Telehealth creates unique health information management challenges for various reasons, including: aggregating large data sets (i.e. remote monitoring); using and storing numerous file formats (video, audio, text, digital images, film); establishing safeguards for sharing data with virtual providers and distant sites; determining the appropriate location for data storage (if more than one provider or entity is involved); and more. All of these challenges create issues relating to medical record management, maintenance, ownership, and storage.
In the past, it was easier to define what was and was not considered the “medical record” for a patient. Typically, the medical record was the patient’s paper file and/or a basic electronic medical record (EMR). With the addition of the internet, telehealth, and other electronic means of data transmission, the question remains:
What new mediums must be included in a patient’s medical record? 
Must it include…
- Digital images?
- Emails?
- Phone conversations?
- Video recordings?
- Live stream videos?
- Remote monitoring data streams?
It is important to understand the definition and scope of the term “medical record” because under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, an individual has the right to access and/or amend his or her protected health (medical record) information that is contained in a “designated record set,” or DRS. Thus, healthcare providers must understand what they are required to include in the patient’s medical record and provide for the patient upon request.
The term “medical record” generally refers to the collection of information regarding a patient and his/her health care. The term “designated record set” is defined within the Privacy Rule to include medical and billing records, and any other records used by the provider to make decisions about an individual. Each healthcare organization is required to define the data or documents that meet this definition.
In addition to HIPAA, some organizations are subject to state laws that provide specific definitions relating to telehealth and medical record documentation/retention. For example, in Colorado, Colo. Rev. Stat. § 25-1-802(5) states that “medical information transmitted during the delivery of health care via telemedicine… is part of the patient's medical record maintained by a health care provider.”
Another common theme in many state statutes and codes is that telehealth documentation retained in the medical record must be comparable to an in-person office visit. For example, Texas Administrative Code states that in order to be reimbursed for telemedicine services “documentation in the patient's medical record for a telemedicine medical service or a telehealth service must be the same as for a comparable in-person evaluation.” Other sections of the Texas Administrative Code set forth specific telehealth record retention requirements stating:
“Medical records must include copies of all relevant patient-related electronic communications, including relevant patient-physician e-mail, prescriptions, laboratory and test results, evaluations and consultations, records of past care and instructions. If possible, telemedicine encou
nters that are recorded electronically should also be included in the medical record.”
The focus in federal and state laws, regulations, and guidance is not on creating an exhaustive list of exact documents that must be included in the medical record, but rather, on including documents or media that are directly used in medical decision-making and treatment of patients and/or documents that are necessary for supporting billing claims. The American Health Information Management Association (AHIMA) expresses this notion stating:
“The determining factor in whether something is to be considered part of the legal health record is not where the information resides or the format of the information, but rather how the information is used and whether it is reasonable to expect the information to be routinely released when a request for a complete medical record is received.”
AHIMA is a leading national organization for health information management practices, and its data retention practices are often cited by numerous health care organizations and publications as the current industry standard. It is also important to note that secondary data (notes, images, videos) that are not related to these patient-centered or billing functions likely do not need to be included in the medical record.
Also, AHIMA highlights that organizations only need to include documents that can be provided in a human-perceptible form to patients, and/or documents that are reasonably feasible to provide to patients. Thus since it is not explicitly required by state or federal law, large data sets and streams from remote monitoring devices which are sometimes too large and cumbersome to store long-term and/or too difficult to provide to patients, may be exempt from being considered part of the legal medical record. It is up to the organization to make the decision on what can reasonably and feasibly be included in the record. The organization should capture this information in a corporate policy or data matrix. Employees will need to be informed and properly trained on compliance with these policies.
In addition to federal and state laws and regulations, organizations should also consult with any payors they have contracted with for guidance or billing requirements. Often large payors have specific requirements for medical record documentation and retention relating to telemedicine. Further, once an organization develops its definition of the “legal” record, it should develop its own corporate policy.