Health Data, Regulatory and Health Industry

Interoperability: Best Practices in Patient Amendments to Protected Health Information

Since April 2003, patients have had the right to request amendments to protected health information (PHI) contained within the designated record maintained by a covered entity (CE) or its business associates. As patients have become more engaged in their care, the number of requests for amendments has increased. Adding to the complexity, patient records are shared electronically through health information exchanges (HIEs) and other means. Identifying how requests for amendments are processed and then disseminated must be clearly outlined within the organization.   

Requesting Amendments

There are many terms used for patients’ requests for changes, including:

  • Addendum: Omitted information added to an existing document without modifying the original document.
  • Amendment: Clarifying information addressing the original document without altering it.
  • Correction: Changes made to correct mistakes after the original document has been signed or completed.
  • Deletion: Incorrect information that is removed or deleted from a closed/finalized document without replacing it with new information.

The patient may request any of the above scenarios for consideration. Regardless of the type of request, it is important for the organization to respond quickly to any reports of documentation errors and provide patients with the necessary paperwork to request corrections and amendments.

When a patient does not agree with information that is documented within the medical record, the patient can request an amendment to the medical record. The CE may deny a request based on one of three reasons: 1) the information is accurate and complete; 2) the information was not created by the covered entity; or 3) it is not a part of the designated record set.

If the CE determines that the amendment is allowed, the information will be updated and placed within the medical record and must be included in any subsequent releases of that record. In any case, the patient must be informed.

Identifying Patients in the HIE

CEs are responsible for reviewing and responding to requests for amendments. However, challenges may occur: Who reviews and responds to the request? How is the patient’s identity validated? What happens if forwarding the request to the correct provider is not possible?

Processing Amendment Requests

The HIE or provider who receives amendment requests from patients should have a designated process for identifying the originating provider to ensure accurate forwarding. If the identity of the patient or the originating provider is not evident by reviewing the health information in question, the HIE administrator may be called upon for assistance. Policies should be in place to handle these types of circumstances.

Clear procedures are also needed for processing amendment requests that are directed to a designated staff member. A designated point person at the HIE must ensure the amendment request has been directed to the correct organization. At the CE, designated staff must ensure the request for the amendment has been processed, from initial request through final decision regarding approval or denial.  

Whether the system is the electronic health record or an HIE, consider the following points:

  • Develop a policy to ensure the entity corrects and reports errors in a consistent and timely manner.
  • Work with the vendor to confirm that your system enables error correction. Document an established process.
  • Ensure the system has the ability to track corrections or changes once the original entry has been entered or authenticated.
  • Always track back to the source system.
  • Review policies and procedures and make modifications as needed to prevent recurrence of errors.
  • Determine who is responsible for the approving or denying the amendment, and how the result of the request for the amendment will be communicated and shared.
  • Establish and maintain clearly documented policies and procedures that include routine audits, actions, and outcomes.

Making Changes to an Entry

1. Become familiar with, and follow, state laws on amending medical records.

  • Some states may have specific record amendment rules.

2. Understand the features of the EHR system(s):

  • The original entry should be viewable.
  • The current date and time should be entered.
  • The person making the change should be identified.
  • The reason for correction should be noted. If a hard copy is printed from the electronic record, the hard copy must also be corrected.
  • Make sure there’s an ability to suppress viewing of the actual error but ensure that a flag exists to notify other users of the newly corrected error. 
  • The altered EHR record should be flagged to indicate that a change has been made.
  • Make a narrative entry in the medical record statement indicating that an error has been made and is being corrected.
  • Conduct routine audits to ensure that providers and staff are complying with organizational documentation policies and procedures.

3. Maintain version control.

  • In the context of the EHR, versioning is the ability to capture and track serial changes in the electronic documents, data, or reports.
  • Documents, data, and reports are not necessarily static within a dynamic EHR because they evolve as clinicians add, change, or remove information.
  • Understand how versioning can affect your legal health record.

4. Understand policy and procedure requirements.

  • Address the appropriate time frame for responding to a patient request for an amendment to their PHI.
  • Detail the entity responsible for reviewing the request, either granting or denying the request, notifying the patient, and following the appeals process if the patient chooses to appeal the decision.
  • Indicate the methods that the information is corrected and/or disputed denials are documented. 

Now, more than ever, patients are engaged in their care and are reviewing their medical information. Patients need a quick and easy way to request amendments and have confidence that the CE or HIE will review the request, update the information as needed, and respond to the patient with the results of the review. When information is updated, the information needs to be updated in the HIE to ensure the patient’s complete history is available to treating providers.

References

Department of Health and Human Services Office for Civil Rights. “The HIPAA Privacy Rule and Electronic Health Information Exchange in a Networked Environment: Correction.” www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/special/healthit/correction.pdf

Burns, Janelle; Costello, Stephanie; Lewis, Sharon; Meyer, Melanie; Panzarella, Deanna; Westhafer, Kathy J. "Managing Amendments in an HIE Environment" Journal of AHIMA 89, no.1 (January 2018): 52-55.

AHIMA. "Patient Access and Amendment to Health Records (2013 update)." Journal of AHIMA 84, no.10 (October 2013): expanded web version. http://bok.ahima.org/doc?oid=107003#.X0-zU3lKiUk


Diana Warner (dwarner@mrocorp.com) is a director of account management at MRO.

For additional insights on interoperability, check out this AHIMA21 blog.