Request to Amend Protected Health Information policy

Policy: Request to Amend Protected Health Information

Policy Number: 502 Policy Section: Health Information Management
Owner: Trevor Purifoy, Compliance Officer and Privacy Officer Approved By: Paul Vogelman, COO
Effective Date: 3/19/2023 Date of Last Review: 3/24/2023


SUD Specialty Group -- CA; Mental Health Specialty Group, P.A.; Mental Health Specialty Group NJ, PC; and Mental Health Specialty Group KS, P.A. (collectively, the "Group") contracts with Path CCM, Inc. d/b/a Rula Health ("Rula") for management and administrative support services. This policy applies to the Group and Rula.


Policy Statement

This policy permits patients the right to request an amendment of or correction to their protected health information (PHI) and establishes the process for handling requests to make amendments to a patient’s health record.



This policy applies to Group team members as well as Rula, CCM team members who are responsible for documenting and/or making entries in patient’s health records. For purposes of this policy, the Group and Rula team members include individuals who would be considered part of the workforce such as employees, independent contractors, business team members, and other persons whose work performance is under the direct purview of Rula’s business practices. 


Amendment: means to add information to an existing record which either provides additional information, clarifies or corrects existing information, or provides an alternative view with respect to information that has been compiled about the patient in the patient's designated record set.


  1. Requesting an amendment to PHI
    1. Under regulations permitted by the Health Insurance Portability and Accountability Act (HIPAA), patients may request an amendment to their PHI. 
    2. A patient’s request to amend PHI should be in writing. 
    3. A patient’s authorized representative, including a patient’s guardian, may complete an amendment request using the same form.
    4. Additionally, another covered entity may request an amendment to a patient’s PHI.  
  2. Reviewing the Request to Amend PHI
    1. The Privacy Officer, or designee, is responsible for receiving, reviewing, and responding to requests to amend PHI. 
    2. The Privacy Officer has the ultimate authority regarding the approval or denial of the amendment. 
    3. Upon receipt of the Request to Amend PHI form the Privacy Officer, or designee, will review the section of the designated record set applicable to the amendment request and determine whether the request will be granted in whole or in part. 
  1. The Privacy Officer may reach out to the creator of the PHI or other professionals (if the creator is not available) to help make a determination on the amendment request.
  1. A request for amendment may be denied in whole or part, under any or all of the following conditions:
  1. The PHI is not part of the designated record set. 
  2. The PHI was not created by the Group and the client has not provided enough information to determine that the original creator of the PHI is no longer available to act upon the amendment request. 
  3. The PHI is accurate and complete. 
  4. The PHI is confidential and not available for access or inspection under 45 CFR 164.524.
  1. Timeline for Decision
    1. The request to amend PHI will be approved or denied in whole or part within 60 days of the receipt of the request.  
    2. If a decision is not able to be made within 60 days, a written statement of the reasons for the delay will be provided to the patient along with the date the action will be completed.
  2. Denial of Request
    1. Patients will be notified whether the request was approved or denied. 
    2. If the request is denied (in whole or part), the patient will be notified in writing and the notification will contain the following information:  
  1. Basis for the denial, 
  2. The right the patient has to submit a written statement disagreeing with the denial, 
  3. A statement indicating that the patient’s request for amendment and the denial can be included with any future disclosures of PHI that are subject to the amendment provided the patient notify Rula in writing within 30 days of the denial letter of the desire to include such information. 
  1. If a disagreement statement is received, a rebuttal to the statement may be provided and include it with any future applicable disclosures. The rebuttal will be provided to the client. 
  2. The patient’s request for amendment, its denial, or summary, and any disagreement and rebuttal statements will be included with any subsequent disclosure of the PHI, only if the patient has requested such action. 
  1. Approval of Request
  1. Notification to the patient of the approval will be provided. At the time of the notification, the patient must identify and agree to have Rula notify the relevant persons/entities with whom the amendment needs to be shared. A review of the disclosure logs within the patient’s electronic health record may be completed to identify such persons or entities. 
  2. The appropriate changes to the PHI that is the subject of the amendment request will be completed and at a minimum:
    1. The entries in the electronic health record that are affected by the changes will be identified; and
    2. The appropriate approved amendments will occur and be noted in the entry or a link to the location of the amendment will be included.
  3. Reasonable efforts will be made to inform and provide the amendment within a reasonable time to: 
    1. Persons identified by the individual as having received PHI about the patient and needing the amendment, and
    2. Persons, including business associates, that Rula
      1. Knows have the PHI that is subject of the amendment and
      2. That may have relied, or could foreseeably rely, on such information to the detriment of the patient. 
  1. Upon being informed by a covered entity of an amendment to PHI, the patient’s PHI may be amended upon review. 
  2. Retention of Amendment Requests
    1. The record and/or PHI will be identified and linked to all correspondence related to the request as part of the retention of records.
    2. Requests to Amend PHI and any subsequent materials related to the request will be retained for a minimum of seven (7) years or longer as required according to the Retention and Destruction of Treatment Records Policy
  3. Modification of the order of CPT codes or other minor changes to facilitate the billing process are generally not considered an amendment and will not follow the HIPAA amendment procedure. The Revenue Cycle Manager or Compliance Officer will make the determination as to whether a correction is deemed an amendment to the record.

Attachments:  None.

Was this article helpful?

0 out of 0 found this helpful