DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
Under the HIPAA Privacy Rule right of access provision, individuals generally have a right of access to inspect and obtain a copy of protected health information about the individual in a designated record set. A designated record set is a group of records maintained by or for a covered entity that comprises the:
Medical records and billing records about individuals maintained by or for a covered healthcare provider;
Enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
Other records that are used, in whole or in part, by or for the covered entity to make decisions about individuals. NOTE: These records include records that are used to make decisions about any individuals, whether or not the records have been used to make a decision about the particular individual requesting access.
What is the Minimum Amount of Information That is Included in a Designated Record Set?
For health plans, designated record sets include, at a minimum, the enrollment, payment, claims adjudication, and case or medical management record systems of the plan. For covered entity providers, designated record sets include, at a minimum, the medical record and billing record about individuals maintained by or for the provider. In addition to these records, designated record sets include any other group of records that are used, in whole or in part, by or for a covered entity to make decisions about individuals. Records that otherwise meet the definition of designated record set and which are held by a business associate of the covered entity are part of the covered entity’s designated record sets.
A "record" means any item, collection, or grouping of information that includes protected health information and is maintained, collected, used, or disseminated by or for a covered entity.
What is an Example of Information That is NOT Part of a Designated Record Set?
A hospital’s peer review files that include protected health information about many patients but are used only to improve patient care at the hospital, and not to make decisions about individuals, are not part of that hospital’s designated record sets.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article