Practice Tips

Online library

Medical Records: Documentation of Patient Care in the Legal Health Record

From a Risk Management Perspective

  1. Understanding the Legal Health (Medical) Record and Designated Record Set
    The HIPAA privacy rule defines the designated record set as a group of records maintained by or for a covered entity that may include patient medical and billing records; the enrollment, payment, claims, adjudication, and cases or medical management record systems maintained by or for a health plan; or information used in whole or in part to make care-related decisions. The designated record set is generally broader than the legal health record because it addresses all protected health information along with business information unrelated to patient care.
    The legal health record is generally the information used by the patient care team to make decisions about the treatment of a patient. The elements that constitute an organization's legal health record vary depending on how the organization defines it but must explicitly identify the sources, medium, and location of the individually identifiable data that it includes.
    The importance of excellent patient care documentation in the legal health record cannot be understated as documentation:
    • Supports the decisions made in a patient's care.
    • Supports the revenue sought from third-party payers.
    • Supports the services provided as legal testimony regarding the patient's illness or injury, response to treatment, and caregiver decisions.
    • Serves as the organization's business and legal record, meeting all statutory, regulatory and professional requirements for clinical and business purposes.
    • Serves as a communication tool and is critical to patient safety and continuity of care.
    • Is typically used when responding to formal requests for information for evidentiary purposes.
    • Provides a witness to the care provided in the case of medical malpractice litigation.
  2. Guiding Principles for Documentation of Patient Care
    For all of the reasons noted above, timely, comprehensive, objective, and appropriate documentation of patient care is crucial. Use the following principles as guidance in accomplishing this objective.
    General Recommendations:
    • Be objective and professional in all documentation. This includes internal messages as they may be considered part of the record. Refrain from using the record as a battleground for disagreements, disparaging remarks, or accusatory comments.
    • Avoid using slang or euphemisms. Referring to a patient as a "frequent flyer" may create the impression that personal judgment rather than a thorough clinical assessment, dictated the treatment the patient received.
    • Reflect individualized care. Avoid complete dependence on generic, computer generated documentation.
    • Document only care provided by you.
    • Use correct spelling and grammar. To a jury inattention to details and disorganization in the record may be equated to inattention to the care and treatment of the patient.
    • Unapproved, personal, and informal abbreviations may be misinterpreted by other providers, may not be remembered in the future, and may contribute to inappropriate care. Do not use abbreviations noted by your organization to be misleading. Designate acceptable symbols and acronyms. Complete all blanks or fields. Incomplete documentation may lead to a conclusion that the area was not addressed by the provider.
    • Document promptly. The longer the time lapse, the less reliable the entry becomes.
    • Enter information only after the care is provided; never pre-document.
    • Authenticate, date, and time your entries.
    • Use acceptable signature format; CMS only accepts signatures that are handwritten, electronic, or a facsimile of original or electronic signatures. Control your password, encryption key, security key.
    • When using transcription and speech recognition technology:
      • Carefully review all transcribed documentation and edit as appropriate.
      • Prohibit notations that state dictated information was not reviewed. For example, notations such as "Dictated but Not Read" equate to "I take no responsibility for the quality and validity of the information in this document." Only base clinical decision making on information that has been authenticated.
    • Refrain from documenting criticism of a previous provider's care. Be very careful to obtain all of the facts before reaching a conclusion. Document a factual summary of pertinent clinical findings and the rationale for your plan of care. Refer questions about prior care to that provider.
    • When documenting patient behavior such as conflict, anger, or violence:
      • Be objective and document the facts. Place statements made by the patient in quotations. It is not necessary to specifically describe foul language used. Note actions taken by staff/physicians and final resolution.
    • Validate any prefilled entries and correct as necessary.
    • If copy and paste functionality is used, review and edit to assure accuracy and relevancy to the visit. Risks associated with copied information include an adverse patient event related to incorrect information, inaccurate coding, propagation of false information, and creation of unnecessary and redundant notes.
