The HIPAA Rules require that when a HIPAA-covered entity (a provider, plan or clearinghouse) or a business associate of a covered entity uses or discloses protected health information (“PHI”), or when it requests PHI from another covered entity or business associate, the covered entity or business associate must make “reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.”<\/p>\n
Click here<\/a> to read more about the HIPAA “minimum necessary” standard\u2014one of the most essential, yet vague, aspects of the HIPAA Rules.<\/p>\n <\/p>\n Duane Morris is issuing a series of Alerts<\/em> on the 2013 HIPAA Amendments. In addition to our Overview Summary<\/a>, please see the in-depth Alerts<\/em> already distributed by the firm on changes under the 2013 Amendments to the definition of a business associate<\/a> and changes to the breach notification<\/a> requirements. We will continue to issue Alerts<\/em> on discrete HIPAA topics.<\/p>\n","protected":false},"excerpt":{"rendered":" The HIPAA Rules require that when a HIPAA-covered entity (a provider, plan or clearinghouse) or a business associate of a covered entity uses or discloses protected health information (“PHI”), or when it requests PHI from another covered entity or business associate, the covered entity or business associate must make “reasonable efforts to limit protected health … <\/p>\n