Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy.

Similar presentations


Presentation on theme: "HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy."— Presentation transcript:

1 HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy Policy Specialist HHS Office for Civil Rights 1HHS/OCR July 2013

2 2 Right to Amend 45 CFR Standard: An individual has right to have covered entity (CE) amend protected health information (PHI) or a record about the individual in a designated record set (DRS) as long as it is maintained in a DRS

3 HHS/OCR July Handling Amendment Requests CE must permit requests to amend May require a written request and a reason if it gives advance notice of its requirements in the Notice of Privacy Practices Amend or append in whole or in part and inform individual and others as appropriate in 60 days if amendment accepted – One 30 day extension by written notice to patient supported by explanation of why extra time needed Must act on notifications from other CEs of amendments

4 HHS/OCR July Denials of Amendment Requests CE must give written notice of denial with basis, including individual’s right to submit statement of disagreement in 60 days – One 30 day extension by written notice to patient supported by explanation of why extra time needed CE may provide rebuttal to statement CE must thereafter include request, denial, disagreement and rebuttal in DRS and all disclosures (or disclose accurate summary)

5 Amendment Applies to Entire Designated Record Set (DRS) An individual’s right of amend generally applies to the information that exists within a covered entity’s designated record set(s), including: – a health care provider’s medical and billing records, – a health plan’s enrollment, payment, claims adjudication, and case or medical management record systems – any information used, in whole or in part, by or for the covered entity to make decisions about individuals. A record is any item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for the covered entity. – See 45 C.F.R. § (definition of “designated record set”) 5HHS/OCR July 2013

6 Designated Record Sets CEs that use EHRs must remain cognizant that the right of amend applies regardless of the information’s format. The term “designated record set,” not limited to information contained in an electronic record, but also will include any non-duplicative, electronic or paper-based information that meets the term’s definition. 6HHS/OCR July 2013

7 Obligation to Notify & Maintain Amendments CE must notify those identified by patient as having received the PHI and needing the amendment CEs that utilize a business associate to maintain or otherwise operate its electronic records (e.g., EHR or PHR) will want to ensure the BA is obligated to include any amendment request, denial, disagreement and rebuttal in the DRS and all disclosures (or disclose accurate summary) The same would be true if a health information organization (HIO), as a BA, maintains an electronic repository of some or all of a covered entity’s PHI 7HHS/OCR July 2013


Download ppt "HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy."

Similar presentations


Ads by Google