Oklahoma State University Center for Health Sciences
OSU-CHS Centernet

Privacy Policies & Procedures

Section 11 - Right to Amend

 

Title: Right to Amend Policy: PRV-11.01
Category: HIPAA Compliance Authority: 45 CFR §
HIPAA Section:
164.526(a)
Standard: Right to Amend Responsibility: Health Care Components
Effective Date: 04/14/2003
Download a printable PDF of this policy
Approved by: OSU Legal Counsel Revised: 7/1/2013
Purpose

To define an individual’s rights in regards to amending their medical record and the process thereof.

Policy
  1. An individual has the right to have OSU amend protected health information or a record about the individual in a designated record set for as long as the protected health information is maintained in the designated record set.  §164.526(a)(1)
  2. OSU may deny an individual's request for amendment, if it determines that the protected health information or record that is the subject of the request:  §164.526(a)(2)
    • Was not created by OSU, unless the individual provides a reasonable basis to believe that the originator of protected health information is no longer available to act on the requested amendment;  §164.526(a)(2)(i)
    • Is not part of the designated record set;  §164.526(a)(2)(ii)
    • Is accurate and complete  §164.526(a)(2)(iv)
    • The PHI would not be available for inspection because access would be denied, because of (45 CFR §164.524):   §164.526(a)(2)(iii)
      • (i) Psychotherapy notes;
      • (ii) Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding; and
      • (iii) Protected health information maintained by a covered entity that is:
      • (A) Subject to the Clinical Laboratory Improvements Amendments of 1988, 42 U.S.C. 263a, to the extent the provision of access to the individual would be prohibited by law; or
      • (B) Exempt from the Clinical Laboratory Improvements Amendments of 1988, pursuant to 42 CFR 493.3(a)(2)
Procedure
  1. If a person requests to amend the PHI in possession of OSU, that person shall be directed to the OSU HIPAA Compliance Office for instructions on how such a request must be made.
  2. The HIPAA Compliance Office will explain the procedure for requesting an amendment, including the reasons for possible denial cited above.
  3. Any request for amendment must be presented in writing for review. 
  4. Upon receipt of a written request for amendment to PHI, the HIPAA Compliance Office will review the request in accordance with HIPAA §164 and OSU Policies to determine appropriate action.
  5. Amendments will be limited to the Designated Record Set of OSU.
  6. If OSU accepts an amendment, the HIPAA Compliance Office will be responsible for determination of the steps necessary to inform other entities which need to amend PHI received from OSU.
  7. The HIPAA Compliance Office is responsible for processing all amendment requests in a manner consistent with OSU HIPAA policies and CFR §164.
  8. The HIPAA Compliance Office shall take all requests to the appropriate physician for final review to make a determination.
Reference

45 CFR §164.524


top of page top

 

Title: Request for Amendment and Timely Action Policy: PRV-11.02
Category: HIPAA Compliance Authority: 45 CFR §
HIPAA Section:
164.526(b)
Standard: Right To Amend Responsibility: Health Care Components
Effective Date: 04/14/2003
Download a printable PDF of this policy
Approved by: OSU Legal Counsel Revised: 7/1/2013
Purpose

To identify the requirements and time limits to process the amendment.

Policy
  1. OSU must permit an individual to request that OSU amend the protected health information maintained in the designated record set. OSU may require individuals to make requests for amendment in writing and to provide a reason to support a requested amendment, provided that it informs individuals in advance of such requirements.  §164.526(b)(1)
  1. OSU must act on the individual’s request for an amendment no later than 60 days after receipt of such a request, as follows:  §164.526(b)(2)(i)
    • If OSU grants the requested amendment, in whole or in part, OSU must take actions as indicated in policy PRV-11.03 Accepting the Amendment.  §164.526(b)(2)(i)(A)
    • If OSU denies the requested amendment, in whole or in part, OSU must provide the individual with a written denial, in accordance with policy PRV-11.04 Denying the Amendment.  §164.526(b)(2)(i)(B)
  1. If OSU is unable to act on the amendment within 60 days, OSU may extend the time for such action by no more than 30 days provided that:  §164.526(b)(2)(ii)
    • OSU provides the individual with a written statement of the reasons for the delay and the date by which OSU will complete the action on the request; and  §164.526(b)(2)(ii)(A)
    • OSU may have only one such extension per request for amendment.  §164.526(b)(2)(ii)(B)
Procedure
  1. All requests for Amendments shall be made in writing.
  2. All requests shall be forwarded onto the HIPAA Compliance Office to ensure such request meets all the requirements set forth in this section of the policies.
  3. Once the HIPAA Compliance Office determines the request meets all applicable requirements, the Office shall forward the request onto the appropriate physician for actual determination to accept or deny the request.
  4. If the physician accepts the amendment request, such amendment will be made to the individual medical record.
  5. If the physician denies the amendment request, a letter shall be sent to the individual explaining why the request was denied, and what further actions may be taken, including where to file a compliant.

top of page top

 

Title: Accepting the Amendment to PHI Policy: PRV-11.03
Category: HIPAA Compliance Authority: 45 CFR §
HIPAA Section:
164.526(c)
Standard: Right To Amend Responsibility: Health Care Components
Effective Date: 04/14/2003
Download a printable PDF of this policy
Approved by: OSU Legal Counsel Revised: 7/1/2013
Purpose

To identify the process to be taken when accepting an amendment to protected health information.

