Part of ensuring an effective Information System Security Program is the active monitoring and risk assessment of systems that contain Protected Health Information. Recent assessment of the Member Search function of CIM has revealed certain user practices that require us to review the type of information being displayed in order to adhere to Minimum Necessary requirements under HIPAA. As a result of that review, we are making the changes described below to the display of covered relationships in CIM.
Note: this change primarily affects commercial plans. Medicaid and Medicare policies to not typically have covered relationships.
- Covered dependents will only be displayed if the user has access to the carrier to which the dependent is attached
- When viewing a dependent, only the subscriber will be displayed in covered relationships. No other covered relationships will be displayed