WHEN RITA BOWEN, MA, RHIA, CHPS, CHPC, SSGB, broke
her elbow while attending an AHIMA event in Baltimore three-years ago, she soldiered on through the event but summoned
her primary care physician for a telemedicine encounter to determine her treatment. Later, when collecting paperwork for
her worker’s compensation claim, she went back to her physician, who had not started or maintained a note documenting
the video conference.
“The doctor said, ‘That was a video,’ and I said, ‘You responded, so you’ve got to provide a record of the encounter,’” Bowen
says, adding that the physician had to go back and write an account of the video appointment after the fact so that she had
something to submit with her claim.
For as long as telemedicine has been a viable and reimburs-able avenue of providing healthcare, health information management (HIM) professionals and others have been trying to
figure out where documentation of telemedicine encounters
belongs. Bowen, who is vice president, privacy, compliance,
and HIM policy at MRO, says there’s still more regulations
needed to ensure telemedicine is properly coded, classified,
However, telemedicine’s entry into the medical record, and
the electronic health record (EHR) in particular, helps illustrate the way technology is challenging long-held notions
about what types of health data constitute the legal health record (LHR) and the designated record set (DRS) in the age of
Though it has been years since most providers implemented
an EHR system, there is still confusion and a lack of consensus
on what constitutes the DRS as required by the HIPAA Privacy
Rule, as well as what records should make up a LHR. The LHR
is a term that was developed by AHIMA to help providers identify what information constitutes the official business record
of an organization for evidentiary purposes. It is also used to
document services provided as legal testimony regarding a patient’s illness or injury, response to treatment, and caregiver
decisions. 1 However, even among HIM professionals, confusion exists about the difference between the DRS and LHR.
There is even a debate as to whether the LHR is an outdated
“I just think that, historically, the issue has been that some
people use the terms designated record set and legal health re-
cord interchangeably—and sometimes some people are very
distinct about which one they mean. Often, I hear people swap
around the definition,” says Lori Richter, MA, RHIA, CHPS,
CPHI T, CPEHR, Onecare EHR compliance director at Catholic
Further complicating the matter, the US Department of
Health and Human Services (HHS) has rightfully been expanding patient rights to their information, including the
DRS, putting more pressure on healthcare organizations to
respond to release of information (ROI) requests compliantly.
Additionally, the recent information blocking proposed
rule, issued by the HHS Office of the National Coordinator
for Health IT (ONC), which was required by the 21st Century
Cures Act, provides a new, nebulous definition for “
electronic health information” (EHI) that dictates health data
that must be accessible to patients. The scope of EHI defined by the proposed rule is much larger than that defined
for providers by HIPAA.
As regulation and technology shift the legal terminology
around the DRS and LHR, HIM professionals still must make
decisions in the best interest of their patients and their organizations based on these terms.
Designating the Designated Record Set
The best place to start when differentiating between the DRS
and the LHR is to look at how they are used. Under the HIPAA
Privacy Rule, the DRS designation 45 C.F.R. § 164.524 refers to
an individual’s request for access. “The covered entity must
permit an individual to request access to inspect or to obtain a
copy of the protected health information about the individual
that is maintained in a designated record set,” the regulation
Functionally, this includes data that includes patient medical and billing records; the enrollment, payment, claims, adjudication, and cases or medical management record systems
maintained by or for a health plan; or information used in
whole or in part to make care-related decisions.
The existence of EHRs makes it harder for facilities to
determine what goes in their DRS for several reasons. For
example, content used for decision-making and care of the
patient may be external to the organization, such as outside
records, diagnostic reports, and patient email exchanges.
Organizations also frequently struggle with metadata,
since in some provider organizations, it’s the responsibility
of the information systems department to retrieve metadata
when requested to do so, according to Judy Hoffman, BCRT,
CHPS, CHP, CHSS, Regional Privacy Officer – Northwest,
Catholic Health Initiatives.
In Search of the EHR’s
Designated Record Set