Category: POLICY & PROCEDURE Subject: Classification: Policy Owner: Management Approved Vice President of Corporate Responsibility Approved by: SVP Ascension Health/Wisconsin Ministry Market Executive Effective: June 1, 2016 POLICY: RATIONALE: SCOPE: DEFINITIONS: Healthcare ( WFH ) maintains a Designated Record Set that is subject to patients rights as defined under the Federal Health Insurance Portability and Accountability Act of 1996 ( HIPAA ). Our Values of Respect and Integrity call us to protect patient privacy, respect patient rights and follow regulations which govern health information. This policy applies to all healthcare organizations owned and/or managed by WFH. Administrative Data: As defined by the American Health Information Management Association ( AHIMA ), are patient identifiable data used for administrative, regulatory, health care operations and payment (financial) purposes. Examples include: birth certificate worksheets and authorization forms for release of information, correspondence concerning requests for records, vital certificate worksheets, audit trails, copies of claims, incident or patient safety reports, indices, logs, registries, patient identifiable data reviewed for quality improvement, peer review or utilization management. Derived Data: As defined by AHIMA, consists of information aggregated or summarized from patient records so that there are no means to identify patients. Derived data used for operational purposes of the organization include: audits and audit results, statistical reports, peer review records, quality improvement, utilization management, corporate compliance, and risk assessment records, anonymous patient data for research purposes, transmission reports for MDS, OASIS and IRF PAI, accreditation reports. Designated Record Set ( DRS ): As defined in the Federal Privacy Rule 42 CFR 164.501 (HIPAA), is 1. A group of records maintained by or for a covered entity that is: The medical records and billing records about patients maintained by or for a covered health care provider; The enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or Information used in whole or in part, by or for the covered entity to make decisions about patients. 2. For purposes of this definition, the term record means any item, collection, or grouping of information that include PHI and is maintained, collected, used, or disseminated by or for a covered entity. Page 1 of 5
Legal Health Record ( LHR ): As defined by AHIMA October, 2001, is the documentation (official business record) of the health care services provided to an patient in any aspect of health care delivery by a health care provider organization. The LHR is individually identifiable data, in any medium, collected and directly used in and/or documenting healthcare or health status. The term includes records of care in any health-related setting used by health care professionals while providing patient care services, for reviewing patient data, or documenting observations, actions, or instructions. The LHR for each organization is outlined in Appendix A of this policy. Patient Identifiable Source Data: As defined by AHIMA, are data from which interpretation, summaries, notes, etc. are derived. Source data is an adjunct component of the LHR and is often maintained in a separate location or database and provided the same level of confidentiality as the LHR. Example: diagnostic films and images. Protected Health Information (PHI): As defined in the Federal Privacy Rule 42 CFR 164.501 is individually identifiable health information, whether oral or recorded in any form or medium, that is created by or received by the organization (health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse), including demographic information, that identifies a person, or provides a reasonable basis to believe the information can be used to identify a person, and relates to: 1. Past, present or future physical or mental health or condition of a personl. 2. The provision of health care to a person. 3. The past, present, or future payment for the provision of health care to a person. Psychotherapy Notes: As defined in the Federal Privacy Rule 42 CFR 164.501, means notes recorded (in any medium) by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and are separated from the rest of the patient s medical record. Psychotherapy notes exclude medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items: diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date. PROCEDURE: 1. The following shall be maintained in a DRS: Billing Record: Content of the patient account file in a paper or computerbased record environment. Health Plan Records: The enrollment, payment, claims adjudication, and case or medical management record maintained by or for a health plan. Medical Record: Information defined as the LHR in a paper or computerbased record environment. Other Records Used to Make Decisions About the Patient: o Records created by another health care provider when used to make decisions about the patient. o Documents/reports generated by health care providers to support the required documentation needs of the patient s care being provided at the organization (such as a hospital history and physical from the physician s office). o Outside test results such as pathology report for tests ordered by the physician and performed by another provider. Page 2 of 5
