What is a Record?
The definition of the word “record” in designated record set is fairly broad. A “record” includes any item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for a covered entity.
What are Examples of Records?
Because the word “record” is so broadly defined, numerous types of information that contain PHI that are maintained by or for covered entities, are subject to the right of access. This information includes (but is not limited to):
- Medical records
- Billing and payment records
- Insurance information
- Clinical laboratory test results
- Medical images (such as X-rays)
- Wellness and disease management program files
- Clinical case notes
- Decisions about individuals
- Note: “Other records” include records that are used to make decisions about any individuals, regardless of whether the records have been used to make a decision about the particular individual requesting access.
In responding to a request for access, a covered entity is not required to create new information, such as explanatory materials or analyses, that does not already exist in the designated record set.
What is the Significance of a Designated Record Set?
The patient right of access to PHI contained in a designated record set, includes the right to receive a paper or electronic copy of the designated record set; the right to inspect and receive copies of a designated record set; and the right to amend information in the designated record set.
Covered entities should, to ensure patient right of access is not impeded, have written policies and procedures governing designated record sets. These policies and procedures should clearly define what a designated record set is, and what information it consists of.