Understanding What Information Must Be Provided

Starting October 6, 2022, the electronic health information (EHI) covered under information blocking extends beyond data traditionally associated with exams. EHI now includes most of the designated record set (DRS) that you must make available to patients who exercise their HIPAA right of access.

Information blocking also applies to patient information outside of exams, including, but not limited to, claims and payments—regardless of whether that information is managed using a certified EHR technology.

Statutorily, the DRS is defined as a group of records maintained by or for a HIPAA-covered entity that is

the medical records and billing records about individuals maintained by or for a covered health care provider;
the enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
used, in whole or in part, by or for the covered entity to make decisions about individuals.

The term record is defined as any item, collection, or grouping of information that include protected health information and is maintained, collected, used, or disseminated by or for a HIPAA- covered entity.

Some information included in the DRS is not subject to information blocking rules. For more information about excluded data, go to Understanding What Information May Not Be Provided