Appropriate Safeguards to Protect Data - Limit Disclosure, v1.0

Specifies that a covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information by limiting disclosure to required or permitted uses.
A covered entity that is a group health plan is not subject to the standards or implementation specifications in this trustmark, but see Section 164.530(k) for specific exclusions.

Assessment Step

1
Limit PHI Disclosures (LimitPHIDisclosures)
Does the covered entity have policies and procedures to reasonably safeguard protected health information to limit incidental uses or disclosures made pursuant to an otherwise permitted or required use or disclosure?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
The covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.

Conformance Criteria (1)

Appropriate PHI Safeguards
The covered entity must reasonably safeguard protected health information to limit incidental uses or disclosures made pursuant to an otherwise permitted or required use or disclosure.
Citation
HIPAA-Privacy-Rule
45 CFR Section 164.530(c)(2)(ii)