Definition

legal health record (LHR)

Rahul Awati

By

Rahul Awati

What is a legal health record (LHR)?

A legal health record (LHR) refers to documentation about a patient's personal health information that is created by a healthcare organization or provider. The healthcare entity uses the LHR as a business record and is required to make it available upon request from the patient to whom the LHR belongs or from law enforcement or legal entities.

An LHR usually documents the various medical services provided to a patient by a healthcare organization. It also documents the patient's health status and the provider's observations, instructions and actions taken. There is no specific standard or template to create LHRs, so different healthcare organizations define and maintain LHRs in their own way. The specific components of an LHR can also differ between organizations.

Every LHR contains individually identifiable data, meaning Patient A's LHR will be different from Patient B's, Patient C's and so on. Before the prevalence of digitization, all LHRs were created and maintained in paper form. In recent decades, more healthcare facilities have adopted electronic health records (EHRs), so LHRs are also usually in electronic or digital format.

An electronic health record screen. — Example of a legal health record in electronic form.

EHRs are not the only source of patient information. Modern healthcare providers also use health apps to monitor patient health outcomes, disease registries, intake forms, pharmacy records, lab results and other sources to gather important health-related data. As a result, defining and creating LHRs is becoming increasingly complex. The following circumstances can further increase complexity:

Multiple documents comprise one LHR.
Records are in different formats, such as email, diagnostic images, physician notes and voice files.
Records are stored in separate electronic or paper-based databases.

What is included and not included in a legal health record

These documents might be part of a patient's LHR:

Diagnostic test results.
Pharmacy and medication records.
Physician records or notes.
Physical examination records.
Patient health history.
Immunization records.
Consultation reports.
Administrative and financial data.
Records of physical, occupational or speech therapy.
Discharge instructions.
Care plans.
Advance directives from the provider.

In addition, consent-for-treatment forms, intake/output records, patient-provider communications such as email messages, and nursing assessments can also be part of an LHR.

Health records that are created, managed or controlled by the patients themselves are considered patient -- or personal -- health records (PHRs). Examples include glucose-tracking records, immunization records and medication records. These are not part of LHRs. That said, patients can share their PHRs with providers, and providers might add this information to the LHR for any of these reasons:

To improve and personalize patient care.
To review patient data and use the findings to inform the care plan.
To document specific observations or provide instructions regarding that patient.

If patients don't provide PHRs to the healthcare organization, then only the documents that are created and maintained by the healthcare organization constitute its official or business records known as LHRs.

Administrative data is also not considered part of the LHR. This data is patient identifiable and usually used for administrative, regulatory and payment purposes. Examples include biometrics, death certificates, patient-identifiable claims, authorization forms for release of information and practice guidelines that do not embed patient data.

Importance of legal health records

An LHR serves as a healthcare organization's business and legal record for each patient within its care. It provides written proof of the services provided to a patient and documents their caregivers' specific care decisions and the reasons for those decisions. This proof can serve as legal testimony if the patient takes the organization or its caregivers to court following an injury, illness, surgery or other health event. An LHR is an effective legal document if it does the following:

Provides a detailed view of a patient's health history and prognosis.
Records caregivers' observations and measurements.
Provides evidence that a certain type of care was necessary and what standards were used to deliver it.
Documents the patient's response to the care given.

The LHR is also important in other ways. It shows that caregivers adhered to the organization's standards and procedures while delivering care. It also serves as a way for practitioners to plan care for the patient and to communicate with other practitioners serving that patient.

Furthermore, LHRs can do the following:

Support any medical claims the patient or organization submits to insurance companies.
Act as supporting documentation if any services provided to the patient are reimbursable.
Provide a resource for practitioner education and awareness.
Support business decision-making.
Provide useful data for clinical health and public health research efforts.

Patient-identifiable source data in legal health records

Patient-identifiable source data can be part of an LHR. It might be confidentially and safely maintained in a separate location or database. Usually, documents such as interpretations, summaries and physician notes are derived from patient-identifiable source data.

Examples include the following:

Video recordings of meetings between a physician and patient.
Diagnostic films and images.
Audio files, including caregivers' dictations.
Procedure or therapy videos.
Analog or digital patient photographs.
Tests from which interpretations are derived, such as electrocardiogram tracings.

Compliance standards for legal health records

There are no specific regulations or laws governing the creation or format of LHRs. However, every LHR must adhere to the organization's own standards and procedures. Healthcare organizations must also consider the applicable federal and state data privacy laws when creating LHRs. And they must consider and comply with the retention and classification requirements as specified by federal and state laws.

Providers must think carefully about what is appropriate to reveal in the LHR. In addition, they must ensure secondary records containing patient-identifiable source data are provided the same level of confidentiality as primary documents in the LHR.

Learn how health informaticians weave medicine tech and science together and see how CIOs can help alleviate EHR issues.

This was last updated in July 2023

Continue Reading About legal health record (LHR)

Is it legal to record virtual meetings and video conferences?

Interest in wearable health devices grows despite challenges

Pros and cons of conversational AI in healthcare

Key considerations for setting up an IoMT network

EHR vendors eye safe data access for third-party health apps

Dig Deeper on Electronic health record systems

CIO

U.S. antitrust case against Amazon not a clear win
The FTC is looking to make an antitrust case against Amazon for using anticompetitive strategies to harm both sellers and ...
U.S. government shutdown would crush CHIPS Act momentum
A U.S. government shutdown would significantly impact implementation of the CHIPS and Science Act of 2022 as federal workers ...
6 alternatives to blockchain for businesses to consider
Technologies like cloud storage and distributed databases provide some of blockchain's data-integrity and reliability advantages ...

Cloud Computing

How to modernize apps as part of the cloud migration process
Take stock of your applications, and modernize them where appropriate as part of a cloud migration. Learn about the benefits of ...
3 factors that influence multi-cloud cost optimization
Without careful oversight, multi-cloud deployments can be expensive. These data management and security practices can help IT ...
Canonical continues to evolve in cloud market
Paul Nashawaty, an analyst at TechTarget's Enterprise Strategy Group, shares takeaways from Canonical Analyst Day 2023. Explore ...

Mobile Computing

Are iPhones more secure than Android devices?
Apple has built a reputation for strong device security, but reputation alone can't protect corporate data. While iOS and Android...
Comparing iPhone vs. Android for business
Organizations deploying or managing smartphones for corporate use should know how iPhone and Android compare in an enterprise ...
Comparing iPhone vs. Android privacy for employee devices
Employee privacy is a crucial factor in mobile device management, and IT should know how device type plays into this. Learn how ...

Security

How to use Wireshark to sniff and scan network traffic
Wireshark continues to be a critical tool for security practitioners. Learning how to use it to scan network traffic should be on...
5 common browser attacks and how to prevent them
Browsers are critical components of any organization, especially with the rise of web apps. Security teams and users must, ...
Secure service edge strengths drive SASE deployments
Enterprise Strategy Group's John Grady discusses the latest findings in his newly released report and why businesses won’t start ...

Storage

How SSD encryption can protect enterprise data
It's easy for an SSD to fall into the wrong hands. Encryption, which is common in SSDs, is a powerful tool to protect ...
Dell Apex brings cloud Azure HCI to ground
Dell Apex Cloud Platform for Microsoft Azure combines Dell hardware with Microsoft Azure software, a move that adds to Dell's ...
OpenZFS interest grows alongside rise of unstructured data
With the explosion of unstructured data, lower-cost file systems such as OpenZFS are gaining more attention as they continue to ...

Close