It is the policy of XRHealth to maintain and define a HIPAA designated record set. In accordance with applicable law, XRHealth permits patients to have access (inspection or copies) of their protected health information as defined under HIPAA. However, this applies only to information that is stored in designated record sets. Designated record sets are records that contain Protected Health Information (“PHI”) and that are used to make decisions about patients or other HIPAA subject individuals. This policy describes the designated record sets maintained in both electronic and non-electronic formats.
The designated record set at XRHealth that is maintained electronically shall be considered the Electronic Health Information for purposes of providing access and not engaging in information blocking as defined in the 21st Century CURES Act.
This policy applies to all XRHealth workforce members including, but not limited to full-time employees, part-time employees, trainees, volunteers, contractors, and temporary workers who provide access to PHI.
Actions To Be Taken to Develop Designated Record Sets
A group of records maintained by or for a covered entity that is:
I. The medical records and billing records about individuals maintained by or for a covered health care provider;
II. The enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
III. Used, in whole or in part, by or for the covered entity to make decisions about individuals.
For purposes of the above, the term record means any item, collection, or grouping of information that includes protected health information and is maintained, collected, used, or disseminated by or for a covered entity.
I. The procedure for defining the Designated Record Set shall include analysis of PHI inventories and other data classification and asset inventories.
II. These inventories will be evaluated to establish electronic and paper PHI classes.
III. Inventories will be reviewed to include PHI created, stored, maintained, or transmitted by Business Associates.
IV. The resulting inventory will be analyzed to classify by billing (revenue cycle), clinical, or other categories and data classification/PHI inventories stored internally or by a BA.
|Designated Record Set||Examples|
|Electronic Health Record (EHR): paper records, and superbills.|
|Other Records Used to Make Decisions About the Individual|
Outside the Designated Record Set
|Health Information generated, collected, or Maintained for Purposes That Do Not Include|
Decision Making About the Individual
§ Internal chat messages
§ Sign in sheets
§ Data collected and maintained for peer review and/or risk management purposes.
§ Data collected and maintained for performance improvement purposes.
§ HIPAA breach investigation and compliance issue documentation.
§ Appointment schedules.
§ Birth and death registers.
§ Surgery registers.
§ Diagnostic or operative indexes or reports.
§ Duplicate copies of information that can also be located in the individual’s medical or billing record.
§ Data collected and maintained for research.
|Psychotherapy Notes||The notes of a mental health professional about counseling sessions that are maintained separate and apart from the regular health record.|
|Information Compiled in Reasonable Anticipation of or For Use in a Civil, Criminal, or|
Administrative Action or Proceeding
|Notes taken by a covered entity during a meeting with the covered entity’s attorney about a pending lawsuit|
|Employer Records of employees who are also patients|
§ Pre-employment physicals maintained in human resource files.
§ The results of HIV, or other infectious disease testing or drug tests on employee patients injured or exposed at work
§ Adoption Records
§ Guardianship Papers
|Quality Improvement/Peer Review Records||§ Medical Staff Case Reviews|
§ Birth Registers
§ Death Registers
§ Cancer Registers
|Research Records||§ Records Maintained for Research Purposes|
|Risk Management Records||§ Incident/Variance Reports|
|Schedules||§ Appointment Schedules|
|Revenue cycle- EOB’s, remittance advices, health plan correspondence||§ Eligibility and benefits data from a health plan portal or by correspondence|
|Working Records – Only if the Information is Available Elsewhere in the Medical/Healthcare Record and/or Billing Record of the Individual (e.g., Summarized in Notes or Reports).|
§ Raw test data
§ Videos/photographs used for educational purposes.
§ Coding/UR worksheets
§ Billing/Accounts Payable staff working notes regarding claim status, patient conversations, claim reviews, etc.
Education: Doctor of Physical Therapy from University of Michigan-Flint
Years in Practice: 10
Education: Bachelor’s in Psychology and a Masters in Social Work from Grand Valley State University
Years in Practice: 14
Education: Master of Science in Occupational Therapy from Eastern Michigan University
Years in Practice: 19