OAR 407-014-0040
Minimum Necessary Standards

(1)

The Department shall limit the use and disclosure of protected information to that which is reasonably necessary to accomplish the intended purpose of the use or disclosure which is referred to in these rules as the minimum necessary standard.

(2)

This minimum necessary standard is not intended to impede essential Department activities.

(3)

The minimum necessary standard applies:

(a)

When using protected information within the Department;

(b)

When disclosing protected information to a third party in response to a request; or

(c)

When requesting protected information from another covered entity.

(4)

The minimum necessary standard does not apply to:

(a)

Disclosures to or requests by a health care provider for treatment;

(b)

Disclosures made to the individual, including disclosures made in response to a request for access or an accounting;

(c)

Disclosures made with a valid authorization;

(d)

Disclosures made to DHHS for the purposes of compliance and enforcement of federal regulations under 45 CFR part 160 and required for compliance with 45 CFR part 164; or

(e)

Uses and disclosures required by law;

(5)

When requesting protected information about an individual from another entity, the Department shall limit requests to those that are reasonably necessary to accomplish the purposes for which the request is made. The Department shall not request a person’s entire medical record unless the Department can specifically justify the need for the entire medical record.

Source: Rule 407-014-0040 — Minimum Necessary Standards, https://secure.sos.state.or.us/oard/view.action?ruleNumber=407-014-0040.

407–014–0000
Definitions 407–014–0010
Purpose 407–014–0015
Information Governed by the HIPAA Privacy Rules 407–014–0020
Uses and Disclosures of Client or Participant Protected Information 407–014–0030
Client Privacy Rights 407–014–0040
Minimum Necessary Standards 407–014–0050
Business Associate 407–014–0060
Uses and Disclosures of Protected Information for Research Purposes 407–014–0070
De-identification of Client Information and Use of Limited Data Sets under Data Use Agreements 407–014–0200
Confidentiality and Inadmissibility of Mediation Communications 407–014–0205
Confidentiality and Inadmissibility of Workplace Interpersonal Dispute Mediation Communications 407–014–0300
Scope 407–014–0305
Definitions 407–014–0310
Information Access 407–014–0315
Security Information Assets 407–014–0320
User Responsibility

Last Updated

Jun. 8, 2021

Rule 407-014-0040’s source at or.us

Stay Connected

Join thousands of people who receive monthly site updates.

Get Legal Help

The Oregon State Bar runs a service for finding an attorney in good standing. Initial consultations are usually free or discounted: Lawyer Referral Service

Committed to Public Service

We will always provide free access to the current law. In addition, we provide special support for non-profit, educational, and government users. Through social entrepreneurship, we’re lowering the cost of legal services and increasing citizen access.

Navigate

California:	Codes
Colorado:	C.R.S.
Nevada:	NRS
New York:	Laws
Oregon:	OAR, ORS
Texas:	Statutes
World:	Rome Statute, International Dictionary

Location: https://oregon.public.law/rules/oar_407-014-0040

Original Source: Rule 407-014-0040 — Minimum Necessary Standards, https://secure.sos.state.or.us/oard/view.action?ruleNumber=407-014-0040 (last accessed Jun. 8, 2021).

OAR 407-014-0040 Minimum Necessary Standards

(1)

(2)

(3)

(a)

(b)

(c)

(4)

(a)

(b)

(c)

(d)

(e)

(5)

OAR 407-014-0040
Minimum Necessary Standards