For years healthcare organizations have struggled to define their legal health records and align them with the designated record set required by the HIPAA privacy rule. Questions often arise about the differences between the two sets. Further complicating the issue is the rapid evolution of what information is available and in what form it is available, including the expanding scope of health records, new types of media, the emergence of electronic health records and the continued proliferation of mobile and medical devices.

When sorting out your approach to this important body of work, the Top 5 key questions you should ask include:

  • What information can be stored long term?
  • What information is required to be stored long term?
  • What information is clinically useful long term?
  • What is the cost of storage?
  • How can you effectively and succinctly assemble the EHR for long-term use?

Again, meeting expectations in this area as laid out by the federal regulations is not a simple or straightforward task. To ensure you have a good foundational approach, I encourage you to spend some time with the AHIMA Compendium, a practice brief that compiles and updates guidance from previously published guides. It provides an overview of the purposes of the designated record set and the legal health record and helps you identify what information to include in each. You’ll also find guidelines for disclosing health records for each set.

As an additional resource, I’d like to offer the expertise of Clearwater’s expert consulting team. Based on our work with more than 350 healthcare organizations (both Covered Entities and Business Associates), we have a long track record of coming alongside our clients to systematically address some of the most complicated and nuanced regulations within the HIPAA-HITECH space. We would welcome the opportunity to help you translate the AHIMA guidance and get you on track to develop a plan of attack.

Buttoning up your approach to PHI disclosure is an important, and potentially intimidating, task. Do you have a plan to ensure your organization gets it right?

Register for one of Clearwater’s complimentary webinars on risk analysis and risk management basics and get to grips with these issues and more.

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.