Foundational Concepts of the Legal EHR

by Carol Ann Quinsey, RHIA, CHPS

The concept of a legal health record (whether paper or electronic) is generally well understood within the HIM profession. However, during the transition from paper to electronic records some organizations are expressing concern about the use of the terms “legal health record” and “legal electronic health record.” This article discusses the concepts underlying legal health records and legal electronic health records so that they can be better understood and communicated to the healthcare industry.

Serving Multiple Purposes

Health records serve many purposes across every care setting. They are the basis for communication among healthcare providers, documentation of patient care, the source of data for patient care evaluation and research for improving the quality of patient care, and the source for reimbursement for services rendered.

In addition, health records have historically been the recognized legal business record for healthcare organizations, and as such, health records can be admitted into legal proceedings as an exception to the hearsay rule in most states. The Federal Rules of Evidence (803(6)) and the Uniform Business and Public Records Act adopted by most states allow this exception for health records maintained in the regular course of business as long as the record was:

  • Documented in the normal course of business
  • Kept in the regular course of business
  • Made at or near the time of the matter recorded
  • Made by the person(s) within the business with knowledge of the acts, events, conditions, opinions, or diagnoses appearing in it

Health information managers were-and continue to be-the record custodians, managing them in a way that ensures documentation standards are developed for and followed by the organization. Such standards meet applicable requirements promulgated by relevant accreditation bodies and agencies such as the Centers for Medicare and Medicaid Services, in addition to pertinent state and federal laws and regulations.

The landscape of laws, regulations, and practice standards for the creation and maintenance of legal health records is complex and consistent by neither care setting nor state. HIM professionals have traditionally been recognized as the experts on what is required for defining a legal health record in individual healthcare organizations. They are charged with developing and implementing policies and procedures necessary to create and maintain a legal health record (e.g., business record) for the organization.

This process generally starts by reviewing the requirements found in applicable federal and state laws, rules for compliance, and accreditation standards. It is then a matter of striking an acceptable balance between the requirements and being able to use health information appropriately. Practical concerns having to do with the technology must also be considered.

Among the many organizational policies and procedures necessary to permit health records to be recognized as legal business records is a policy specifying what documents may be disclosed in response to a valid request for disclosure (whether from a patient, third-party payer, legal counsel, or court). Policies and procedures identify the exact subset of documents that will be released upon receipt of a valid request for disclosure. Many additional documents may be discoverable, but there should be a clear subset of documents that are released initially.

The Life Cycle of Health Records

A health record’s life cycle is made up of stages with certain actions that occur at each stage. Although the method of taking the necessary actions at each stage may vary depending on whether the record is in paper or electronic format, the basic actions are the same. These actions are part of the process required for the record to be considered the legal business record of the healthcare organization.

In the first stage the record is created. Documentation about a patient’s care is collected from a variety of sources in accordance with organizational processes and standards. Records are reviewed to ensure their accuracy and completeness prior to moving to the next stage.

Once records are deemed complete, they are maintained (or archived) in a manner that preserves the integrity of the record for patient care, research, payment, and evidentiary purposes. In this stage records are made available for legitimate business purposes, which include responding to valid requests for documentation. All such disclosures are guided by organizational policies and procedures.

If the organization chooses to dispose of health records at some point, a policy based on applicable federal and state laws and regulations guides this process. Such policies and procedures define how, when, and by what method its business records may be destroyed. Additionally, they typically define what sort of documentation must be maintained regarding the destruction of these records.

Moving to Electronic Health Records

Transitioning from paper to electronic health records (EHRs) requires healthcare organizations to re-evaluate their definition of the legal health record as new modes of creating and maintaining health record documentation are deployed. Defining the legal health record has become more complex as organizations move to electronic media. However, the fundamental principles that allow paper health records to constitute the legal business record of a healthcare organization and be admissible in court remain the same whether using paper or electronic media for the creation and maintenance of health records.

One of the challenges faced in the move from paper to electronic records is maintaining an accurate description of exactly what will be released upon receipt of a valid request for documentation. As organizations implement various components of their EHR, careful documentation of when each component moved from paper to electronic format and whether or not the component constitutes part of the record that is released pursuant to valid request is required. This process requires considerable diligence and careful tracking of exact dates when changes occur.

Concern has arisen in some organizations as to whether or not documents created in paper then scanned into imaging systems can be considered the “legal” EHR. These concerns may be based, at least in part, on what level of trust attorneys and courts have with the accuracy and completeness of the imaged record. If there is any concern that a true and legible copy of the original paper health record cannot be presented for use in the event of legal action, a requirement may be imposed by organizational legal counsel to maintain paper copies as the “legal” record. Clear policies and procedures for quality control should be useful in alleviating these concerns, along with results of quality monitoring. In addition, the costs of maintaining duplicate paper and electronic records should be documented as well as the risks inherent in trying to maintain duplicate records.

HIM professionals are in the best position to assist their organizations in understanding the need to make the transition in the definition from paper to electronic. They are able to explain the underlying principles that permit health records to constitute legal business records for the organization. While this may sound simple, highly complex discussions may need to take place within the organization.

In coming months this column will highlight the perspectives of some attorneys, malpractice carriers, and others, presenting some of the concerns they raise. In addition, traditional HIM business processes that ensure a sound business record will be reviewed as they relate to the EHR. A sample policy for defining the legal EHR will be included.

Resources and References

AHIMA. “Update: Guidelines for Defining the Legal Health Record for Disclosure Purposes.” Journal of AHIMA 76, no. 8 (2005): 64A–G.

AHIMA. “Update: Maintaining a Legally Sound Health Record-Paper and Electronic.” Journal of AHIMA 76, no. 10 (2005): 64A–L.

AHIMA. “The Legal Process and Electronic Health Records.” Journal of AHIMA 76, no. 9 (2005): 96A–C.

McWay, Dana C. Legal Aspects of Health Information Management. New York: Delmar Publishers, 1997.

Carol Ann Quinsey ( is a practice manager at AHIMA.

Article citation:
Quinsey, Carol Ann. "Foundational Concepts of the Legal EHR" Journal of AHIMA 78, no.1 (January 2007): 56-57.