Page 44 - Privacy_Program
P. 44

DP170A.8b    (b)  the PRPI refers to another person (unless such other person is a health care
                                            provider) and direct service staff has determined, in the exercise of professional
                                            judgment, that the access requested is reasonably likely to cause substantial
                                            harm to such other person; or

                               DP170A.8c    (c)  the request for access is made by the participant’s personal representative
                                            and direct service staff or manager has determined, in the exercise of
                                            professional judgment, that the provision of access to such personal
                                            representative is reasonably likely to cause substantial harm to the individual or
                                            another person.

        Directors and           DP170A.9    The organization will accommodate reasonable requests of participants to
        Managers with                       amend or correct their PRPI stored by the organization.
        Employees and
        Director of
        Information
        Technology,
        Privacy and
        Data Security

        Director of Information   DP170A.10   The organization will record the reasons for the amendment to or correction of
        Technology, Privacy and             this information and the resolution of the request.
        Data Security
        Employees with Access   DP170A.11   A participant’s request for amendment may be denied if the requested privacy
                                            restricted information:
        to PRPI
                               DP170A.11a   (a)  was not created by the organization;

                               DP170A.11b   (b)  would not be available for inspection under the requirements for individual
                                            rights to access privacy restricted information; or

                               DP170A.11c   (c)  is inaccurate and incomplete.

                               DP170A.12    The time period for the action by the organization will be extended by no more
        Employees with Access
                                            than 30 days.
        to PRPI
        Employees with         DP170A.13    The organization will notify participants of the outcome of their requests.
        Managers and Director
        of Information
        Technology, Privacy and
        Data Security

        Employees with         DP170A.14    If another entity notifies the organization of an amendment to a participant’s
        Managers and Director               PRPI, the organization will amend the respective information by, at minimum,
        of Information                      identifying the affected information in the participant record and appending or
        Technology, Privacy and             otherwise providing a link to the location of the amendment.
        Data Security

















         GES CONFIDENTIAL                                                                                    38
   39   40   41   42   43   44   45   46   47   48   49