Standard for HIPAA Amendment to PHI

1. Ohio University will permit an individual to request Ohio University to amend the individual’s PHI maintained in a designated record set. Such requests for an amendment must be made in writing, and the individual must provide a reason to support the requested amendment. A request for amendment can be submitted to the HIPAA Covered Entity Unit’s HIPAA Compliance Coordinator or the HIPAA Privacy Officer.
2. Ohio University will respond to an individual’s request for amendment within sixty (60) days of the request.
   1. If the request is granted, Ohio University will:
      1. Make the appropriate amendment to the PHI or record by identifying the affected records in the designated record set and appending or otherwise providing a link to the location of the amendment;
      2. Inform the individual that the amendment is accepted and obtain the individual’s identification of an agreement to have the covered entity unit notify the relevant persons with which the amendment needs to be shared; and
      3. Make reasonable efforts to inform and provide the amendment within a reasonable time to persons who received the PHI and need the amendment.
   2. If the request is denied, Ohio University will provide the individual with a written denial which contains the basis for the denial, notice that the individual has a right to submit a written statement disagreeing with the denial, a statement that the individual may request Ohio University to provide the request for amendment and denial with any future disclosures of PHI, and a description of the Ohio University compliant process.
3. Ohio University will document and retain the documentation of the titles of the persons or offices responsible for receiving and processing requests for amendments by individuals.

• HIPAA Privacy Officer: The individual appointed by Ohio University to be the Privacy Officer as required by the HIPAA Privacy Rule.
• HIPAA Covered Entity Unit: Those units that Ohio University has designated as health care components subject to HIPAA. Such units include; University Human Resources/Benefits (including the University Wellness Plan, “WellWorks”), Ohio University Therapy Associates, and the Psychology and Social Work Clinic.
• HIPAA Compliance Coordinator: The individual designated as the point of contact for privacy and security matters and liaison between staff members within a HIPAA Covered Entity Unit and the University HIPAA Privacy and Security Officers.

This standard will be reviewed and approved by the University HIPAA Steering Committee, and other key stakeholders in the interest of ensuring the privacy and security of individual’s health information, as deemed appropriate based on the current regulatory requirement mandates.