    • Include emails sent or received outside the portal. Information provided in an email may be crucial to providing coordinated care. It would be problematic in the case of defense if a patient had a copy of e-mail correspondence but the medical record reflected no evidence of the interaction.
    • For external or unsolicited information.
      • Unless state statutes address inclusion/exclusion of external information, include in the legal health record only that external information that has been used in patient care. Return or confidentially destroy any patient health information not used or requested.
    Essential Content: Ambulatory Setting
    • Include the following:
      • Reason for visit.
      • Past medical and family history.
      • Medication allergies and adverse reactions to medications or contrast media.
      • Current and accurate medication list.
      • Follow-up on previous problems and referrals.
      • Patient noncompliance with recommended treatment including confirmation that the patient was informed of consequences.
      • Rationale for proceeding or not proceeding with specialist's recommendations.
      • Clinical examination findings; positive and significant negative results.
      • Plan of care; rationale for diagnosis or deviation from standards of care.
      • Patient response to health maintenance recommendations.
      • Patient education and understanding of follow-up instructions and treatment plan. Specify educational materials given to the patient. If the patient receives a hard copy of material that was printed from the EHR and this copy is annotated to add additional clarification, emphasize a section or delete a section, scan a copy of this changed form into the EHR in order to document the true copy the patient received.
      • Informed consent and informed refusal discussions. Tried to line this up the same as all bulleted items.
      • Any injections, immunizations or IVs given (including the name of the drug, dosage, route, site, time and date administered, name or initials of ordering physician, and name or initials of the person administering the drug).
      • Review of diagnostic test results and consultations, treatment or action plan, and notification of patient.
      • Failed appointments including all attempts to contact the patient to reschedule.
      • Treatment-related telephone calls including after-hours calls. Call documentation should reflect clinical decision-making, support actions taken, and provide for safe continuum of care. Note:
      • Patient name or person calling on behalf of the patient.
      • Date and time.
      • Specific complaint and symptoms.
      • Advice provided.
      • Final disposition of the call and any referrals to other providers or facilities, including urgent care centers or emergency departments.
  3. Amendments (AHIMA)
    An amendment is an alteration of the health information by modification, correction, addition, or deletion. An amendment is made after the original documentation has been completed and authenticated by the author. All amendments should be timely and bear the current date and time of documentation. Policies must dictate what is and is not an acceptable amendment. The following describes different types of amendments.
    • Addendum
      Entries added to a health record to provide additional information in conjunction with a previous entry. The addendum should be timely, noted as an addendum, bear the current date, time, and reason for the additional information being added to the health record, and be signed.
      In the EHR, the original version should remain a part of the EHR. Addendums should be made in the source system or where the documentation was originally created, as well as in any long term medical record or data repository system.
    • Correction
      A correction is a change in the information meant to clarify inaccuracies after the original document has been signed or rendered complete. In the EHR, corrections may also involve removing information from one record and posting it to another within the electronic document management system (See Retraction).
      If information in a paper record must be corrected or revised, draw a line through the incorrect entry and annotate the record with the date, reason for the revision noted, and signature of the person making the revision.
      If the document was originally created in a paper format, and then scanned electronically, the electronic version must be corrected by printing the documentation, correcting as above and rescanning the document.
    • Late Entry
      A late entry is an addition to the health record when a pertinent entry was missed or was not written in a timely manner. The late entry should bear the current date, time, and reason for the additional information being added and be signed.
    • Retraction
      A retraction is the action of correcting information that was incorrect, invalid, or made in error. In the EHR this includes preventing its display or hiding the entry or documentation from further general views. However, the original information is available in the previous version. An annotation should be viewable to the clinical staff so that the retracted document can be consulted if needed.
    • Deletion
      In the EHR, a deletion is the action of permanently eliminating information that is not tracked in a previous version. Most EHRs do not allow permanent deletion.
