LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH
  Policy 500.03 Minimum Necessary Requirements For Using And Disclosing Protected Health Information
 
  PROCEDURES
  1. In accordance with DMH Policy 550.04, each workforce member shall complete and submit the required authorization form permitting access to the electronic health record system.
      
  2. DMH may reasonably rely on a requested disclosure as the minimum necessary when:
     
    1. Making disclosures to public officials as required by law if the public official represents that the information requested is the minimum necessary for the stated purpose.
       
    2. The information is requested by another covered entity.
       
    3. The information is requested by a workforce member for the purpose of mental health service care operations, treatment, or financial payments for a mutual client.
       
    4. Documentation submitted by a researcher that the information is preparatory to research, related to research on a decedent, or the disclosure has been approved by the Institutional Review Board (IRB).
       
  3. Routine Requests: DMH programs shall implement standard protocols to limit the PHI requested on a routine or recurring basis.
     
  4. Non-Routine Requests: DMH programs shall designate a workforce member to be responsible for reviewing all non-routine requests (those that do not occur on a day-to-day basis as part of treatment, payment, or health care operation activities).
     
    1. Any questions regarding the propriety of a particular request shall be submitted to the DMH Privacy Officer.
       
    2. When considering non-routine disclosures, the following criteria must be considered:
       
      1. The reason for the request;
         
      2. Any potential harm that would result to the client, DMH, or any other third party as a result of the request;
         
      3. The relevancy of the information requested; and
         
      4. Other applicable State and federal laws and regulations.