Patients Right to Amend Their Health Information July 18 2013 David Holtzman JD CIPPG Senior Health Information Technology amp Privacy Policy Specialist HHS Office for Civil Rights 1 HHSOCR July 2013 ID: 207784
Download Presentation The PPT/PDF document "HIPAA Privacy Rule" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
HIPAA Privacy Rule Patient’s Right to AmendTheir Health Information
July 18, 2013David Holtzman, JD, CIPP/GSenior Health Information Technology & Privacy Policy SpecialistHHS Office for Civil Rights
1
HHS/OCR July 2013Slide2
HHS/OCR July 20132
Right to Amend45 CFR 164.526Standard: An individual has right to have covered entity (CE) amend protected health information (PHI) or a record about the individual in a designated record set (DRS) as long as it is maintained in a
DRSSlide3
HHS/OCR July 20133
Handling Amendment RequestsCE must permit requests to amendMay require a written request and a reason if it gives advance notice of its requirements in the Notice of Privacy PracticesAmend or append in whole or in part and inform individual and others as appropriate in 60 days if amendment
acceptedOne 30 day extension by written notice to patient supported by explanation of why extra time neededMust act on notifications from other CEs of amendmentsSlide4
HHS/OCR July 20134
Denials of Amendment RequestsCE must give written notice of denial with basis, including individual’s right to submit statement of disagreement in 60 daysOne 30 day extension by written notice to patient supported by explanation of why extra time neededCE may provide rebuttal to statementCE must thereafter include request, denial, disagreement and rebuttal in DRS and all disclosures (or disclose accurate summary)Slide5
Amendment Applies to Entire Designated Record Set (DRS)An
individual’s right of amend generally applies to the information that exists within a covered entity’s designated record set(s), including: a health care provider’s medical and billing records, a health plan’s enrollment, payment, claims adjudication, and case or medical management record systems any information used, in whole or in part, by or for the covered entity to make decisions about individuals. A record is any item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for the covered entity.
See 45 C.F.R. § 164.501 (definition of “designated record set”)
5
HHS/OCR July 2013Slide6
Designated Record Sets CEs that use
EHRs must remain cognizant that the right of amend applies regardless of the information’s format. The term “designated record set,” not limited to information contained in an electronic record, but also will include any non-duplicative, electronic or paper-based information that meets the term’s definition.
6
HHS/OCR July 2013Slide7
Obligation to Notify & Maintain AmendmentsCE must notify those identified by patient as having received the PHI and needing the amendment
CEs that utilize a business associate to maintain or otherwise operate its electronic records (e.g., EHR or PHR) will want to ensure the BA is obligated to include any amendment request, denial, disagreement and rebuttal in the DRS and all disclosures (or disclose accurate summary)The same would be true if a health information organization (HIO), as a BA, maintains an electronic repository of some or all of a covered entity’s PHI
7HHS/OCR July 2013