HIPAA Privacy - Denying the Amendment 164.526(a)(2)

Overview:
§164.526(a)
Standard: Right to amend.
(2) Denial of amendment. A covered entity may deny an individual's request for amendment, if it determines that the protected health information or record that is the subject of the request: (i) was not created by the covered entity, unless the individual provides a reasonable basis to believe that the originator of protected health information is no longer available to act on the requested amendment; (ii) is not part of the designated record set; (iii) would not be available for reviewing under §164.524; or (iv) is accurate and complete.

Action Items:
1) Obtain and review documentation, including policies and procedures, of circumstances by which the entity has grounds for denial of amendment.

Related Documents:
1) Documentation, including policies and procedures, of circumstances by which the entity has grounds for denial of amendment.

Additional Guidance:
The Rule gives individuals the right to have covered entities amend their protected health information in a designated record set when that information is inaccurate or incomplete. If a covered entity accepts an amendment request, it must make reasonable efforts to provide the amendment to persons that the individual has identified as needing it, and to persons that the covered entity knows might rely on the information to the individual’s detriment. If the request is denied, covered entities must provide the individual with a written denial and allow the individual to submit a statement of disagreement for inclusion in the record. The Rule specifies processes for requesting and responding to a request for amendment. A covered entity must amend protected health information in its designated record set upon receipt of notice to amend from another covered entity.