Paubox blog: HIPAA compliant email made easy

Benefits of HIPAA compliant email for PHI amendment requests

Written by Kirsten Peremore | May 28, 2024

HIPAA compliant email ensures the secure exchange of sensitive patient information, helping organizations meet HIPAA privacy requirements. This secure communication streamlines the amendment process, enabling individuals to request corrections and receive responses electronically while maintaining data privacy. 

 

HIPAA Privacy Rule and the amendment of PHI

According to HHS guidance material on the topic of patient corrections for PHI,The Privacy Rule provides individuals with the right to have their protected health information (PHI) amended in a manner that is fully consistent with the Correction Principle in the Privacy and Security Framework.”

The HIPAA Privacy Rule allows patients to request corrections to their PHI if they believe it is inaccurate or incomplete. This right is outlined in Section 45 C.F.R. § 164.526. When a patient requests an amendment, the healthcare provider or covered entity must respond within 60 days, either by making the correction or notifying the patient if the request is denied. If the correction is approved, the healthcare provider must update the record and inform other entities, such as health information organizations (HIOs), that have the incorrect information.

See also: The risks of shared email inboxes in healthcare practices

 

The amendment process

  1. Request for amendment: An individual, the subject of the PHI, initiates the process by submitting a written request to the covered entity, specifying the information they want to amend and the reasons for the requested changes.
  2. Covered entity review: The covered entity, which includes healthcare providers, health plans, or healthcare clearinghouses, receives the request and reviews it for validity and completeness. The covered entity determines whether the request meets the criteria outlined in the HIPAA Privacy Rule, such as whether the information is inaccurate, incomplete, or otherwise inappropriate.
  3. Notification to the individual: Within 60 days (with a potential 30-day extension in certain cases) of receiving the request, the covered entity must notify the individual in writing regarding whether the request for amendment is accepted or denied. If the request is approved, the covered entity must make the necessary corrections to the PHI.
  4. Denial of request: If the covered entity decides to deny the request for an amendment, they must provide the individual with a written explanation for the denial. The explanation should include the reasons for the denial and inform the individual of their right to submit a statement of disagreement.
  5. Statement of disagreement: If the individual disagrees with the denial, they have the right to submit a statement of disagreement, explaining their viewpoint regarding the requested amendment. This statement of disagreement should be included in the individual's PHI record and will accompany any future disclosures of the disputed information.
  6. Documentation of dispute: The covered entity is responsible for documenting the dispute and the statement of disagreement submitted by the individual.
  7. Notification to others: The covered entity must make reasonable efforts to communicate the approved amendment or the denial (along with the statement of disagreement) to relevant parties, including business associates and HIOs, within its network.
  8. Electronic exchange efficiency: Utilizing electronic health information exchange systems can expedite the process of communication and notification, making it more efficient and timely.

Why HIPAA compliant email is the best medium

Email is also more convenient than traditional mail, enabling faster responses and the ability to manage requests from anywhere. Unlike phone calls or in-person visits, email provides a written record of all communications, reducing misunderstandings and ensuring accountability. In this particular scenario, it provides security, efficiency, and convenience when communicating with patients during the amendment request process. With its quick and reliable communication between patients and healthcare providers, updates are timely and documents are easily shared. 

What differentiates and makes HIPAA compliant email the best method:

  • Ensures that sensitive information is protected during transmission.
  • Instantly informs patients that their request has been received.
  • Allows for safe exchange of forms and identification.
  • Adds an extra layer of security to access communications.
  • Enables patients to safely complete and submit amendment requests.
  • Helps track communications and maintain regulatory compliance.
  • Ensures all necessary legal information is included.
  • Allows patients to manage requests on the go.
  • Facilitates digital signing of amendment forms.
  • Keeps both patients and providers updated on request status.
  • Prevents sensitive information from being sent to unauthorized recipients.

See also: How to send HIPAA compliant emails

 

FAQs

Can patients receive real-time updates about their amendment requests through email?

Yes, HIPAA compliant email systems often send real-time notifications, keeping both patients and providers informed about the status of requests.

 

Are electronic signatures supported in HIPAA compliant email systems?

Some services have features like Paubox Forms that support electronic signatures, allowing patients to sign amendment request forms digitally.

 

What happens if an amendment request is denied?

HIPAA compliant email systems provide a secure way for patients to file a statement of disagreement.