Designated Record Set

Understanding the Designated Record Set

The designated record set (DRS) is a HIPAA concept that defines the scope of records to which patients have specific access rights. It includes the medical and billing records maintained by a covered health care provider about an individual, the enrollment, payment, claims adjudication, and case management records maintained by a health plan, and any other records used in whole or in part to make decisions about the individual. Understanding what constitutes the DRS is essential because it determines which records a patient can request to access, amend, or receive an accounting of disclosures for.

Patient Rights and the DRS

HIPAA grants patients several important rights regarding their designated record set. The right of access allows individuals to inspect and obtain a copy of their PHI in the DRS, typically within 30 days of the request (with one 30-day extension permitted). The right to amend allows individuals to request corrections to information they believe is inaccurate or incomplete. The right to an accounting of disclosures provides patients with a record of when and to whom their PHI was shared, though this excludes disclosures for treatment, payment, and health care operations. Organizations must have clear processes for responding to these requests and must train staff to recognize and fulfill them promptly.

What Is Not Included

Not all records an organization maintains are part of the designated record set. Psychotherapy notes kept separate from the medical record, information compiled for legal proceedings, laboratory results to which the CLIA Act restricts access, and internal quality assurance records not used for individual decision-making may fall outside the DRS. Organizations should carefully identify and document what constitutes their designated record set, as this determination directly impacts how they respond to patient access requests and how they manage PHI across their systems.