4.1.A HIPAA/Privacy: General Rules - Designated Record Set Policy

  • PURPOSE:

    To define the documents that comprise the Designated Record Set

    POLICY:

    The HIPAA Privacy Rule requires that patients be permitted to request access and amendment to their Protected Health Information (PHI) that is maintained in a Designated Record Set. This policy documents the contents of the Designated Record Set, per LHCC.

    PROCEDURE:

    The Designated Record Set is a group of records maintained by or for LHCC that consists of the Medical Records and billing records about a patient and is used, in whole or in part, by or for LHCC to make decisions about the patient. The term record means any item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for LHCC.

    LHCC maintains the following as the Designated Record Set:

    • The patient's medical record,
    • The patient's business office file, and
    • The patient's personal health records.

    The patient medical record includes, at a minimum, the following:

    • Medical documentation
    • Advance directives
    • Assessments, flow sheets
    • Care plan
    • Informed consent
    • History and physical exams and other related medical records
    • Minimum data set
    • Medication and treatment records
      • Nursing documentation/progress notes
      • Physician and professional consultant notes
      • Physician's orders
      • Reports from lab, x-ray, and other diagnostic tests
      • Face sheet
      • Social service documentation
        • Excluded from the Medical Record are source data, including photographs, films, monitoring strips, videotapes, slides, worksheets and daily communication sheets, and shadow files or charts, unless such data is used to make decisions related to the patient’s care.
        • If records from other providers are used by LHCC to make decisions related to the care and treatment of the patient, then these records are considered part of the Designated Record Set as well as the Medical Record, e.g., history and physical, discharge summary and labs from previous acute care hospitalization.

    The Patient’s Business Office File includes, at a minimum, the following:

    • Demographic documents
    • Acknowledgement of receipt of LHCC's Notice of Privacy Practices
    • Correspondence relating to coverage and payment from insurance companies, health plans, Medicare, Medicaid and other payor sources
    • Patient’s claim information, including claim, remittance, eligibility response, and claim status responses
    • Statements of account balances
    • Collection activity documents and correspondence

    Personal Health Records consist of the patient's personal health information provided to LHCC by the patient. If such records are used by LHCC to make health care related decision, provide care services, or document observations, actions or instructions, then the records will be considered part of the Designated Record Set.

    The following are excluded from the Designated Record Set:

    • Administrative data, such as audit trails, appointment schedules and practice guidelines that do not imbed PHI
    • Incident reports
    • Quality assurance data
    • Accreditation reports

    Revised 12/2013

  • Date Format: MM slash DD slash YYYY