Personal Health Records: Copies of personal health records created, owned, and managed by the patient and provided to the organization. 2. The following shall not be maintained as part of the DRS: Administrative Data: (See definition above) including birth certificate worksheets and authorization forms for release of information, correspondence concerning requests for records, vital certificate worksheets, audit trails, copies of claims, incident or patient safety reports, indices, logs, registries, patient identifiable data reviewed for quality improvement, peer review or utilization management. CLIA Documents: Information not subject to disclosure under the Clinical Laboratory Improvements Amendments of 1988 (CLIA) or other federal or state laws. Derived Data (See definition above) including: audits and audit results, statistical reports, peer review records, quality improvement, utilization management, corporate compliance, and risk assessment records, anonymous patient data for research purposes, transmission reports for MDS, OASIS and IRF PAI, accreditation reports. Education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g(a)(4)(B)(iv) such as immunization records. Employer Records held by a health plan or health care provider in its role as employer, such as pre-employment physicals, workers compensation related documentation, results of HIV and TB tests. Health information that is not used to make decisions about the patient such as data collected and maintained for research, peer review, or performance improvement purposes; appointment and surgery schedules, birth and death registers, and surgery registers. Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or other legal proceeding. Other Documents such as guardianship documents and adoption documents that include identifying information of birth parents. Psychotherapy Notes (See definition above) Source Data that is interpreted or summarized in the patient s medical record. Examples include films, videos, slides, tracings, raw test data, etc. unless interpretations, summarizations or transcriptions are not available. Working Records such as notes or other source documentation only if the information is available elsewhere in the medical or billing record. Examples include: raw test data, audiotapes, videos/photographs used for educational purposes, telemedicine records, coding/ur worksheets, billing/accounts payable working notes regarding claim status, patient conversations, claim reviews, etc. 3. Access to Source Data When a patient specifically requests access to source data in addition to the DRS, the patient will be provided with access to or a copy of the source data when such access is possible; would not violate state or federal laws or regulations and would not endanger the privacy, health or safety of the patient or another person. 4. Records Held by a Business Associate Records held by a business associate of WFH that meet the definition of DRS are part of the WFH organization s DRS. Page 3 of 5
REFERENCES AHIMA e-him Work Group on Legal Health Record. Update: Guidelines for Defining Legal Health Record for Disclosure Purposes. Journal of AHIMA 76, No. 8 (September 2005): 64A-G. AHIMA e-him Work Group on Legal Health Record. Update: Maintaining a Legal Sound Health Record Paper and Electronic. Journal of AHIMA 76, No. 10 (November-December 2005): 64A-L. Amatayakul, Margret et al. Practice Brief: Definition of the Health Record for Legal Purposes. Journal of AHIMA 72, no. 9 (2001). Hughes, Gwen. Practice Brief: Defining the Designated Record Set. Journal of AHIMA 74, no.1 (2003). NCHICA Designated Record Sets Word Group and Privacy and Confidentiality Focus Group. Guidance for Identifying Designated Record Sets under HIPAA. Version 2. February 3, 2003. Privacy Act of 1974. 5 USC, Section 552A. Standards for Privacy of Individually Identifiable Health Information ; Final Rule. 45 CFR Parts 160 and 164. Federal Register 67, no. 157 (August 14, 2002). Replaces: Cross reference: Review Period: Uses and Disclosure of Health Information policy Two (2) years Original Policy Date: Dates Updated: December 14, 2009; May 15, 2012; June 1, 2016 Page 4 of 5
Appendix A Legal Health Record WFH-All Saints, WFH-St. Francis, WFH-Franklin, Home Health and Hospice The Terrace at St. Francis, Woods, Lake Shore Manor Medical Group, Metro Physicians Legal Health Record The paper record maintained by Health Information Management, Horizon Patient Folder or EPIC (or similar electronic medical record) if implemented. A matrix will be maintained by Health Information Management to indicate the Electronic Health Record implementation by date and practice. The paper record maintained by Health Information Management and the Electronic Health Record. The combination of the paper record maintained by Health Information Management and the EHR if implemented. The paper record maintained by Health Information Management or EPIC (or similar electronic medical record) if implemented. A matrix will be maintained by Health Information Management to indicate the EHR implementation by date and practice. Page 5 of 5