Statutes, codes, and regulations
West Virginia Administrative Code
Agency 65 - Health Care AuthorityTitle 65 - LEGISLATIVE RULE HEALTH CARE AUTHORITY
Series 65-28 - West Virginia Health Information Network Rule
Section 65-28-11 - Minimum Necessary

W. Va. Code R. § 65-28-11

Download
PDF
Current through Register Vol. XLI, No. 50, December 13, 2024
Section 65-28-11 - Minimum Necessary
11.1 The HIPAA privacy rules apply a "minimum necessary' standard to many types of disclosures and uses of protected health information. This standard essentially means that a covered entity or business associate must make reasonable efforts to limit the disclosure and use of protected health information to the minimum necessary to accomplish the purpose of the proposed disclosure and use.
11.1.a. The minimum necessary standard is subject to certain exceptions:
11.1.a.1. The minimum necessary standard shall not apply to any disclosures and uses of protected health information for the permissible purposes of treatment or emergency treatment;
11.1.a.2. The minimum necessary standard shall not apply to disclosures and uses of protected health information pursuant to a signed authorization by the patient; and
11.1.a.3. The minimum necessary standard shall not apply to disclosures of protected health information pursuant to a patient's request for access to his or her own protected health information, such as through a Network patient portal on the Network's health information exchange.
11.2. The Network shall not apply the minimum necessary standard to any of the exceptions in subdivision 11.1.a. of this section under its health information exchange.
11.3. Participating organizations shall limit their inquiry for protected health information under the Network to the minimum necessary when required under the HIPAA privacy rules.
11.4. The Network shall rely upon the reasoned judgment and representations of a participating organization seeking access to protected health information as complaint with the minimum necessary standard under HIPAA privacy rules.
11.5. The Network may develop standard protocols or data fields which are designed to disclose only the minimum necessary amount of protected health information to accomplish a permissible purpose. For example, only those data fields required or authorized by federal or West Virginia law to comply with a public health reporting requirement may be employed by the Network to accomplish this reporting. The Network may investigate other permissible purposes for which standard protocols or data fields designed to disclose only the minimum necessary amount of protected health information may be developed.

W. Va. Code R. § 65-28-11