How much do you know about the minimum necessary standard? More importantly, how much
1. You must make a reasonable effort to limit employees’ access to protected health information
2. A patient’s health plan calls to request protected health information to complete processing on
3. A case worker from Social Services suspects that a particular patient has been a victim of child
4. A life insurer requests protected health information about an individual for underwriting
5. A physician refers a patient to a cardiologist for further treatment. The cardiologist wants more
Editor’s note: To learn more about HIPAA University, visit Siemens HIPAA Central Web site at
do your receptionists, billers, coders and clerical staff know?
The minimum necessary standard will cause more than a few changes for frontline health
information handlers — and experts say one of the best ways to prepare them is to give them a quiz.
Siemens Health Services, developers of the copywrited HIPAA University online education for health
care organizations, offers these sample questions to determine if your team is up to speed. (Correct
answers are in bold.)
to only what they need to know to perform their job duties, while still permitting doctors, nurses, and
other treatment providers full access to medical records.
a. True
b. False
a claim. How should you respond to the request?
a. Send the patient’s entire medical record to the health plan so the health plan can obtain the
information it needs.
b. Determine what specific protected health information is needed to process the claim and send
only that information to the health plan.
c. Delay the health plan’s request until authorization is obtained from the patient.
abuse, and requests protected health information about that patient. The information request seems
reasonable. How should you respond to the request?
a. Confirm only that the child is a patient at your institution.
b. Give the case worker full access to the child’s medical record.
c. Provide the case worker with the protected health information she has requested.
purposes. The individual has authorized disclosure of her protected health information for this purpose.
How should you respond to the request?
a. Send the individual’s entire medical record to the life insurer.
b. Determine what information is minimally necessary to satisfy the life insurer’s request.
c. Provide the protected health information specified on the individual’s authorization, without
making a minimum necessary determination.
information about the patient’s history and requests his entire medical record. What do you do?
a. Refuse the request until authorized by the patient.
b. Determine the minimal amount of information the cardiologist actually needs.
c. Since it is for treatment purposes, honor the cardiologist’s request and send the entire
medical record.
http://www.smed.com/hipaa and click on the link to HIPAA University.