HIPAA Policy Section 7.3: Requests to Amend PHI

Document Description

An Individual has the right to request an amendment to the Individual’s PHI in a Designated Record Set. System shall comply with any notice of amendment of PHI received from a Covered Entity that is System’s source of such PHI.

7.3(1) Individual’s Right to Request Amendment to Designated Record Set

System shall permit an Individual or, in accordance with Section 4.12 of this Manual, the Personal Representative of an Individual to make written requests for amendment of the Individual’s PHI contained in System’s Designated Record Set, provided that the request includes a reason in support of the amendment. If an Individual either orally notifies System of his or her desire to request an amendment or does not include a reason in the written request, the Privacy Officer shall give the individual a copy of the form Request for Amendment of Protected Health Information included in the Appendix to this Manual, to facilitate the Individual’s ability to make a written, complete request.

7.3(2) Review of Request for Amendment

The Privacy Officer shall be responsible for receiving and processing requests for amendment of PHI by Individuals. The Privacy Officer shall have ultimate authority regarding whether such requests will be granted or denied. Upon receipt of a written request for amendment of PHI with a supporting reason, the Privacy Officer shall review the applicable portion of the individual’s PHI in the Designated Record Set and determine whether the request for amendment will be granted, in whole or in part. A request may be denied, in whole or in part, only under all or some of the following circumstances:

  1. the PHI (or portion thereof) subject to the request would not be made available if the individual had requested access to such PHI under the terms of Section 7.2(5) of this Manual;
  2. the PHI (or portion thereof) subject to the request is not part of a System Designated Record Set;
  3. the PHI (or portion thereof) subject to the request was not created by System or a Business Associate, and the Individual has not provided a reasonable  basis to believe that the originator of the PHI is no longer available to act on the requested amendment; or
  4. the PHI (or portion thereof) subject to the request is currently accurate and complete.

7.3(3) Time Period for Responding to a Request for Amendment

System shall respond to a request for amendment within 60 days after receipt of the written request. This deadline may be extended once for up to 30 days if System is unable to comply with the applicable deadline; provided, however, that System shall, within the original time period, notify the individual in writing of the extension, the reason therefor, and the date by which System will respond.

7.3(4) Granting the Amendment

To the extent a request for amendment is granted, System shall, within the period of time described in subsection 7.3(3) of this section:

  1. make the appropriate amendment to the PHI either by marking each occurrence of the PHI with a link to the amendment or by correcting the PHI, such amendment becoming part of the Designated Record Set. If PHI is corrected, the time and date of the correction shall be indicated. Existing records shall not be altered in a manner that makes the original entry unreadable, except that incorrectly filed information may simply be moved to the correct Individual’s file;
  2. identify each person, including Business Associates, that System knows to have the PHI and that may have relied, or could foreseeably rely, on such PHI to the detriment of the individual; and
  3. notify the Individual in writing that the amendment has been made, of all identified persons it has identified in paragraph (b), and that System will make reasonable efforts to provide the amendment within a reasonable time to the identified persons.

7.3(5) Denying the Amendment.

To the extent a request for amendment is denied, System shall, within the period of time described in subsection 7.3(3) of this Section:

  1. notify the Individual, in writing, of such denial which shall include the following information: (i) the basis for the denial; (ii) a statement that notifies the individual of the right to submit a written statement disagreeing with the denial; (iii) a description of how to file such statement of disagreement; (iv) the right, if the individual does not submit a statement of disagreement, to request that System provide both the request and System’s denial as part of any future  Disclosures of the PHI; and, (v) a description of how the Individual may complain to System Aor to the Secretary.
  2. SystemshallpermittheIndividualtosubmitawrittenstatementdisagreeing with the denial and containing the basis for such disagreement. System may reasonably limit the length of a statement of disagreement. After receiving a statement of disagreement from an Individual, System may prepare a written rebuttal, in which case System shall provide a copy of the written rebuttal to the individual. System shall include the request for amendment, the denial, any statement of disagreement, and any rebuttal in the Designated Record Set, linked to the PHI that is the subject of the denied amendment.

7.3(6) Receiving a Notice of Amendment From a HIPAA Covered Entity

  1. If System is informed by another Covered Entity of an amendment to an individual’s PHI that System maintains in a Designated Record Set and received from the Covered Entity, System shall make the appropriate amendment to the PHI either by: (i) marking each occurrence of the PHI with a link to the amendment; or, (ii) correcting the PHI. If PHI is corrected, the time and date of the correction shall be indicated. Existing records shall not be altered in a manner that makes the original entry unreadable, except that incorrectly filed information may simply be moved to the correct Individual’s file.
  2. All such amendments become part of the Designated Record Set
  3. System shall communicate such amendment to any Business Associate who also possesses the PHI.

7.3(7) Future Disclosures

  1. To the extent System grants an Individual’s requested amendment or complies with a Covered Entity’s notice of amendment, any future Disclosure of the PHI that is subject to the amendment shall include the amendment.
  2. To the extent System denies an individual’s requested amendment and the Individual submits a statement of disagreement, any future Disclosure of the PHI that is the subject of the denied amendment that is not a standard transaction, shall include the following documents (or a summary thereof): the requested amendment, the denial, the statement of disagreement, and System’s rebuttal, if any; or, in lieu of submitting a statement of disagreement, the individual requests that inclusion of the requested amendment and the denial, any future Disclosure of the PHI shall include such documents or a summary thereof: the requested amendment and the denial.

7.3(8) Documentation of Requests for Amendment and Notices of Amendment.

For each request for amendment, System shall retain, as applicable, the documentation described in this Section, including any notice amendment and documentation of the amendments made pursuant to the notice in accordance with Section 9.2 of this Manual.

REFERENCES/CITATIONS

45 C.F.R. § 164.526

65 Fed. Reg. at 82,558-59, 82,736-38 (Dec. 28, 2000)

Details

Release Date

Responsible Office(s)

Employee Benefits

Document Type

HIPAA

Related