    • Re-sequencing
      Re-sequencing is the process of moving a document from one location in the EHR to another within the same episode of care, such as a progress note that was linked to the wrong date. According to AHIMA, no annotation of this action is necessary.
    • Reassignment
      Reassignment in the EHR is the process of moving one or more documents from one episode of care to another episode of care within the same patient record, for example, the history and physical posted to the incorrect episode. An annotation should be viewable to the clinical staff so that the reassigned document can be consulted if needed.
    Spoliation generally refers to the destruction or concealment of evidence. Plaintiffs' attorneys scrutinize records to determine if alterations were made in anticipation of or in response to a discovery request. Correcting, revising, tampering, or adding a note to the medical record upon learning of legal action will not only undermine credibility and weaken the defense, it may result in accusations of professional misconduct and potential civil or criminal charges.
    • Always follow the facility policy for acceptable practices in amending the record. Never change the record after a request from an attorney.
    Patient Request to Amend (AHIMA; HIPAA):
    Patients have the right to request an amendment of the protected health information (PHI) in their designated record set (DRS) for as long as the DRS is maintained so it is crucial that the DRS be defined in policy. Covered entities (CE) should develop policies and procedures to address requested amendments. Most facilities require that these requests be submitted in writing and include a reason for the amendment. Often facilities have developed a specific request for amendment form. The policy should reflect which department or specific individual (job title) handles the receipt and processing of requested amendments. The Privacy Rule requires CEs to develop and implement reasonable policies and procedures to verify the identity of any person who requests PHI, as well as the legal right of the person to have access to the information, if the identity or authority of the person is not already known.
    The CE may deny a request if it determines that the PHI or record:
    • Was not created by the CE or the record originator is no longer available to act on the request.
    • Is accurate and complete.
    • The information is not a component of the DRS.
    • Would not be available for inspection by the patient under HIPAA. The Privacy Rule distinguishes those grounds for denial which are reviewable from those which are not.
    • Unreviewable grounds for denial are: situations involving (i) psychotherapy notes, information compiled for use in legal proceedings, and certain information held by clinical laboratories; (ii) certain requests which are made by inmates of correctional institutions; (iii) information created or obtained during research that includes treatment if certain conditions are met; (iv) denials permitted by the Privacy Act; and (v)The HIPAA Privacy Rule's Right Of Access and Health Information Technology information obtained from non-health care providers pursuant to promises of confidentiality. See 45 C.F.R. 164.524(a)(2).
    • Reviewable grounds for denial are: (i) disclosures which would cause endangerment of the individual or another person; (ii) situations where the PHI refers to another and disclosure is likely to cause substantial harm; and (iii) requests made by a personal representative where disclosure is likely to cause substantial harm. See 45 C.F.R. 164.524(a)(3).
    The CE must act on the individual's request for amendment within 60 days of receipt. A one-time extension of up to 30 days for an amendment request is allowed if the CE gives the individual a written statement of the reason for the delay and the date by which the amendment will be processed.
    If a patient's request for amendment is granted, the covered entity must:
    • Insert the amendment or provide a link to the amendment at the site of the information that is the subject of the request for amendment.
    • Inform the individual that the amendment is accepted.
    • Obtain the individual's agreement to have the covered entity notify the relevant persons with whom the amendment needs to be shared.
    • Within a reasonable timeframe, make reasonable efforts to provide the amendment to persons identified by the individual and persons, including business associates, that the covered entity knows also hold the PHI that is the subject of the amendment and that may have relied on or could possibly rely on the information to the detriment of the individual.
    A covered entity that is informed by another CE of an amendment to an individual's PHI within the designated record set must amend the protected health information in written or electronic form.
    If the covered entity denies the requested amendment, it must provide the individual with a written denial within the timeframe written in plain language and must include:
    • The basis for the denial.
    • The individual's right to submit a written statement disagreeing with the denial and how to file such a statement. The CE may reasonably limit the length of the statement of disagreement.
