HIPAA has been the cornerstone of healthcare’s regulatory standards for nearly three decades, setting the standards for protecting patient privacy. But even after all these years, some areas of HIPAA are still complex, and the designated record set (DRS) is one where many may find themselves with more questions than answers. In For the Record Magazine’s summer issue, HealthMark COO and General Counsel Joe Licata addresses the questions we hear the most frequently when it comes to the designated record set, including what needs to be in it and how to know when an exclusion is lawful and necessary (hint: consistency is key!).
At a high level, HIPAA provides the following guidance on information that qualifies for minimum inclusion in a DRS: medical records, billing and payment records, health plan records, clinical decision-making records, health screenings and consent forms. The list of inclusions is pretty broad, so the exclusion guidance becomes particularly critical to understand. Within the broad categories above, there are certain types of information and certain circumstances under which information may be acceptable to exclude from the DRS. We’ll dive into some more specifics on exclusions below.
Getting the right answer to “what is in the DRS?” is the foundation for figuring out the answer to an almost endless set of possible questions when it comes to HIPAA and health care data access.
You can read the full article here.