Privacy Issues in Mental Health and Substance Abuse Treatment: Information Sharing Between Providers and Managed Care Organizations: Final Report. A. The "Minimum Necessary" Principle

01/17/2003

The Standards for Privacy of Individually Identifiable Health information (45 CFR parts 160 and 164), published by the U.S. Department of Health and Human Services under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (PL 104-191), state that entities subject to the regulation (including MCOs) “must…limit the request for protected health information to the information reasonably necessary to accomplish the purpose for which the request is made,” (§ 164.514(d)(4)).  This language reflects both the need to accommodate the range of MCO payment and operational activities and the lack of consensus and models on which to base more specific language and the absence of policymaker consensus as to how to resolve the tradeoff between meeting this need and the patient need for confidentiality.  By itself, therefore, the new requirement is unlikely to resolve the continuing tension between providers and managed care firms regarding how much information to make available to MCOs or other third parties.

View full report

Preview
Download

"MHPrivacy.pdf" (pdf, 768.25Kb)

Note: Documents in PDF format require the Adobe Acrobat Reader®. If you experience problems with PDF documents, please download the latest version of the Reader®

View full report

Preview
Download

"appen-b.pdf" (pdf, 224.4Kb)

Note: Documents in PDF format require the Adobe Acrobat Reader®. If you experience problems with PDF documents, please download the latest version of the Reader®

View full report

Preview
Download

"appen-c.pdf" (pdf, 2.22Mb)

Note: Documents in PDF format require the Adobe Acrobat Reader®. If you experience problems with PDF documents, please download the latest version of the Reader®