Appendix A: Legal Process Glossary of Terms
Abstract: A condensation of a record.
Administrative agency: created by statute or the Constitution. They may hear disputes arising from administrative law. A common example would be a case dealing with workmen's compensation.
Administrative law: Rules and regulations developed by various administrative bodies empowered by Congress. This falls under the umbrella of public law.
Administrative regulation: a rule issued by an administrative agency to regulate the area in which Congress created the agency to execute governmental policy. Courts rank regulations below statutes when they conflict, but otherwise regulations have the force of law.
Arbitration: a dispute that is submitted to a third party or panel of experts outside the judicial trial system. All parties involved in the dispute must agree to have their differences heard and settled by an arbitrator or arbitration panel and agree that the settlement will be binding.
Authentication: an attestation that something, such as a medical record, is genuine. Authentication refers to both verifying a computer user's identity and professional responsibility for the entries in the medical record.
The purpose of authentication is to show authorship and assign responsibility for an act, event, condition, opinion, or diagnosis. Entries in the healthcare record should be authenticated by the author.1
Verification of the identity of a user or other entity is a prerequisite to allowing access to information systems.2
Business records: an exception to the hearsay rule that permits the court to receive into evidence records prepared and kept in the regular course of business. Medical records fall under this exception provided that method of record keeping conforms to certain established guidelines:
- The record was made in the regular course of business.
- The entries in the record are made promptly.
- The entries were made by the individual within the enterprise with first-hand knowledge of the acts, events, conditions, and opinions.
- Process controls and checks exist to ensure the reliability and accuracy of the record.
- Policies and procedures exist to protect the record from alteration and tampering.
- Policies and procedures exist to prevent loss of stored data.
Case law: law originating from court decisions where no applicable statutes exist; also known as common law.
Confidentiality: protection given to health records and other patient information to guard personal, private information about patients and their care.
Consent to use and disclose information: written permissions given by a patient to a healthcare provider to use and disclose healthcare information for the purpose of treatment, payment, or healthcare operations.
Court order: the power of a court jurisdiction, whether state or federal, to order the production of medical records without the patient's informed consent, as opposed to a subpoena, which may be signed by a lawyer.
Custodian of records (aka record custodian): a person who has charge or custody of an institution's records whether stored in paper or electronic format.
Data: basic facts about people, processes, measurements, and conditions represented in dates, numerical statistics, images, and symbols. An unprocessed collection or representation of raw facts, concepts, or instructions in a manner suitable for communication, interpretation, or processing by humans or automatic means.
Database: a collection of data organized for rapid search and retrieval.
Data element: a combination of one or more data entities that forms a unit or a piece of information, such as a patient identifier, a diagnosis, or treatment.
Data entity: a discrete form of data, such as a number or a word.
Data integrity: state of data being complete, accurate, consistent, and up to date.
Defendant: individual or company that is the object of a lawsuit.
Deposition: a discovery device under which an attorney questions a witness under oath to learn about matters in the case and to preserve testimony for use at a subsequent testimony.
Digital signature: a block of data that is appended to a message in such a way that the recipient of the message can verify the contents and verify the originator of the message.
Digital signatures apply an algorithm to an electronic document, yielding a unique string of characters known as a message digest. The digest uses private key encryption, and the signature is placed on the electronic document.
Discovery: stage in the litigation process during which both parties use strategies to discover information about a case, the primary focus of which is to determine the strength of the opposing party's case. Discovery may involve requests for admissions, interrogatories, subpoenas, and other methods of discovering potential evidence.
Discovery process: compulsory disclosure of pertinent facts or documents to the opposing party in a civil action, usually before a trial begins.
Duplicate: one of two or more documents that are the same. Many state and federal laws provide that certain duplicates are duplicate originals and admissible in evidence to the same extent as an original. A common example of a duplicate is an imaged record.
Electronic health record (EHR): medical information compiled in a data-gathering format for retention and transferal of protected information via a secured, encrypted communication line. The information can be readily stored onto an acceptable storage medium, such as a compact disk.
Electronic medical record (EMR): an electronic system to automate paper-based medical records.
Electronic signature: technology that uses a unique personal identification number, electronic identification, or biometric scans to place a signature on an electronic document.
Emancipated minor: an individual not of the age of majority but who is given adult status due to life events in accordance with the applicable statutes (e.g., high school graduate, not cohabitating with a parent or legal guardian, member of the US military, is or has been legally married or divorced, is or has been pregnant).
Enumeration: to count off or designate one by one; to list.
Encryption: method of scrambling data so that they cannot be read unless uncoded. A method of securing data by transforming data into a coded format that cannot be accessed without the appropriate decoding mechanism.
Evidence: information that a fact-finder may use to decide an issue. Information that makes a fact or issue before a court or other hearing more or less probable.
Health information: in HIPAA privacy provisions, any information (oral or recorded) that is created or received by a healthcare provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearinghouse and relates to the physical or mental health of an individual, the provision of healthcare to an individual, or payment for the provision of healthcare.
Hearsay: general statements made outside of court not admissible as evidence in a court proceeding.
Individually identifiable health information: under HIPAA, a subset of health information (see above), including demographic information collected from an individual. The information:
- Is created or received by a healthcare provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearinghouse
- Relates to past, present, or future physical or mental health or condition of an individual, the procession of healthcare to an individual, or the past, present, or future payment for the provision of healthcare to an individual
- Identifies the individual
- Is a reasonable basis to believe the information can be used to identify the individual
Integrity: correctness. Verification that information remains in its original form and has not been altered, manipulated, or modified in an unauthorized manner.
