Do we have to make every amendment?
HIPAA Weekly Advisor, March 1, 2002
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: Are we obligated to agree to all amendments sought by an individual to his/her protected health information? If so, or if we do agree to amend a record, what are the proper steps to take
A: The HHS commentary says covered entities must give patients the opportunity to request an amendment.
The rules allow a covered entity to deny a request if it determines that the PHI or record that is the subject of the request meet any of the following criteria:
- It was not created by the covered entity, unless the individual provides a reasonable basis to believe that the originator of PHI is no longer available to act on the requested amendment
- It is not part of the designated record set
- It would not be available for inspection under the rules allowing a patient access to his/her information
- It is accurate and complete
Covered entities must respond to a request for an amendment within 60 days of receiving the request. If the covered entity is unable to do so, it may extend the deadline by no more than 30 days by providing the individual with a written statement of the reasons for the delay and the date by which the covered entity will respond to the request. Covered entities must provide this written statement describing the extension within the standard deadline. A covered entity may only extend the deadline once per request for amendment.
The rules state that a covered entity may require individuals to request amendments in writing and provide a reason to support a requested amendment, provided that it informs individuals of this requirement, presumably through the Notice of Privacy Practices. If it provides notice, covered entities may deny requests that are not in writing.
The rules also require covered entities to respond to requests for amendment of PHI created or obtained prior to the compliance date.
Editor's note: Brought to you by attorneys Marty Baxter and Gretchen McBeath at Bricker and Eckler, LLP and The Quality Management Consulting Group, Ltd. E-mail: mbaxter@bricker.com or gmcbeath@bricker.com.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched