For years healthcare organizations have struggled to define their legal health records and align them with the designated record set required by the HIPAA privacy rule. Questions often arise about the differences between the two sets. Further complicating the issue is the rapid evolution of what information is available and in what form it is available, including the expanding scope of health records, new types of media, the emergence of electronic health records and the continued proliferation of mobile and medical devices.

When sorting out your approach to this important body of work, the Top 5 key questions you should ask include:

  • What information can be stored long term?
  • What information is required to be stored long term?
  • What information is clinically useful long term?
  • What is the cost of storage?
  • How can you effectively and succinctly assemble the EHR for long-term use?

Again, meeting expectations in this area as laid out by the federal regulations is not a simple or straightforward task. To ensure you have a good foundational approach, I encourage you to spend some time with the AHIMA Compendium, a practice brief that compiles and updates guidance from previously published guides. It provides an overview of the purposes of the designated record set and the legal health record and helps you identify what information to include in each. You’ll also find guidelines for disclosing health records for each set.

As an additional resource, I’d like to offer the expertise of Clearwater’s expert consulting team. Based on our work with more than 350 healthcare organizations (both Covered Entities and Business Associates), we have a long track record of coming alongside our clients to systematically address some of the most complicated and nuanced regulations within the HIPAA-HITECH space. We would welcome the opportunity to help you translate the AHIMA guidance and get you on track to develop a plan of attack.

Buttoning up your approach to PHI disclosure is an important, and potentially intimidating, task. Do you have a plan to ensure your organization gets it right?

Register for one of Clearwater’s complimentary webinars on risk analysis and risk management basics and get to grips with these issues and more.

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.