Designated Record Set Policy

Policy: Designated Record Set

Policy Number: 500 Policy Section: Health Information Management
Owner: Cynthia Grant Approved By: Paul Vogelman, COO
Effective Date: 1/11/2022 Date of Last Review: 3/24/2023


SUD Specialty Group -- CA; Mental Health Specialty Group, P.A.; Mental Health Specialty Group NJ, PC; and Mental Health Specialty Group KS, P.A. (collectively, the "Group") contracts with Path CCM, Inc. d/b/a Rula Health ("Rula") for management and administrative support services. This policy applies to the Group and Rula.


Policy Statement

In compliance with the Privacy Rules of Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification provisions, 42 CFR Part 2, this policy sets out the elements of the designated record set that contain protected health information (PHI).  The Group and Rula are committed to enabling patients to exercise their legal rights under federal, state, and local laws regarding accessing and amending medical and billing information maintained by the Group and Rula as part of the Designated Record Set (DRS).  This policy describes what will comprise the DRS, which is the information patients can access or amend. 



This policy applies to all team members who have access to the designated record set. For purposes of this policy, the Group’s and Rula’s team members include individuals who would be considered part of the workforce such as employees, independent contractors, business team members, and other persons whose work performance is under the direct purview of Rula or the Group’s  business practices.  



Designated Record Set: includes medical records, billing records, payment and claims records, health plan enrollment records, case management records, as well as other records used, in whole or in part, by or for a covered entity to make decisions about individuals.


Protected Health Information (PHI): is a subset (record or transmission) of health information, including demographic information collected from an individual. 


  1. The Group is the custodian of record for the designated record set. Rula, CCM provides the oversight and management of the designated record set. 
  2. With limited exceptions, the HIPAA Privacy Rule gives individuals the right to access, upon request, the medical and health information (PHI) about them in one or more designated record sets (DRS) maintained by or for the individuals’ health care providers and health plans (HIPAA covered entities). 
  3. Request for Access to a Patient’s Designated Record Set
  4. If a patient or patient authorized representative requests access to PHI , access shall be given to the DRS within the required timeframe, which is normally within 30 days of the receipt of the request or less based on state requirements. Exceptions to this will be provided to the patient in writing. 
  5. Patients or their authorized representatives must complete a Release of Information form prior to being provided with information associated with their designated record set. See Authorization to Release Patient Information policy for more information.  If the patient is requesting to amend or correct their PHI, refer to the Request to Amend or Correct Patient Health Information policy for more information. 
  6. Database Storage of DRS
  7. Each of the existing repositories of PHI have been identified, documented, and approved for usage in compliance with this policy and Rula’s HIPAA Patient Privacy and Confidentiality policy.
  8. Unsanctioned maintenance of PHI in any form will lead to disciplinary action, up to and including termination.
  9. Documentation relating to the DRS shall be kept in accordance with the Retention and Destruction of Records policy.
  10. Knowledge of violations to this policy shall be immediately reported to Rula’s Privacy and/or Compliance Officer.


  1. Designated Record Set 

Was this article helpful?

0 out of 0 found this helpful