Legal & EthicalQuestion 170 of 200
Under HIPAA's 'minimum necessary' standard (45 CFR §164.502(b)), a CNA should access protected health information (PHI):
a.Only to the extent needed to perform their assigned job duties for assigned residents
b.For any resident in the facility out of curiosity
c.For coworkers as a courtesy
d.Whenever a family member or friend requests it
Explanation
HIPAA's minimum necessary standard (45 CFR §164.502(b)) requires covered entities to limit uses, disclosures, and requests for PHI to the minimum necessary to accomplish the intended purpose. A CNA accesses only the records of assigned residents and only the information needed to provide care. Browsing charts for non-assigned residents (b), looking up coworkers (c), or sharing with unauthorized friends/family (d) is a HIPAA violation, grounds for termination, and may carry civil penalties up to $50,000 per violation (max ~$1.5M/yr) and criminal penalties up to $250,000 and 10 years for malicious disclosure under 42 USC §1320d-6.
Law Reference: HIPAA 45 CFR §164.502(b)Practice all 200 questions free — no signup required.
Related questions on this topic
- Which of the following is OUTSIDE a California CNA's scope of practice?
- A nurse asks a CNA to start an IV on a new admission because the unit is short-staffed. The CNA should:
- Why is the documentation principle 'not documented = not done' important?
- Under HIPAA 45 CFR §164.512, a CNA may disclose PHI WITHOUT the resident's written authorization in which situation?
- A resident asks the CNA for a copy of her own medical record. The correct CNA response is:
- A CNA posts a TikTok video taken in the nursing facility hallway. Two residents appear in the background, identifiable by face. This is:
Last reviewed: · editorial process
PrepPass Editorial Team · Verified against California CNA Certification Exam · How we review