Policy Statement: Individuals may request an amendment of their Protected Health Information (“PHI”).
Definitions
“Amendment” as used in this Policy means the correction of previously recorded Protected Health Information or other information maintained in a designated record set, but does not include changes in vital signs, laboratory reports, or other health information created during a new encounter with a provider or other covered entity.
“Authorized Users” are individuals who have been authorized by a Participant to participate in the Health Information Exchange and may include, but are not limited to, health care providers, employees, contractors, agents, or business associates of a participant.
“Individual” means a person who is the subject of Protected Health Information (PHI) and has the same meaning as the term “Individual” in 45 C.F.R. § 164.501 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. § 164.502(g).
“Participant” means an organization, health care provider or institution, health plan, or health care clearinghouse who has executed a written Participation Agreement and Business Associate Agreement with the NDHIN.
Accepting Requests for Amendments
If an Individual requests an amendment to the individual’s Protected Health Information or other information that is created by the NDHIN, the NDHIN shall respond to the request as required by 45 C.F.R. 164.526.
If an Individual requests an amendment to the individual’s Protected Health Information, NDHIN, as permitted by 45 C.F.R. 164.526, may deny an individual’s request for an amendment, if NDHIN determines that the Protected Health Information or record that is the subject of the request was not created by the NDHIN, unless an exception set forth in 45 C.F.R. 164.526 applies.
If the information subject to a request for an amendment was created by a Participant, the NDHIN shall forward the request to that Participant, and inform the individual requesting the amendment that the request was transferred to that Participant.
Each Participant shall comply with applicable federal, state and local laws and regulations regarding individual rights to request amendment of health information.
Informing other Participants
If the Participant that created the information accepts the requested amendment, in whole or in part, the covered entity must as required by 45 C.F.R. 164.526(c), make reasonable efforts to inform and provide the amendment within a reasonable time to: (i) persons identified by the individual as having received Protected Health Information about the individual and needing the amendment; and (ii) persons, including business associates, that the Participant knows have the protected health information that is the subject of the amendment and that may have relied, or could foreseeably rely, on that information to the detriment of the individual.
Application to Business Associates and Contractors
Participants shall make this policy applicable to their Business Associates (“BA”) and to the contractors and subcontractors of their BAs as required by the HIPAA Rules