1. May a covered entity accept documentation of an external Institutional Review Board's (IRB) waiver of authorization for purposes of reasonably relying on the request as the minimum necessary?
2. Are business associates required to restrict their uses and disclosures to the minimum necessary? May a covered entity reasonable rely on a request from a covered entity's business associate as the minimum necessary?
3. Are providers required to make a minimum necessary determination to disclose to Federal or State agencies, such as the Social Security Administration (SSA) or its affiliated agencies, for individuals' applications for Federal or State benefits?
4. Won't the HIPAA Privacy Rule's minimum necessary restrictions impede the delivery of quality health care by preventing or hindering necessary exchanges of patient medical information among health care providers involved in treatment?
5. Is a covered entity required to apply the HIPAA Privacy Rule's minimum necessary standard to a disclosure of protected health information it makes to another covered entity?
6. Are business associates required to restrict their uses and disclosures to the minimum necessary? May covered entity reasonable rely on a request from a covered entity's business associate as the minimum necessary?
7. Must the HIPAA Privacy Rule's minimum necessary standard to be applied to uses or disclosure that are authorized by an individual?
8. Doesn't the HIPAA Privacy Rule minimum necessary standard conflict with the HIPAA transaction standards?
9. Do the HIPAA Privacy Rule's minimum necessary requirements prohibit medical residents, medical students, nursing students, and other medical trainees from accessing patient medical information in the course of their training?
10. How are covered entities expected to detemine what is the minimum necessary information that can be used, disclosed, or requested for a particular purpose?
11. In limiting access, are covered entities required to completely restructure existing workflow systems, including redesigning office space and upgrading computer systems, in order to comply with the HIPAA Privacy Rule's minimum necessary requirements?
12. Won't the HIPAA Privacy Rule's minimum necessary standard impede the ability of workers' compensation insurers, state administrative agencies, and employers to obtain the health information needed to pay injured or ill workers the benefits guaranteed them under state workers' compensation system?
13. A provider might have a patient's medical record that contains older portions of a medical record that were created by another previous provider. Will the HIPAA Privacy Rule permit a provider who is a covered entity to disclose a complete medical record even though portions of the record were created by other providers?
14. Does the HIPAA Privacy Rule strictly prohibit the use, disclosure, or request of an entire medical record? If not, are case-by-case justifications required each time the entire medical record is disclosed?
15. What happens when a health care provider believes that a request is seeking more than the minimum necessary protected health information?
16. Will health care provider's offices be allowed to continue using sign-in sheets in waiting rooms?
17. Do the minimum necessary requirements prohibit health care providers from maintaining patient medical charts at bedside, require that providers shred empty prescription vials, or require that X-ray light boards be isolated?
18. In limiting access, are health care providers required to completely restructure existing workflow systems, including redesigns of office space and upgrades of computer systems, in order to comply with the minimum necessary requirements?
19. Does the Privacy Rule strictly prohibit use, disclosure, or requests of an entire medical record? Does the rule prevent use, disclosure, or requests of entire medical records without case-by-case justification?
20. Doesn't the minimum necessary standard conflict with the Transactions standards? Does minimum necessary apply to the standard transactions?
21. Are health care providers required to make a minimum necessary determination to disclose to federal or state agencies, such as the Social Security Administration (SSA) or its affiliated state agencies, for individuals' applications for federal or state benefits?
22. Must minimum necessary be applied to disclosures to third parties that are authorized by an individual?
23. Do the minimum necessary requirements prohibit medical residents, medical students, nursing students, and other medical trainees from accessing patients' medical information in the course of their training?
24. Won't the minimum necessary restrictions impede the delivery of quality health care by preventing or hindering necessary exchanges of patient medical information among health care providers involved in treatment?
25. How are health care providers expected to determine what is the minimum necessary information that can be used, disclosed, or requested for a particular purpose?
26. What is a health care provider's "minimum necessary" duty?
27. Are there any situations in which the "minimum necessary" rule does not apply?