What are a covered entity’s responsibilities to notify others in a network if an amendment to protected health information is made?

Under the HIPAA Privacy Rule, a covered entity must make reasonable efforts to communicate an amendment to others in the network identified by the individual as needing the amendment, as well as generally to other parties that are known to have the information about the individual. It is also the entity’s responsibility to communicate the amendment within a reasonable timeframe. A health information organization (HIO), with the ability to track where information was exchanged in the past, or to otherwise identify where an individual’s information resides on the network, can assist the covered entity, as its business associate, in efficiently disseminating amended information to appropriate recipients throughout the electronic network.


Created 12/15/08

Content created by Office for Civil Rights (OCR)
Content last reviewed on July 26, 2013