Enter to open, tab to navigate, enter to select
Designated Record Set
Practical Law Glossary Item w-001-2985 (Approx. 3 pages)
Glossary
Designated Record Set
A group of records maintained by or for a covered entity (CE) (including group health plans) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (see Practice Note, HIPAA Privacy Rule). A designated record set includes the following types of information:
- Enrollment, payment, claims adjudication, and medical management records maintained by or for a health plan.
- Medical records and billing records about individuals that are maintained by a physician or other provider.
- Records used, in whole or in part, by a CE to make decisions about individuals.
A record means any item, collection, or grouping of information that:
- Includes protected health information (PHI).
- Is maintained, collected, used, or disseminated by or for a CE.
According to the Department of Health and Human Services (HHS), records used to make decisions about individuals include information used to:
- Make health care decisions.
- Determine whether an insurance claim will be paid.
Also, HHS has indicated that records that otherwise meet the definition of designated record set, and which are held by a CE's business associate, are part of the CE's designated record set (see Standard Document, HIPAA Business Associate Policy) (65 Fed. Reg. 82462, 82489). This information includes:
- Insurance information.
- Clinical laboratory test results.
- Wellness and disease management program files (see Practice Note, Wellness Programs).
- Clinical case notes.
- Medical images (including X-rays).
Individuals have a right to access their PHI in a designated record set. However, in responding to a request for access, a CE is not required to create new information (for example, explanatory materials or analyses), that does not already exist in the designated record set (see Practice Note, HIPAA Privacy and Security (Individual Rights): Right of Access to PHI).