Definition

legal health record (LHR)

Rahul Awati

By

Rahul Awati

What is a legal health record (LHR)?

A legal health record (LHR) refers to documentation about a patient's personal health information that is created by a healthcare organization or provider. The healthcare entity uses the LHR as a business record and is required to make it available upon request from the patient to whom the LHR belongs or from law enforcement or legal entities.

An LHR usually documents the various medical services provided to a patient by a healthcare organization. It also documents the patient's health status and the provider's observations, instructions and actions taken. There is no specific standard or template to create LHRs, so different healthcare organizations define and maintain LHRs in their own way. The specific components of an LHR can also differ between organizations.

Every LHR contains individually identifiable data, meaning Patient A's LHR will be different from Patient B's, Patient C's and so on. Before the prevalence of digitization, all LHRs were created and maintained in paper form. In recent decades, more healthcare facilities have adopted electronic health records (EHRs), so LHRs are also usually in electronic or digital format.

An electronic health record screen. — Example of a legal health record in electronic form.

EHRs are not the only source of patient information. Modern healthcare providers also use health apps to monitor patient health outcomes, disease registries, intake forms, pharmacy records, lab results and other sources to gather important health-related data. As a result, defining and creating LHRs is becoming increasingly complex. The following circumstances can further increase complexity:

Multiple documents comprise one LHR.
Records are in different formats, such as email, diagnostic images, physician notes and voice files.
Records are stored in separate electronic or paper-based databases.

What is included and not included in a legal health record

These documents might be part of a patient's LHR:

Diagnostic test results.
Pharmacy and medication records.
Physician records or notes.
Physical examination records.
Patient health history.
Immunization records.
Consultation reports.
Administrative and financial data.
Records of physical, occupational or speech therapy.
Discharge instructions.
Care plans.
Advance directives from the provider.

In addition, consent-for-treatment forms, intake/output records, patient-provider communications such as email messages, and nursing assessments can also be part of an LHR.

Health records that are created, managed or controlled by the patients themselves are considered patient -- or personal -- health records (PHRs). Examples include glucose-tracking records, immunization records and medication records. These are not part of LHRs. That said, patients can share their PHRs with providers, and providers might add this information to the LHR for any of these reasons:

To improve and personalize patient care.
To review patient data and use the findings to inform the care plan.
To document specific observations or provide instructions regarding that patient.

If patients don't provide PHRs to the healthcare organization, then only the documents that are created and maintained by the healthcare organization constitute its official or business records known as LHRs.

Administrative data is also not considered part of the LHR. This data is patient identifiable and usually used for administrative, regulatory and payment purposes. Examples include biometrics, death certificates, patient-identifiable claims, authorization forms for release of information and practice guidelines that do not embed patient data.

Importance of legal health records

An LHR serves as a healthcare organization's business and legal record for each patient within its care. It provides written proof of the services provided to a patient and documents their caregivers' specific care decisions and the reasons for those decisions. This proof can serve as legal testimony if the patient takes the organization or its caregivers to court following an injury, illness, surgery or other health event. An LHR is an effective legal document if it does the following:

Provides a detailed view of a patient's health history and prognosis.
Records caregivers' observations and measurements.
Provides evidence that a certain type of care was necessary and what standards were used to deliver it.
Documents the patient's response to the care given.

The LHR is also important in other ways. It shows that caregivers adhered to the organization's standards and procedures while delivering care. It also serves as a way for practitioners to plan care for the patient and to communicate with other practitioners serving that patient.

Furthermore, LHRs can do the following:

Support any medical claims the patient or organization submits to insurance companies.
Act as supporting documentation if any services provided to the patient are reimbursable.
Provide a resource for practitioner education and awareness.
Support business decision-making.
Provide useful data for clinical health and public health research efforts.

