Corporate Compliance

Q&A: Amendments to records generated prior to April 2003

Compliance Monitor, July 22, 2009

Q: I’ve been receiving requests for amendments resulting from records generated prior to April 2003 (the date the HIPAA privacy rule went into effect). Am I required to honor these requests?

A: The privacy rule does not set a deadline for amendment requests. Instead, individuals have the right to request amendments to PHI in a designated record set for as long as the covered entity maintains the information. As a covered entity, you are not required to agree to the request for amendment.

A covered entity may deny a request for amendment if the PHI: 
  • Was not created by the covered entity (unless the originator is no longer available)
  • Is not part of a designated record set
  • Was not available for inspection
  • Is accurate and complete 
Mary D. Brandt, MBA, RHIA, CHE, CHPS answered this question in the July 2009 issue of the HCPro newsletter Briefings on HIPAA. For more information about this newsletter visit the HCMarketplace.

Most Popular