FAQ 211 Are providers required to make a minimum necessary determination to disclose to Federal or state agencies, such as the Social Security Administration (SSA) or its affiliated agencies, for individuals' applications for federal or state benefits?
This is a HIPAA FAQ on disclosures for federal and state benefits applications.
Final
Issued by: Office for Civil Rights (OCR)
Are providers required to make a minimum necessary determination to disclose to Federal or state agencies, such as the Social Security Administration (SSA) or its affiliated agencies, for individuals' applications for federal or state benefits?
Answer:
No. These disclosures must be authorized by an individual and, therefore, are exempt from the HIPAA Privacy Rule’s minimum necessary requirements. Furthermore, use of the provider’s own authorization form is not required. Providers can accept an agency’s authorization form as long as it meets the requirements of 45 CFR 164.508 of the Privacy Rule.
HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.
DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.