Fundamentals of the Legal Health Record and Designated Record Set

Appendix B: Documents that Fall Outside the Designated Record Set and Legal Health Record

Editor's note: portions of this document were previously published in two practice briefs. The original practice briefs are listed in the "Sources" section at the end of this appendix.

In its definition of the designated record set the privacy rule does not specifically address source data such as pathology slides, diagnostic films, and tracings. However, narrative throughout the preamble suggests that providing interpretations from source data would generally be acceptable in the designated record set. In most cases, individuals cannot interpret source data, so such data is meaningless. On the other hand, the interpretations of source data provide individuals with information needed to make informed decisions about their healthcare.

There may be times, however, when an individual has a legitimate need to access source data. When such a need arises, the covered entity will want to provide the individual with greater rights of access, allowing the individual access to or copies of the source data when possible.

The following table provides examples of those documents that are not included in the designated record set.

Outside the Designated Record Set

Examples

Health information generated, collected, or maintained for purposes that do not include decision making about the individual
  • Data collected and maintained for research
  • Data collected and maintained for peer review purposes
  • Data collected and maintained for performance improvement purposes
  • Appointment and surgery schedules
  • Birth and death registers
  • Surgery registers
  • Diagnostic or operative indexes
  • Duplicate copies of information that can also be located in the individual's medical or billing record

Psychotherapy notes

The notes of a mental health professional about counseling sessions that are maintained separate and apart from the regular health record

Information compiled in reasonable anticipation of or for use in a civil, criminal, or administrative action or proceeding

Notes taken by a covered entity during a meeting with the covered entity's attorney about a pending lawsuit

CLIA
  • Requisitions for laboratory tests
  • Duplicate lab results when the originals are filed in the individual's paper chart

Employer records
  • Pre-employment physicals maintained in human resource files
  • The results of HIV tests maintained by the infectious disease control nurse on employees who have suffered needle stick injuries on the job

Business associate records that meet the definition of designated record set but that merely duplicate information maintained by the covered entity

Transcribed operative reports that have been transmitted to the covered entity

Education records

Records generated and maintained by teachers and teachers' aides employed by a school district or patients in acute care hospitals, institutions for the developmentally disabled and rehabilitation care centers

Source (raw) data interpreted or summarized in the individual's medical or health record
  • Pathology slides
  • Diagnostic films
  • Electrocardiogram tracings from which interpretations are derived

Versions

Management of multiple revisions of the same document. By versioning, each iteration of a document is tracked.

Metadata

Data that provides a detailed description about other data. "Information about a particular data set or document that describes how, when, and by whom it was collected, created, accessed, or modified and how it is formatted.1

Audits

Results of reviews to identify variations from established baselines or used to track an individual's activity in an electronic system (e.g., view, print, edit).

Pending reports

Reports that have been initiated by a member of the healthcare team but not yet authenticated and may not be available for viewing by staff until completed. An EHR system will keep these documents in a pending or incomplete status.

Administrative and Derived Data

There are many types of patient-identifiable data elements that are pulled from the patient's healthcare record that are not included in the legal health record or designated record set definitions. Administrative data and derived data and documents are two examples of patient-identifiable data that are used in the healthcare organization.

Administrative data are patient-identifiable data used for administrative, regulatory, healthcare operation, and payment (financial) purposes. Examples of administrative data include:

  • Audit trails related to the EHR
  • Authorization forms for release of information
  • Birth and death certificate worksheets
  • Correspondence concerning requests for records
  • Databases containing patient information
  • Event history and audit trails
  • Financial and insurance forms
  • Incident or patient safety reports
  • Institutional review board lists
  • Logs
  • Notice of privacy practices acknowledgments (unless the organization chooses to classify them as part of the health record)
  • Patient-identifiable data reviewed for quality assurance or utilization management
  • Protocols and clinical pathways, practice guidelines, and other knowledge sources that do not imbed patient data
  • Work lists and works-in-progress

Derived or administrative data are derived from the primary healthcare record and contain selected data elements to aid in the provision, support, evaluation, or advancement of patient care. Derived data and documents should be provided the same level of confidentiality as the legal health record. However, derived data should not be considered part of the health record and would not be produced in response to a court order, subpoena or request for the health record.

Derived data consist of information aggregated or summarized from patient records so that there are no means to identify patients. Examples of derived data are:

  • Accreditation reports
  • Anonymous patient data for research purposes
  • Best-practice guidelines created from aggregate patient data
  • OASIS reports
  • ORYX, Quality Indicator, Quality Measure, or other reports
  • Public health reports that do not contain patient-identifiable data
  • Statistical reports
  • Transmission reports for MDS, OASIS, and IRF PAI

Note

  1. Sedona Conference. "The Sedona Guidelines: Best Practice Guidelines and Commentary for Managing Information & Records in the Electronic Age." September 2005. Available online at www.thesedonaconference.org/content/miscFiles/TSG9_05.pdf.

Sources

AHIMA e-HIM Work Group on the Legal Health Record. "Update: Guidelines for Defining the Legal Health Record for Disclosure Purposes." Journal of AHIMA 76, no. 8 (Sept. 2005): 64A–G. Available online in the AHIMA Body of Knowledge at www.ahima.org.

Hughes, Gwen. "Defining the Designated Record Set." Journal of AHIMA 74, no. 1 (Jan. 2003): 64A–D. Available online in the AHIMA Body of Knowledge at www.ahima.org.

Article citation:
AHIMA. "Fundamentals of the Legal Health Record and Designated Record Set. Appendix B: Documents that Fall Outside the Designated Record Set and Legal Health Record." Journal of AHIMA 82, no.2 (February 2011): expanded online version.