HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



HIPAA Q&A: Minimum necessary

Email This Post Print This Post

questionSubmit your HIPAA questions to Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com and we will work with our experts to provide the information you need.

Q: You are reviewing a computer-generated insurance claim before it is sent to the insurance carrier, and you notice the patient’s name on the claim—it’s an old friend of yours. You quickly read the claim for the diagnosis. Is this a breach of confidentiality?

A: Yes, it is, unless you need to know that information to do your job. HIPAA requires us to access only the minimum we need to know to do our jobs. If you don’t need to know your friend’s diagnosis, you shouldn’t look at it.

If you do see it, remember that you may never share with anyone, including your friend, what you have seen. This knowledge can be a heavy burden, but it is our ethical and legal obligation not to share any ­information we obtain in the course of doing our work in healthcare.

Editor’s note: Chris Simons, MS, RHIA, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, New Hampshire, answered this question for HCPro’s Medical Records Briefing. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Categories : HIPAA Q&A

Leave a Reply