Oklahoma Department of Human Services (OKDHS) limits request for, use of, and disclosure of protected health information (PHI) to that which is reasonably necessary to accomplish the intended purpose of the use or disclosure.  This minimum necessary standard will not be used to impede the essential activities of treatment, payment, or health care operations.

• (1) The minimum necessary standard applies to:
• (A) the use of PHI within OKDHS.  Employees who:
• (i) do not need PHI to perform their job duties must not access PHI; and
• (ii) need PHI to perform their job duties must access PHI to the least extent necessary;
• (B) disclosure of PHI to a third party in response to a request; and
• (C) the request of PHI from another covered entity.
• (2) The minimum necessary standard does not apply to:
• (A) disclosures to or requests by a health care provider for treatment;
• (B) disclosures made to the individual;
• (C) disclosures made in accordance with a valid authorization;
• (D) disclosures made to the United States Secretary of Health and Human Services for the purposes of compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule; or
• (E) uses or disclosures that are required by law.