FAQs Categories

Authorizations (30)
Business Associates (42)
Compliance Dates (2)
Covered Entities (14)
Decedents (8)
Disclosures for Law Enforcement Purposes (7)
Disclosures for Rule Enforcement (2)
Disclosures in Emergency Situations (2)
Disclosures Required by Law (6)
Disclosures to Family and Friends (28)
Disposal of Protected Health Information (6)
Facility Directories (7)
Family Medical History Information (3)
FERPA and HIPAA (10)
Group Health Plans (2)
Health Information Technology (41)
Incidental Uses and Disclosures (10)
Judicial and Administrative Proceedings (8)
Limited Data Set (5)
Marketing (18)
Marketing - Refill Reminders (16)
Mental Health (35)
Minimum Necessary (14)
Notice of Privacy Practice (20)
Personal Representatives and Minors (13)
Preemption of State Law (10)
Privacy Rule: General Topics (12)
Protected Health Information (2)
Public Health Uses and Disclosures (14)
Research Uses and Disclosures (20)
Right to Access and Research (58)
Right to an Accounting of Disclosures (8)
Right to File a Complaint (1)
Right to Request a Restriction (2)
Safeguards (13)
Security Rule (25)
Smaller Providers and Businesses (148)
Student Immunizations (8)
Transition Provisions (3)
Treatment, Payment, and Health Care Operations Disclosures (30)
Workers Compensation Disclosures (5)

Must the HIPAA Privacy Rule's minimum necessary standard to be applied to uses or disclosures that are authorized by an individual?

Answer:

No. Uses and disclosures that are authorized by the individual are exempt from the minimum necessary requirements. For example, if a covered health care provider receives an individual’s authorization to disclose medical information to a life insurer for underwriting purposes, the provider is permitted to disclose the information requested on the authorization without making any minimum necessary determination. The authorization must meet the requirements of 45 CFR 164.508.

Date Created: 12/19/2002

Content created by Office for Civil Rights (OCR)
Content last reviewed on March 1, 2016

FAQs Categories

Must the HIPAA Privacy Rule's minimum necessary standard to be applied to uses or disclosures that are authorized by an individual?

Answer:

Connect With OCR

Office for Civil Rights Headquarters