It is the policy of SPWA Services, LLC to comply with the Privacy Rule set forth in the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). All agency staff shall ensure that its policies and procedures are consistent with this organization-wide policy and procedure.
GUIDING PRINCIPLE OF THE PRIVACY RULE
The basic tenet of the Privacy Rule is that providers may use and disclose PHI without the individual’s authorization only for treatment, payment, and health care operations, as well as certain public interest related purposes such as public health reporting. Other uses and disclosures of PHI generally require the written authorization of the individual.
The Privacy Rule also introduces the concept of minimum necessary. This requirement mandates that when using or disclosing PHI, or when requesting PHI from external providers or entities, providers will make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose. The Privacy Rule does recognize that providers may need to use all of an individual’s health information in the provision of client management. However, access to PHI by the workforce must be limited based on job scope and the need for the information.