Legal Health Record/Designated Record Set
Disclaimer.The materials on this page are intended for informational and educational purposes. No individuals should use the information, resources or tools contained herein to self-diagnosis or self-treat any health-related condition. The content of the website is not meant to be a substitute for advice provided by a doctor or other qualified health care professional. The company will not be held responsible for any negative consequences arising from the use of information posted on this site.
With limited exceptions, the HIPAA Privacy Rule (the Privacy Rule) provides individuals with a legal, enforceable right to see and receive copies upon request of the information in their medical and other health records maintained by their health care providers and health plans. The Privacy Rule generally requires HIPAA covered entities (health plans and most health care providers) to provide individuals, upon request, with access to the protected health information (PHI) about them in one or more “designated record sets” maintained by or for the covered entity. This includes the right to inspect or obtain a copy, or both, of the PHI, as well as to direct the covered entity to transmit a copy to a designated person or entity of the individual’s choice. Individuals have a right to access this PHI for as long as the information is maintained by a covered entity, or by a business associate on behalf of a covered entity, regardless of the date the information was created; whether the information is maintained in paper or electronic systems onsite, remotely, or is archived; or where the PHI originated (e.g., whether the covered entity, another provider, the patient, etc.).
An organization's legal health record definition must explicitly identify the sources, medium, and location of the individually identifiable data that it includes (i.e., the data collected and directly used in documenting healthcare or health status). The documentation that comprises the legal health record may physically exist in separate and multiple paper-based or electronic systems. AHIMA defines the legal health record as "generated at or for a healthcare organization as its business record and is the record that would be released upon request. It does not affect the discoverability of other information held by the organization. The custodian of the legal health record is the health information manager in collaboration with information technology personnel. HIM professionals oversee the operational functions related to collecting, protecting, and archiving the legal health record, while information technology staff manage the technical infrastructure of the electronic health record." The legal health record is a formally defined legal business record for a healthcare organization. It includes documentation of healthcare services provided to an individual in any aspect of healthcare delivery by a healthcare organization.The health record is individually identifiable data in any medium, collected and directly used in documenting healthcare or health status (NCHICA, 2002). The term also includes records of care in any health-related setting used by healthcare professionals while providing patient care services, reviewing patient data, or documenting observations, actions, or instructions.
Any questions regarding requests for those types of records should be referred to the Privacy Officer or the Office of Legal Counsel.
AHIMA. "Guidance for Clinical Documentation Improvement Programs." Journal of AHIMA 81, no. 5 (May 2010): expanded Web version. Available online in the AHIMA Body of Knowledge at www.ahima.org.
Centers for Medicare and Medicaid Services, Department of Health and Human Services. Title 42-Public Health. Chapter IV, Subchapter G-Standards and Certification. Part 482-Conditions of Participation for Hospitals, Subpart C-Basic Hospital Functions. Section 482.24-Condition of Participation: Medical Record Services. Available online at http://cfr.vlex.com/vid/482-condition-participation-record-19811382#ixzz13345288z.
Department of Health and Human Services. "Standards for Privacy of Individually Identifiable Health Information; Final Rule." 45 CFR Parts 160 and 164. Federal Register 67, no. 157 (Aug. 14, 2002). Available online at http://aspe.hhs.gov/admnsimp/final/pvcguide1.htm.
Joint Commission. "The Joint Commission Standards." Available online at www.jointcommission.org/Standards.
NCHICA Designated Record Sets Work Group and Privacy and Confidentiality Focus Group. "Guidance for Identifying Designated Record Sets under HIPAA." August 16, 2002. Available online at www.nchica.org/HIPAA Resources/Samples/DesRecSets.pdf.
Servais, Cheryl E. The Legal Health Record. Chicago, IL: AHIMA, 2008.