Awareness article
Designated Record Set
What a designated record set is under HIPAA, which systems may feed it, and why healthcare teams should not assume every operational tool belongs in it.
Short answer
A designated record set is the group of records used to make decisions about individuals or otherwise maintained as required under HIPAA. Not every operational tool or note automatically becomes part of it.
A designated record set is the body of records used to make decisions about individuals or otherwise maintained under HIPAA’s framework. It can be broader than the chart, but that does not mean every workflow tool or every note automatically belongs inside it.
Why designated record set confusion matters
When teams cannot distinguish between the designated record set and surrounding operational systems, they make bad assumptions about retention, access, and amendment obligations.
Related pages
Use PHI Fundamentals for the larger definition cluster, Google Drive if files and exports are the issue, and /product#checklists-evidence if your team needs clearer operational evidence boundaries.
PHI Fundamentals
Core PHI and ePHI definitions, identifiers, edge cases, and data-classification concepts healthcare teams need before tool selection.
HIPAA and Wearable Devices: When Fitbit and Apple Watch Data Is PHI
HIPAA and wearable devices: when Fitbit, Apple Watch, and Garmin data becomes PHI, what BAA obligations arise, and how FTC rules cover gaps HIPAA doesn't.
Building a HIPAA-Compliant AI Use Policy for Your Clinic
How to build a HIPAA-compliant AI use policy for your clinic: approved tools, BAA requirements, prohibited inputs, staff training, and OCR's guidance on AI.
Sources
- HIPAA Privacy Rule · U.S. Department of Health and Human Services