NRPM: Standards for Privacy of Individually Identifiable Health Information. 5. Amendment or correction.


We propose to require covered plans and providers to develop and document policies and procedures to address how they would receive and comply with individual requests for amendment or correction of their records, in compliance with § 164.516 of this proposed rule. Policies and procedures should include the process for determining whether a request for amendment or correction should be granted, the process to follow if a request is denied, and how the entity would notify other entities, including business partners, if the request is accepted. For example, if a covered entity accepts an individual’s request for an amendment or correction, the entity could document specific procedures regarding how to make the appropriate additions or notations to the original information. Without such documentation, members of the workforce could accidentally expunge or remove the incorrect information.