Definition

legal health record (LHR)

Rahul Awati

By

Rahul Awati

What is a legal health record (LHR)?

A legal health record (LHR) refers to documentation about a patient's personal health information that is created by a healthcare organization or provider. The healthcare entity uses the LHR as a business record and is required to make it available upon request from the patient to whom the LHR belongs or from law enforcement or legal entities.

An LHR usually documents the various medical services provided to a patient by a healthcare organization. It also documents the patient's health status and the provider's observations, instructions and actions taken. There is no specific standard or template to create LHRs, so different healthcare organizations define and maintain LHRs in their own way. The specific components of an LHR can also differ between organizations.

Every LHR contains individually identifiable data, meaning Patient A's LHR will be different from Patient B's, Patient C's and so on. Before the prevalence of digitization, all LHRs were created and maintained in paper form. In recent decades, more healthcare facilities have adopted electronic health records (EHRs), so LHRs are also usually in electronic or digital format.

An electronic health record screen. — Example of a legal health record in electronic form.

EHRs are not the only source of patient information. Modern healthcare providers also use health apps to monitor patient health outcomes, disease registries, intake forms, pharmacy records, lab results and other sources to gather important health-related data. As a result, defining and creating LHRs is becoming increasingly complex. The following circumstances can further increase complexity:

Multiple documents comprise one LHR.
Records are in different formats, such as email, diagnostic images, physician notes and voice files.
Records are stored in separate electronic or paper-based databases.

What is included and not included in a legal health record

These documents might be part of a patient's LHR:

Diagnostic test results.
Pharmacy and medication records.
Physician records or notes.
Physical examination records.
Patient health history.
Immunization records.
Consultation reports.
Administrative and financial data.
Records of physical, occupational or speech therapy.
Discharge instructions.
Care plans.
Advance directives from the provider.

In addition, consent-for-treatment forms, intake/output records, patient-provider communications such as email messages, and nursing assessments can also be part of an LHR.

Health records that are created, managed or controlled by the patients themselves are considered patient -- or personal -- health records (PHRs). Examples include glucose-tracking records, immunization records and medication records. These are not part of LHRs. That said, patients can share their PHRs with providers, and providers might add this information to the LHR for any of these reasons:

To improve and personalize patient care.
To review patient data and use the findings to inform the care plan.
To document specific observations or provide instructions regarding that patient.

If patients don't provide PHRs to the healthcare organization, then only the documents that are created and maintained by the healthcare organization constitute its official or business records known as LHRs.

Administrative data is also not considered part of the LHR. This data is patient identifiable and usually used for administrative, regulatory and payment purposes. Examples include biometrics, death certificates, patient-identifiable claims, authorization forms for release of information and practice guidelines that do not embed patient data.

Importance of legal health records

An LHR serves as a healthcare organization's business and legal record for each patient within its care. It provides written proof of the services provided to a patient and documents their caregivers' specific care decisions and the reasons for those decisions. This proof can serve as legal testimony if the patient takes the organization or its caregivers to court following an injury, illness, surgery or other health event. An LHR is an effective legal document if it does the following:

Provides a detailed view of a patient's health history and prognosis.
Records caregivers' observations and measurements.
Provides evidence that a certain type of care was necessary and what standards were used to deliver it.
Documents the patient's response to the care given.

The LHR is also important in other ways. It shows that caregivers adhered to the organization's standards and procedures while delivering care. It also serves as a way for practitioners to plan care for the patient and to communicate with other practitioners serving that patient.

Furthermore, LHRs can do the following:

Support any medical claims the patient or organization submits to insurance companies.
Act as supporting documentation if any services provided to the patient are reimbursable.
Provide a resource for practitioner education and awareness.
Support business decision-making.
Provide useful data for clinical health and public health research efforts.

Patient-identifiable source data in legal health records

Patient-identifiable source data can be part of an LHR. It might be confidentially and safely maintained in a separate location or database. Usually, documents such as interpretations, summaries and physician notes are derived from patient-identifiable source data.

Examples include the following:

Video recordings of meetings between a physician and patient.
Diagnostic films and images.
Audio files, including caregivers' dictations.
Procedure or therapy videos.
Analog or digital patient photographs.
Tests from which interpretations are derived, such as electrocardiogram tracings.

Compliance standards for legal health records

There are no specific regulations or laws governing the creation or format of LHRs. However, every LHR must adhere to the organization's own standards and procedures. Healthcare organizations must also consider the applicable federal and state data privacy laws when creating LHRs. And they must consider and comply with the retention and classification requirements as specified by federal and state laws.

Providers must think carefully about what is appropriate to reveal in the LHR. In addition, they must ensure secondary records containing patient-identifiable source data are provided the same level of confidentiality as primary documents in the LHR.

Learn how health informaticians weave medicine tech and science together and see how CIOs can help alleviate EHR issues.

This was last updated in July 2023

Continue Reading About legal health record (LHR)

Is it legal to record virtual meetings and video conferences?

Interest in wearable health devices grows despite challenges

Pros and cons of conversational AI in healthcare

Key considerations for setting up an IoMT network

EHR vendors eye safe data access for third-party health apps

Dig Deeper on Clinical documentation

xtelligent Rev Cycle Management

What MAHA means for the CMS Innovation Center, APMs
Under Trump's "Making America Healthy Again," the CMS Innovation Center is overhauling alternative payment model design to ...
The state of revenue cycle management software
Revenue cycle management software supports operational efficiency and financial outcomes for healthcare providers, leading to a ...
2025 MedTech Breakthrough winners for healthcare payments
Waystar, Candid Health and TrustCommerce are among the winners of the 2025 MedTech Breakthrough Awards in the healthcare payments...

xtelligent Patient Engagement

71% of LGBTQ+ patients report healthcare discrimination
Experiences with healthcare discrimination have ripple effects, like hampering an open and transparent patient-provider ...
Docs say AI can improve healthcare, but do patients agree?
While providers think AI in healthcare can reduce administrative burden and create opportunity to connect with patients, patients...
Is there implicit bias in patient clinical notes?
Researchers found evidence of implicit bias in clinical notes, particularly with variable use of positive negative language used ...

xtelligent Healthtech Analytics

AI and HIPAA compliance: How to navigate major risks
Balancing AI deployments with HIPAA compliance can be fraught with numerous risks. The first step is awareness, and the second ...
Understanding GenAI's sociodemographic bias in healthcare
Amid GenAI's growing popularity in healthcare, a new study highlights the sociodemographic-based biases of the models, urging ...
AI and the future of genomics
AI genomics' speed and accuracy in drug target discovery, disease modeling and detection, and gene therapy hold promise for ...

xtelligent Healthtech Security

Study: Most healthcare data breaches caused by hacking
Healthcare data breaches have surged over the past 14 years, with hacking or IT incidents increasing from 4% of all breaches in ...
How AI can aid healthcare in digital identity verification
Healthcare organizations can use AI to defend against cyberthreat actors who use AI, especially in the areas of digital identity ...
NIST Privacy Framework receives draft update
A draft update to the NIST Privacy Framework aims to streamline the document and align it with the NIST Cybersecurity Framework.

xtelligent Virtual Healthcare

New remote patient monitoring advocacy group launches
The new Remote Monitoring Leadership Council aims to expand RPM access, adoption and policy through advocacy and data sharing.
Why Cedars-Sinai is becoming a digital health venture builder
Cedars-Sinai has launched a new initiative to establish and scale digital health companies, building on the growing trend of ...
Virtual pulmonary rehab effective for high-need COPD patients
New research shows that virtual pulmonary rehab is similarly effective for COPD patients who need oxygen as those who do not, ...

Close