Her organization chooses to produce and disclose relevant
information and records in compliance with applicable laws,
court procedures, and agreements made during the litigation
“The IT department will provide assistance to HIM and data
owners in the search and retrieval process for various systems
and data sources. IT representatives will decide the format in
which the information will be disclosed, such as paper, ASCII,
PDF, TIF, screen shot, mirror copy of data file, or review of material online,” Hoffman says.
Wes Morris, CHPS, CIPM, HCISPP, managing principal consultant for Clearwater Compliance, takes a similar tack.
“I, and many others I have consulted with, take the position
that if you’ve included external documents in your record and
they are used as part of the clinical decision-making, then
they are now a part of your DRS, regardless of the provenance
of the original documents,” Morris says.
According to the experts, facilities need to resist the simpler
and somewhat blanket approach “that everything housed in
the EHR now is part of the DRS,” which some organizations opt
to do for simplicity’s sake.
“We have certain communications that are stored in our
EHR that do not meet the definition of a DRS,” says Dana De-
Masters, MN, RN, CHPS, privacy and security officer at Liberty
Hospital, in Liberty, MO. “We do not collect and store a sepa-
rate formal DRS, for example, we pull information from the
EHR based on our DRS policy.
HIPAA requires that the DRS be organized and defined, so
healthcare facilities need to create a formal policy around
what is included. But determining just what gets included in
the DRS can be a challenge—especially in the digital world,
where there is more information than ever.
Lorraine Fernandes, RHIA, principal and founder of Fernandes Healthcare Insights, sees this as a major concern for
providers—data is created and stored in many different places
for data analytics purposes and population health.
“I hear people talking about, we need common data dictionaries and business glossaries and common definitions,
and common definitions deserves a designated record set to
ensure that as data is more broadly used, it is used and interpreted in the right context. So that we’re all singing from the
same sheet of music, in so many words,” Fernandes says.
One way to do this is to create a matrix where all these DRS
documents live—what the names of the documents are, and
retention and disposition limits. Catholic Health Initiatives’
Richter says it’s not unheard of to get a records request and to
Pending Regulations and the Designated Record Set
The HHS Office of the National Coordinator (ONC)’s much-anticipated information blocking rule, which was required by the
21st Century Cures Act, has drawn concern from AHIMA and other health IT stakeholders due to its lack of clarity and predictability around the definition of “electronic health information” (EHI) as currently proposed.
In comments submitted by AHIMA to ONC, AHIMA stated that “… EHI as currently defined adds an additional layer of
complexity in complying with existing definitions in current law, including individually identifiable health information (IIHI),
protected health information (PHI), and electronic protected health information (ePHI) as well as state laws that define medical
Lauren Riplinger, JD, vice president of policy and government affairs for AHIMA, says that the new EHI definition dramati-
cally expands the scope of what providers could need to include as part of their DRS.
“Here’s the problem with the DRS. Institutions themselves define what is and what is not considered part of DRS,” Riplinger
says. “When you have institutions defining it on an individual basis, that creates variability in terms of patient expectation of
what should be there when they request their records. And so as part of our comments, we said, not only should you constrain
it [the EHI definition] to the US Core Data Set for Interoperability (USCDI), but create a crosswalk from EHI to the DRS.”
“It affects it in the sense of the definition of EHI as it currently stands. I think that’s where the challenge is going to be. Are
HIM professionals going to be so focused on compliance with DRS that they don’t send everything to the patient [required
under the EHI definition]? If we assume that DRS is smaller than EHI and I’m an HIM professional, [what if] someone comes in
and requests their record? I do what’s legally required by HIPAA and send them what they requested. Then that patient could
go to ONC and say, ‘They didn’t provide me with everything that’s my legal health information—ONC, you need to investigate
[instances of information blocking].’ That creates a crazy enforcement challenge, right?” Riplinger says.
The good news for providers is that the regulatory process will take a couple months since ONC will need to consider thousands of comments from AHIMA and other organizations that were unhappy with the rule as it was written. In the meantime,
AHIMA is working with the American Medical Informatics Association to encourage policymakers to create a universal definition of a designated record set so there’s predictability for providers, systems, and vendors about what elements should be
In Search of the EHR’s
Designated Record Set