Legal & EthicalQuestion 170 of 200

Under HIPAA's 'minimum necessary' standard (45 CFR §164.502(b)), a CNA should access protected health information (PHI):

a.Only to the extent needed to perform their assigned job duties for assigned residents
b.For any resident in the facility out of curiosity
c.For coworkers as a courtesy
d.Whenever a family member or friend requests it

Explanation

HIPAA's minimum necessary standard (45 CFR §164.502(b)) requires covered entities to limit uses, disclosures, and requests for PHI to the minimum necessary to accomplish the intended purpose. A CNA accesses only the records of assigned residents and only the information needed to provide care. Browsing charts for non-assigned residents (b), looking up coworkers (c), or sharing with unauthorized friends/family (d) is a HIPAA violation, grounds for termination, and may carry civil penalties up to $50,000 per violation (max ~$1.5M/yr) and criminal penalties up to $250,000 and 10 years for malicious disclosure under 42 USC §1320d-6.

Law Reference: HIPAA 45 CFR §164.502(b)

Practice all 200 questions free — no signup required.

Related questions on this topic

Last reviewed: · editorial process

PrepPass Editorial Team · Verified against California CNA Certification Exam · How we review
Report