Health Insurance Portability & Accountability Act (HIPAA)

To which situation(s) does the principle of "maximum necessary use and disclosure" not apply?

- Disclosures to a healthcare provider for treatment - Disclosures to the patient upon request - Disclosures authorized by the patient - Disclosures necessary to comply with other laws - Disclosures to the Dept. of Health and Human Services (HHS) for a compliance investigation, review, or enforcement.

If an individual's PHI has been breached, what must be done according to HIPAA?

The individual must be notified by the person or entity holding the information that their PHI was exposed. This is the "HIPAA Breach Notification Rule."

When using or disclosing PHI, what principle should you keep in mind?

The principle of "minimum necessary use and disclosure."

What is the purpose of Health Insurance Portability and Accountability Act of 1996?

To protect the privacy of individual health information (referred to in the law as "protected health information" or "PHI").

Does HIPAA set standards for protecting electronic PHI, such as electronic medical records (EMR)?

Yes.