HIPAA Designated Record Set

62
1

Under the HIPAA Privacy Rule, behavioral health specialists are required to provide patients access to the protected health information (PHI) contained in their designated record set. What is a designated record set?

Definition of Designated Record Set

A designated record set is defined as a group of records maintained by or for a covered entity that comprises of:

  • Billing records and medical records about patients maintained by or for a covered healthcare provider;
  • Enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
  • Other records that are used, in whole or in part, by or for the covered entity to make decisions about individuals.

Under this definition, a record refers to any protected health information (PHI) maintained, collected, used, or disseminated by or for a covered entity. Examples of records that may be included in a designated record set are as follows:

  • Medical records
  • Clinical laboratory test results
  • Clinical case notes
  • Wellness and disease management program files
  • Decisions about individuals
  • Medical images (such as X-rays)
  • Billing and payment records
  • Insurance information

How Does the HIPAA Right Of Access Apply?

Under the HIPAA right of access, covered entities are required to give patients access to their designated record set. The records must be provided in the format the patient requests (i.e. email, mail, USB, etc.), must be provided within 30 days of the request, and cannot exceed the costs associated with compiling the records (i.e. labor, supplies, postage).

Reasons for Denial of Access

There are specific instances in which covered entities may deny a patient access to their designated record set:

  • The request is for psychotherapy notes.
  • The request is for information compiled in reasonable anticipation of litigation.
  • The request is for information compiled for or for use in a legal proceeding.
  • An inmate requests a copy of their PHI held by a covered entity that is a correctional institution, or healthcare provider acting under the direction of the institution, and providing the copy would:
    • Jeopardize the health, safety, security, custody, or rehabilitation of the inmate or other inmates, or the safety of correctional officers, employees, or other persons at the institution, or responsible for the transporting of the inmate.
  • The requested PHI is in a designated record set that is part of a research study that includes treatment (e.g., clinical trial) and is still in progress.
  • The requested PHI is in federal Privacy Act-protected-records (i.e., certain records under the control of a federal agency, which may be maintained by a federal agency or a contractor to a federal agency), and denial of access is consistent with the requirements of the Act.
  • The requested PHI was obtained by someone other than a healthcare provider (i.e. a family member of the individual) under a promise of confidentiality, and providing access to the information would be reasonably likely to reveal the source of the information.
Basic Telehealth Legal Issues: Rules, Regulations & Risk Management

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: The Telebehavioral Health Institute (TBHI Telehealth.org) offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Privacy Policy and Terms and Conditions.

Subscribe
Notify of
guest
1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
karen marshall
karen marshall
2 years ago

thank you for the summary and review

1
0
Would love your thoughts, please comment.x