Minimum Necessary Uses of PHI
For internal uses of PHI, your organization has identified which employees need access to PHI to do their jobs, and must limit their access to only the PHI necessary to carry out their duties.
Your organization has developed policies and procedures that identify the groups of people within your organization who need access to PHI to carry out their jobs, the types of PHI that each group of people need, and the conditions appropriate to such access.
For example, the types and amount of PHI that doctors need to carry out their job duties is different that the types and amounts of PHI that admissions staff members require. Therefore, your organization's policies and procedures allow different levels of access to PHI for doctors and admissions staff members. When a doctor logs on to a computer system, for example, the amount of protected health information accessible to that doctor will be diff erent than the amount of protected health information accessible to an admissions clerk logging on to the same computer system, using a different password.
To view your organization's policy regarding the Minimum Necessary Use of PHI, please click here.