Department of Health and Human Services (HHS) uses "minimum necessary" standard to expand breach enforcement. A statement in the preamble to the breach notification interim final regulations puts all non-conforming disclosures of Protected Health Information (PHI) at risk.