    • A statement that if the individual does not submit a statement of disagreement, the individual may request that the covered entity provide the individual's request for amendment and the denial with any future disclosures of PHI.
    • A description of how the individual may complain in accordance with the CE's complaint procedures or the secretary of HHS.
    The CE may prepare a written rebuttal to the individual's statement of disagreement. A copy of the rebuttal must be provided to the individual who submitted the statement of disagreement.
    If a statement of disagreement has been submitted by the individual, the CE must, as appropriate, identify the record or PHI in the DRS that is the subject of the disputed amendment and append or link the individual's request for amendment, the covered entity's denial of the request, the individual's statement of disagreement (if any), and the CE's rebuttal (if any), to the DRS.
    When a subsequent disclosure is made using a standard transaction that does not permit the additional information to be included with the disclosure, the CE may separately transmit the material to the recipient of the standard transaction.
    *** State laws or regulations may govern how amendments should be processed. Healthcare facilities must comply with these requirements if they are more stringent than those outlined under HIPAA.
  4. Adverse Events and Disclosure
    When an adverse event occurs the following should be documented in the patient's legal health record.
    1. Pertinent clinical information:
      • Objective details of the event, including date, time and place (avoid speculation or assignment of blame).
      • The patient's condition immediately before the time of the event (if known).
      • Medical intervention following the event including studies ordered, therapies initiated, medications ordered, and requested consultations.
      • Patient response to the medical intervention.
      • Future treatment plans.
    2. Disclosure discussion and plan:
      • Time, date, and place of discussion and signature of author.
      • Names and relationships of those present at the discussion.
      • An objective and factual account of the discussion of the event.
      • Patient reaction and the level of understanding exhibited by the patient and family.
      • Additional information that has been shared with the patient and family or legal representative, if appropriate.
      • Offer of assistance and patient/family response.
      • Questions asked by the patient or family and responses to the questions.
      • A notation that as further information becomes available, this information will be shared with patient, family, or legally authorized representative.
      • Next steps to be taken by the patient, providers, or the facility staff.
      • Follow-up conversations.
    3. Do not reference consultation with risk management or that an event report has been completed. Do not include incident/event reports in the patient's record.
  5. Assuring Quality Documentation Practices
    • Develop an institutional definition of the legal health record and designated record set. For example, specify what is considered part of the record (e.g., advance directives, care plans, diagnostic images) and what is not (e.g., abbreviation list, incident reports, psychotherapy notes). State for example, that actual clinical decision support tools such as alerts are not part of the record but that the response to the alert is and must be documented.
    • Educate staff and physician on documentation expectations.
    • Conduct internal chart audits to make sure that the documentation guidelines are being followed and that the records are complete. Review both electronic and printed versions.
    • Review printed copies prior to release to assure that all elements of the record are included.
    • Facilitate commitment from all members of the healthcare team for adherence to best practice documentation.


In medical malpractice litigation defense of claims frequently rests on the quality of the patient care documentation. To a jury, the quality of the documentation equates to the quality of the patient care provided. Objective, timely, and complete documentation is your very best defense.


AHIMA Managing Copy Functionality and Information Integrity. (Mar 2012)
AHIMA Amendments in the Electronic Health Record Toolkit. (2012)
AHIMA Managing Unsolicited Health Information in the Electronic Health Record. (Oct 2013) Journal of AHIMA
AHIMA Fundamentals of the Legal Health Record and Designated Record Sets. (Feb 2011) Journal of AHIMA
AHIMA Patient Access and Amendment to Health Records. (Updated) (Jan 2011)
Medical Liability Monitor Common Risks & Safeguards for Electronic Medical Record. (Sep 2013)
HIMSS Speech Recognition: Accelerating the Adoption of Electronic Medical Records. (2008)
HIMSS The Legal Health Record. (2011)
AHIMA Appropriate Use of the Copy and Paste Functionality in Electronic Health Records, (3/17/2014)