This was one of the questions addressed in the guidance to the Privacy Regulations released 12/3/02:
Q: Doesn't the HIPAA Privacy Rule's minimum necessary standard conflict with the HIPAA transactions standards? A: No, because the Privacy Rule exempts from the minimum necessary standard any uses or disclosures that are required for compliance with the applicable requirements of the transactions standards, including disclosures of all data elements that are required or situationally required in those transactions. See 45 CFR 164.502(b)(2)(vi). However, covered entities have significant discretion as to the information included in the transactions as optional data elements. Therefore, the minimum necessary standard does apply to the optional data elements. The transactions standard adopted for the outpatient pharmacy sector is an example of a standard that uses optional data elements. The health plan, or payer, currently specifies which of the optional data elements are needed for payment of its particular pharmacy claims. The health plan or its business associates must apply the minimum necessary standard when requesting this information. In this example, a pharmacist may reasonably rely on the health plan's request for information as the minimum necessary for the intended disclosure. For example, as part of a routine protocol, the name of the individual may be requested by the payer as the minimum necessary to validate the identity of the claimant or for drug interaction or other patient safety reasons. Regards, Connie Hein Senior Consultant PCI: e-commerce for healthcare ----- Original Message ----- From: "Jonathan Fox" <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Sent: Wednesday, March 05, 2003 1:04 PM Subject: Minimum necessary > Now that Privacy is right around the corner, a lot of people are > re-examining some of the Transactions work that has been done. > > Here is a question that has privacy (minimum necessary) implications. > > A provider performs an eligibility inquiry with their local HMO. The > HMO responds with yes the member is eligible and here is a list of their > benefits. Clearly, the minimum requirements of the functionality of the > transaction have been met, but how far can a payer go in giving > additional information (COB, HIC number, Group Number, Plan Number, etc, > before you cross the minimum necessary (privacy) line. > > Certainly, many of these pieces of information are not needed to get a > claim paid by that payer. Is it the > responsibility of the payer and/or is it within their right to divulge > information about other policies they may have. > > This is not a question about transaction functionality, as the > transaction clearly accommodates this data, but there seems to be a > slight contradiction with the minimum necessary clause of the Privacy > rule. > > Thoughts please??? > > Jonathan Fox > Independent Health > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] > If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org > > --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