Policy

If OSU accepts the requested amendment, in whole or in part, OSU must comply with the following requirements:  §164.526(c)

  1. OSU must make the appropriate amendment to the PHI or record that is the subject of the request for amendment by, at minimum, identifying the records in the designated record set that are affected by the amendment and appending or otherwise providing a link to the location of the amendment.  §164.526(c)(1)
  2. OSU must timely inform the individual that the amendment is accepted and obtain the individual’s identification of and agreement to have OSU notify the relevant persons with which the amendment needs to be shared.  §164.526(c)(2)


OSU must make reasonable efforts to inform and provide the amendment within a reasonable time to:  §164.526(c)(3)

  1. Persons identified by the individual as having received PHI about the individual and needing the amendment; and  §164.526(c)(3)(i)
  2. Persons, including business associates, that OSU knows has the PHI that is the subject of the amendment and that may have relied, or could foreseeably rely, on such information to the detriment of the individual.  §164.526(c)(3)(ii)
Procedure
  1. Upon the approval of the physician accepting the amendment, OSU staff shall inform the entities that may be affected by the amendment.
  2. The physician shall make the accepted amendment in the medical record, sign and date the amended informormation.

top of page top

 

Title: Denying the Amendment Policy: PRV-11.04
Category: HIPAA Compliance Authority: 45 CFR §
HIPAA Section:
164.526(d)
Standard: Right to Amend Responsibility: Health Care Components
Effective Date: 04/14/2003
Download a printable PDF of this policy
Approved by: OSU Legal Counsel Revised: 7/1/2013
Purpose

To identify the process OSU must take when denying a request for an amendment.

Policy

If OSU denies the requested amendment, in whole or in part, OSU must comply with the following requirements:  §164.526(d)

  1. OSU must provide the individual with a timely, written denial.  The denial must use plain language and contain:  §164.526(d)(1)
    • The basis for the denial;  §164.526(d)(1)(i)
    • The individual’s right to submit a written statement disagreeing with the denial and how individual may file such a statement;  §164.526(d)(1)(ii)
    • A statement that, if the individual does not submit a statement of disagreement, the individual may request that OSU provide the individual’s request for amendment and the denial with any future disclosures of PHI that is the subject of the amendment; and  §164.526(d)(1)(iii)
    • A description of how the individual may complain to OSU as described in this manual or to the Secretary of The Department of Health and Human Services.  The description must include the name, or title and telephone number of the contact person or HIPAA Compliance Office.  §164.526(d)(1)(iv)
  2. Statement of Disagreement - OSU will permit the individual to submit to OSU a written statement disagreeing with the denial of all or part of a requested amendment and the basis of such disagreement.  OSU may reasonably limit the length of a statement of disagreement.  §164.526(d)(2)
  3. Rebuttal Statement - OSU may prepare a written rebuttal to the individual’s statement of disagreement.  Whenever such a rebuttal is prepared, OSU must provide a copy to the individual who submitted the statement of disagreement.  §164.526(d)(3)
  4. Recordkeeping - OSU, must as appropriate, identify the record or PHI in the designated record set that is the subject of the disputed amendment and append or otherwise link the individual’s request for an amendment, OSU’s denial of the request, the individual’s statement of disagreement, if any, and OSU’s rebuttal, if any, to the designated record set.  §164.526(d)(4)
  5. Future disclosures –
    • If a statement of disagreement has been submitted by the individual, OSU must include the material appended, as indicated in the above paragraph, or, at the election of OSU, an accurate summary of any such information, with any subsequent disclosure of the PHI to which the disagreement relates.  §164.526(d)(5)(i)
    • If the individual has not submitted a written statement of disagreement, OSU must include the individual’s request for amendment and its denial, or an accurate summary of such information, with any subsequent disclosure of the PHI only if the individual has requested such action.  §164.526(d)(5)(ii)
    • When a subsequent disclosure is made using a standard transaction under part 45 CFR 162 that does not permit the additional material to be included with the disclosure, OSU may separately transmit the material required as applicable to the recipient of the standard transaction.  §164.526(d)(5)(iii)
Procedure
  1. If a request is denied by the physician, OSU shall follow the above policy and allow the individual to submit a rebuttal letter after giving them the opportunity to file a complaint either with OSU or with the Secretary for the Department of Health And Human Services.
  2. The individual may file a complaint with:
    HIPAA Compliance Office
    717 South Houston, Suite 506
    Tulsa, OK  74127
    Chs.privacy@okstate.edu
    918-586-4545

top of page top

 

Title: Actions on Notice of Amendment Policy: PRV-11.05
Category: HIPAA Compliance Authority: 45 CFR §
HIPAA Section:
164.526(e)
Standard: Right to Amend Responsibility: Health Care Components
Effective Date: 04/14/2003
Download a printable PDF of this policy
Approved by: OSU Legal Counsel Revised: 7/1/2013
Purpose

To establish what must occur when OSU is notified of an amendment to PHI from a difference covered entity.

Policy

If and when OSU is notified by another covered entity of an amendment to an individual’s PHI, OSU will amend the PHI in the designated record sets.  §164.526(e)

Procedure

If OSU is notified of an amendment from a different covered entity, OSU shall make such notice in the patients record where appropriate.


top of page top

 

Title: Documentation of Request for Amendment Policy: PRV-11.06
Category: HIPAA Compliance Authority: 45 CFR §
HIPAA Section:
164.526(f)
Standard: Right To Amend Responsibility: Health Care Components
Effective Date: 04/14/2003
Download a printable PDF of this policy
Approved by: OSU Legal Counsel Revised: 7/1/2013
Purpose

To identify the requirements for documenting amendments.

Policy

OSU must document the titles of the persons or offices responsible for receiving and processing requests for amendments by individuals and retain the documentation as required by §164.530(j).  §164.526(f)

Procedure

The HIPAA Compliance Office, Privacy Officer, or his/her designee will be responsible for receiving and processing requests for amendments by individuals and retaining the documentation as required by this policy.  The documentation shall be kept in the individuals medical record.


top of page top

 

OSU-CHS on Facebook OSU-CHS on Twitter OSU Medicine on You Tube