• E-mail
• Print
• RSS

Is the privacy officer responsible for deciding whether amendments are approved or disapproved?

HIPAA Weekly Advisor, October 28, 2001

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q: The privacy regulation uses the words "covered entity" for those who decide whether amendments are approved or disapproved and for those who keep the records of these requests. Who should actually be the designated person for this task? Is this a privacy officer task, or should someone else be designated?

A: This is a medical records issue, and amendments to medical records should never be approved or rejected, without the approval of the medical professional in charge of the relevant patient care.

In larger clinical settings, like hospitals, coordinating requests for amendments and responses to these requests will be an appropriate function for the medical records staff, who are in charge of the integrity of these materials already. In these settings, it would probably not make sense for the privacy officer to handle this function. I would recommend putting the privacy officer in the compliance area, rather than records.

In smaller offices, such as physician practices, which have limited personnel, it may make sense or be necessary to combine functions, and the individual who is in charge of record maintenance may also be designated the privacy officer for convenience.

Answered by John Christiansen, JD, a partner at Stoel Rives LLP, in Seattle. If you have a question for him, write to BOH, P.O. Box 1168, Marblehead, MA 01945, or send an e-mail to HIPAA Weekly Advisor editor Brian Driscoll at bdriscoll@hcpro.com.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive