Overview:
§164.526(c)
Implementation specifications: Accepting the amendment.
If the covered entity accepts the requested amendment, in whole or in part, the covered entity must comply with the following requirements.
(1) Making the amendment. The covered entity must make the appropriate amendment to the protected health information or record that is the subject of the request for amendment by, at a minimum, identifying the records in the designated record set that are affected by the amendment and appending or otherwise providing a link to the location of the amendment.
(2) Informing the individual. In accordance with paragraph (b) of this section, the covered entity must timely inform the individual that the amendment is accepted and obtain the individual's identification of an agreement to have the covered entity notify the relevant persons with which the amendment needs to be shared in accordance with paragraph (c)(3) of this section.
(3) Informing others. The covered entity must make reasonable efforts to inform and provide the amendment within a reasonable time to: (i) Persons identified by the individual as having received protected health information about the individual and needing the amendment; and (ii) persons, including business associates, that the covered entity knows have the protected health information that is the subject of the amendment and that may have relied, or could foreseeably rely, on such information to the detriment of the individual.
Action Items:
1) Obtain and review policies and procedures for compliance with amendment criteria.
2) Obtain and review a sample of requests by individuals to amend their PHI or a record about the individual in a designated record set to determine whether they were addressed in accordance with the established performance criterion.
Related Documents:
1) Policies and procedures for compliance with amendment criteria.
2) Sample of requests by individuals to amend their PHI or a record about the individual in a designated record set to determine whether they were addressed in accordance with the established performance criterion.
Additional Guidance:
The Rule gives individuals the right to have covered entities amend their protected health information in a designated record set when that information is inaccurate or incomplete. If a covered entity accepts an amendment request, it must make reasonable efforts to provide the amendment to persons that the individual has identified as needing it, and to persons that the covered entity knows might rely on the information to the individual’s detriment. If the request is denied, covered entities must provide the individual with a written denial and allow the individual to submit a statement of disagreement for inclusion in the record. The Rule specifies processes for requesting and responding to a request for amendment. A covered entity must amend protected health information in its designated record set upon receipt of notice to amend from another covered entity.
Article ID: 571
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/hipaa-privacy-accepting-the-amendment-164-526-c-571.html