A patient who is being treated in a facility operated and maintained by a Covered Entity (CE) has not just the right to the information collected by the CE about him or her, but also has the right to ask that such information be amended. The Health Insurance Portability and Accountability Act (HIPAA) under its Security and Privacy Rules give patients the right to request that your practice or Business Associate (BA) make some amends to their Protected Health Information (PHI). This PHI may already be in a designated record set, but if not, the patient may ask that the amendment be done in a designated record set.
When such requests are made by a patient to a Covered Entity (CE), the CE must honor the request unless. A CE may only dishonor such request if after thorough check has determined that does not need to be amended because the information is accurate and complete. If the information is checked and does need any form of amendment, the CE must make the amendments within 60 days after the request was made by the patient and received by the CE. If the CE fails to make the requested amendments or does not meet up the 60 days timeline, it will be considered a violation of the Health Insurance Portability and Accountability Act (HIPAA). And if such information is used or disclosed without the proper amendments, it will also be considered a violation of the HIPAA. Once an amendment request has been accepted by a CE, the CE must identify the record or records in the designated record set and provide a link to the location of the amendment.
As a health care provider you should already know that acting on false information or incomplete information about a patient is wrong as it may lead to wrong treatments and cause more harm than good to the patient.