Patient-identifiable source data in legal health records

Patient-identifiable source data can be part of an LHR. It might be confidentially and safely maintained in a separate location or database. Usually, documents such as interpretations, summaries and physician notes are derived from patient-identifiable source data.

Examples include the following:

Video recordings of meetings between a physician and patient.
Diagnostic films and images.
Audio files, including caregivers' dictations.
Procedure or therapy videos.
Analog or digital patient photographs.
Tests from which interpretations are derived, such as electrocardiogram tracings.

Compliance standards for legal health records

There are no specific regulations or laws governing the creation or format of LHRs. However, every LHR must adhere to the organization's own standards and procedures. Healthcare organizations must also consider the applicable federal and state data privacy laws when creating LHRs. And they must consider and comply with the retention and classification requirements as specified by federal and state laws.

Providers must think carefully about what is appropriate to reveal in the LHR. In addition, they must ensure secondary records containing patient-identifiable source data are provided the same level of confidentiality as primary documents in the LHR.

Learn how health informaticians weave medicine tech and science together and see how CIOs can help alleviate EHR issues.

This was last updated in July 2023

Continue Reading About legal health record (LHR)

Is it legal to record virtual meetings and video conferences?

Interest in wearable health devices grows despite challenges

Pros and cons of conversational AI in healthcare

Key considerations for setting up an IoMT network

EHR vendors eye safe data access for third-party health apps

Dig Deeper on Clinical documentation

xtelligent Rev Cycle Management

Indirect billing by APCs common for office-based care
A study shows indirect billing by advanced practice clinicians (APCs) occurred for 39% of all office-based encounters with ...
Only a third of CMMI models yield substantial net savings
Most CMMI models did not generate significant savings to the federal government, if any savings at all, according to a recent ...
CMS proposes 2.4% inpatient Medicare reimbursement hike
The FY 2026 Inpatient Prospective Payment System (IPPS) and Long-Term Care Hospital Prospective Payment System (LTCH PPS) ...

xtelligent Patient Engagement

How to prevent medical gaslighting from harming patient safety
Preventing patient safety issues and promoting patient trust will require health systems to learn how to prevent medical ...
Are patients stressed awaiting patient portal test results?
Some patients worry while they wait on patient portal test results, opening the door for some policy and health IT solutions to ...
Can social capital fix healthcare's patient safety problems?
A focus on social capital lets healthcare leaders improve patient safety and experience via better teamwork and shared values.

xtelligent Healthtech Analytics

AI model estimates heart failure from single-lead ECGs
Researchers have created an AI model that uses single-lead ECGs to predict the risk of heart failure, which could provide a new ...
13 AI healthcare companies to watch in 2025
These AI healthcare companies are using generative AI to enhance efficiency, improve patient care and innovate diagnostics. We ...
Taking a ‘leadership first, tech last’ approach to health AI
As healthcare stakeholders increasingly adopt health AI tools, leaders must align investments with their organization’s top ...

xtelligent Healthtech Security

Navigating HIPAA's reproductive healthcare data privacy rule
Compliance with a final rule to support reproductive healthcare data privacy can help entities mitigate risk despite the rule’s ...
Benchmarking data shows healthcare cybersecurity pain points
Organizations continue to take a reactive over a proactive approach to healthcare cybersecurity, KLAS, the AHA and several ...
Dialysis firm DaVita suffers ransomware attack
Kidney care company DaVita said patient care is continuing despite suffering a weekend ransomware attack that encrypted elements ...

xtelligent Virtual Healthcare

Digital health use growing in underserved counties
A new study reveals that use of digital health services was higher in counties with high social vulnerability, indicating a ...
RPM use in Medicare booming, but policy changes needed
As RPM use rises to new heights among Medicare beneficiaries, the Peterson Center on Healthcare highlights the need for new RPM ...
Teladoc unveils virtual care tool for cardiometabolic health
Teladoc's latest virtual care tool for cardiometabolic health aims to promote better population health management through chronic...

Close