Confidential information: Setting the minimum necessary
Physicians, nurses, therapists, dietitians, and others use confidential information about patients to determine how to treat them, but they are not the only ones who access such data. Coders and billing department employees use confidential information to bill patients, their insurance companies, Medicare, or Medicaid for services. Staff performing quality assurance or performance improvement activities review confidential information to make sure patients are receiving high-quality care. Transcriptionists must access information to transcribe it, and scanners will unavoidably access information in the course of doing their jobs.
Confidential information includes all identifying information patients provide and information about their treatment, in any format (written or verbal), including the following:
- Address
- Age
- Diagnoses
- Medical history
- Medications
- Name
- Observations of health status
- Photographs that include faces
- Social Security number
The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare employees to use or share only the “minimum necessary” information they “need to know” to do their jobs. For example, a coder needs to look at the entire record of a patient’s hospital stay to apply all the correct codes. However, perusing the correspondence section of the record is unnecessary and inappropriate.
Remind staff to ask themselves before handling any patient information: Do I need to know this to do my job? Do I need to share this information with my colleague to get the job done? What is the least amount of information I need to access or share to do my job? Use this sample form to help set a minimum necessary policy for your organization:
Click here to download the sample form
Editor’s note: This article was adapted from The Contemporary Guide to Health Information Management.