NRPM: Standards for Privacy of Individually Identifiable Health Information. i. Accuracy and completeness.


The first criteria that a covered entity would need to consider is whether the protected health information at issue is either erroneous or incomplete. The basic concept comes from the Privacy Act of 1974, governing records held by Federal agencies, which permits an individual to request correction or amendment of a record "which the individual believes is not accurate, relevant, timely, or complete." (5 U.S.C. 552a(d)(2)). We would adopt the standards of “accuracy” and “completeness” and draw on the clarification and analysis of these terms that has emerged in administrative and judicial interpretations of the Privacy Act over the last 25 years.

We are not proposing to permit correction on the basis of an individual's belief that information is irrelevant or untimely. The Privacy Act of 1974 imposes affirmative obligations on Federal agencies to maintain records with accuracy, relevance, timeliness, and completeness, and permits individuals to seek correction of records that do not meet that standard. The amendment and correction right complements and helps to enforce the agency obligation.

Our view is that the relevance and timeliness standards, while very appropriate for Federal agencies generally, would be difficult to impose by regulation upon health record keeping, which depends to a large extent on clinical judgment. The increasingly- recognized impact of lifestyle and environmental factors on health may, for example, motivate physicians to record information which appears irrelevant, but which may in fact serve as a diagnostic clue, or which may alert later users of the record to clinically relevant aspects of the patient's life. We invite comment on how any such standard might be structured to avoid interfering inappropriately with clinical judgment.

We also are concerned about the burden that requests for amendment or correction may place on covered plans and providers and have tried to limit the process to those situations where amendment or correction would appear to be most important. We invite comment on whether our approach reasonably balances burden with adequately protecting individual interests.

We note that for Federal agencies that are also covered plans or providers, the rule we are proposing would not diminish their present obligations under the Privacy Act of 1974, under which all four factors are bases for amendment and correction.