to engage in a separate minimum necessary determination. However, if a covered entity does not agree that the amount of information requested by another covered entity is reasonably necessary for the purpose, it is up to both covered entities to negotiate a resolution of the dispute as to the amount of information needed. Nothing in the Privacy Rule prevents a covered entity from discussing its concerns with another covered entity making a request, and negotiating an information exchange that meets the needs of both parties. Such discussions occur today and may continue after the compliance date of the Privacy Rule.
Related Questions
- Is a covered entity required to apply the HIPAA Privacy Rules minimum necessary standard to a disclosure of protected health information it makes to another covered entity?
- Is a covered entity required to apply the HIPAA Privacy Rules minimum necessary standard to a disclosure of PHI it makes to another covered entity?
- Doesnt the HIPAA Privacy Rule minimum necessary standard conflict with the HIPAA transaction standards?