Interrogatories: a discovery device in which one party asks written questions of another, such as the name of the individual responsible for the proper maintenance of your medical records.
Law enforcement: the detection and punishment of violations of the law.
Legal process: all of the summons or writs that are issued by a court during a legal action, or by an attorney in the name of the court but without court review.
Legal representatives: a parent, guardian, or other person who has authority to act on behalf of a minor patient in making decisions related to healthcare unless the minor patient can legally consent to healthcare services without the consent of an adult. For adult patients, legal representative means the legal guardian of an incompetent patient, the healthcare agent designated in an incapacitated patient's healthcare power of attorney, or the personal representative or spouse of a deceased patient. If no spouse survives a deceased patient, legal representative also means an adult member of the deceased patient's immediate family.
Liability: legal responsibility, often with financial repercussions, for any adverse occurrence. Enforceable by civil remedy or criminal punishment.
Media: the materials upon which information is stored such as microfilm or optical disk. Any physical places that store or have the capacity to store information.3
Medical record: a record that identifies the patient and documents the diagnosis and care the patient received.
Microfilm: a photographic storage medium on which documents can be greatly reduced in size.
Minor: a person who has not yet reached the age of majority so as to be considered an adult by law.
Motion to quash: the procedural device used to challenge the validity and seeking to nullify a subpoena.
Original document: an authentic writing as opposed to a copy.
Peer review: scrutiny of a healthcare professional by other such professionals to determine whether he or she is qualified to practice his or her profession in a facility and to identify and remedy patterns of unacceptable behavior.
Plaintiff: individual who brings a lawsuit.
Protected health information: according to HIPAA, any information, whether oral or recorded in any form or medium, that (1) is created or received by a healthcare provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearinghouse; and (2) relates to past, present, or future physical or mental health or condition of an individual, the procession of healthcare to an individual, or the past, present, or future payment for the provision of healthcare to an individual.
Psychotherapy notes: under the HIPAA privacy rule, notes recorded (in any medium) by a healthcare provider who is a mental health professional documenting or analyzing the content of conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of the individuals medical record. Notes exclude medication prescription and monitoring, counseling session start or stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date. The privacy rule gives such notes extra protection as may state law.
Record: the preservation of information or data on some storage medium so that it may be read at some future time.
Record custodian (aka custodian of records): a person who has charge or custody of the institution's records whether stored in paper or electronic format.
Record retention program: a facility's plan that specifies how long the facility keeps its records in accordance with the applicable regulatory statutes.
Regular course of business: doing business in accordance with your normal practice and custom, as opposed to doing it differently because you may be sued or are being sued.
Regulation: a rule issued by a government agency other than the legislature. Unless a regulation conflicts with a constitution or a statute, it has the force of law.
Request for admissions: a pretrial discovery device in which one party requests the other to admit deny or object to certain facts, such as that a medical record was kept in the regular course of business.
Res ipsa loquitor: an exception to the general principle that a patient must prove negligence in order to establish liability. The thing speaks for itself. The doctrine is applicable where a court determines, as a matter of law, that the occurrence is such as in the ordinary course of things would not have happened if the party exercising control or management had exercised proper care.
Res judicata: a doctrine that courts follow to avoid duplicate litigation and conflicting decisions which means an issue that has been settled by a judgment.
Respondeat superior: the doctrine holding an employer or principal liable for the employee's wrongful acts. Let the superior make the answer.
Retention schedule: a document specifying which records an entity will maintain and for how long. Generally a retention schedule is drawn up in conjunction with state and federal retention requirements.
Risk management: oversight of the medical, legal, and administrative operations within a healthcare organization to minimize its exposure to liability.
Rules of evidence: court or administrative agency rules that specify what evidence a fact-finder may consider and under what circumstances.
Signature: with respect to an electronic health record, the verification by a user generated by a private key.
Spoliation (of evidence): the intentional destruction, alteration, or concealment of potential evidence. Spoliation may have such adverse consequences as a court order instructing the jury that they may presume the document was adverse; discovery sanctions, such as fines; or even a separate lawsuit.
Subpoena ad testificandum: a written order commanding a person to appear and to give testimony at a trial or other judicial or investigative proceeding.
Subpoena duces tecum: a written order commanding a person to appear, give testimony, and bring all documents, papers, books, and records described in the subpoena. The devices are used to obtain documents during pretrial discovery and to obtain testimony during trial.
Subpoena validity: those authorized to issue a subpoena vary from state to state. A subpoena usually contains the following:
- Name of the court (or other official body in which the proceeding is being held)
- Names of the plaintiff and the defendant
- Docket number of the case
- Date, time, and place of the requested appearance
- Specific documents sought (if a subpoena duces tecum)
- Name and telephone number of the attorney who caused the subpoena to be issued
- Signature or stamp and seal of the official empowered to issue the subpoena
- AHIMA. "Maintaining a Legally Sound Health Record." Journal of AHIMA 73, no. 2 (2002): insert.
- Amatayakul, Margret, Steven Lazarus, Tom Walsh, and Carolyn Hartley. Handbook for HIPAA Security Implementation. Chicago, IL: AMA Press, 2004.