42 U.S. Code § 17935 - Restrictions on certain disclosures and sales of health information; accounting of certain protected health information disclosures; access to certain information in electronic format
Subject to subparagraph (B), a covered entity shall be treated as being in compliance with section 164.502(b)(1) of title 45, Code of Federal Regulations, with respect to the use, disclosure, or request of protected health information described in such section, only if the covered entity limits such protected health information, to the extent practicable, to the limited data set (as defined in section 164.514(e)(2) of such title) or, if needed by such entity, to the minimum necessary to accomplish the intended purpose of such use, disclosure, or request, respectively.
Not later than 18 months after February 17, 2009, the Secretary shall issue guidance on what constitutes “minimum necessary” for purposes of subpart E of part 164 of title 45, Code of Federal Regulation. In issuing such guidance the Secretary shall take into consideration the guidance under section 17953(c) of this title and the information necessary to improve patient outcomes and to detect, prevent, and manage chronic disease.
Subparagraph (A) shall not apply on and after the effective date on which the Secretary issues the guidance under subparagraph (B).
The exceptions described in section 164.502(b)(2) of title 45, Code of Federal Regulations, shall apply to the requirement under paragraph (1) as of the effective date described in section 13423  in the same manner that such exceptions apply to section 164.502(b)(1) of such title before such date.
The Secretary shall promulgate regulations on what information shall be collected about each disclosure referred to in paragraph (1), not later than 6 months after the date on which the Secretary adopts standards on accounting for disclosure described in the section 300jj–12(b)(2)(B)(iv) of this title, as added by section 13101.2 Such regulations shall only require such information to be collected through an electronic health record in a manner that takes into account the interests of the individuals in learning the circumstances under which their protected health information is being disclosed and takes into account the administrative burden of accounting for such disclosures.
Except as provided in paragraph (2), a covered entity or business associate shall not directly or indirectly receive remuneration in exchange for any protected health information of an individual unless the covered entity obtained from the individual, in accordance with section 164.508 of title 45, Code of Federal Regulations, a valid authorization that includes, in accordance with such section, a specification of whether the protected health information can be further exchanged for remuneration by the entity receiving protected health information of that individual.
Paragraph (1) shall apply to exchanges occurring on or after the date that is 6 months after the date of the promulgation of final regulations implementing this subsection.
 So in original. Probably should be “Regulations.”
 See References in Text note below.
 So in original.
 So in original. Probably should be “a”.
 So in original. Probably should be “than”.
Section 300jj–12(b)(2)(B)(iv) of this title, as added by section 13101, referred to in subsec. (c)(2), means section 300jj–12(b)(2)(B)(iv) of this title as added by section 13101 of div. A of Pub. L. 111–5. Section 300jj–12 of this title was repealed by Pub. L. 114–255, div. A, title IV, § 4003(e)(1), Dec. 13, 2016, 130 Stat. 1168. Similar provisions as pertaining to the HIT Advisory Committee are contained in section 300jj–12(b)(2)(B)(ii) of this title as enacted by Pub. L. 114–255.
2016—Subsec. (e)(2), (3). Pub. L. 114–255 added par. (2) and redesignated former par. (2) as (3).
LII has no control over and does not endorse any external Internet site that contains links to or references LII.