What does the 'minimum necessary' standard require under HIPAA and HITECH?
-
A
Only the minimum amount of PHI needed to accomplish the intended purpose should be used, disclosed, or requested
-
B
Covered entities must maintain the minimum number of EHR systems to reduce risk exposure
-
C
Business associates must retain only the minimum records required by their contracts
-
D
Covered entities must provide regulators with only the minimum documentation requested