Home
Products

Medical Records Release

ChartRequest Complete

Flat-fee managed service for low-billable specialties

ChartRequest Select

Flexible billing for high-billable specialties

ChartRequest Pro

Self-service platform with revenue share

Release of Information Software

Automated workflow and request management

Compare Release Plans

Comparison page

Medical Records Retrieval

Retrieval Services

Fast and compliant retrieval services

Network Access

12,000+ healthcare organizations

Real-Time Tracking

Mobile app and dashboard

For Legal & Insurance

Accelerate case resolution

Add-On Services

Care Coordination

Virtual assistant support

Staff Augmentation

Dedicated team members

Digital Notary

Electronic notarization

Request Management Platform

Complete workflow automation

SOC 2 Certified

Security overview

EHR Integrations

Integration list

4.9/5 Stars

Customer reviews

Mobile App

Download
Solutions

Reduce Administrative Burden

Automate Record Requests

Eliminate manual request processing

Eliminate Manual Processing

End-to-end workflow automation

Reduce Staff Workload

Staff augmentation and support

Streamline Multi-Location Operations

Centralized platform for multiple sites

Accelerate Case Resolution

Fast Record Retrieval

Full retrieval automation with casebinder

Real-Time Status Tracking

Live updates via mobile app and dashboard

Nationwide Network Access

12,000+ organizations in all 50 states

Bulk Retrieval for Insurance

High-volume claims processing

Ensure Compliance & Security

HIPAA Compliance

Full HIPAA-compliant platform

Audit Readiness

Prepare for MRA, HEDIS, and compliance audits

SOC 2 Certified Platform

Enterprise-grade security and compliance

Secure Remote Workforce

Proprietary security for distributed teams

Why ChartRequest?

Differentiators overview

Customer Success Stories

Case studies and testimonials

Schedule a Demo

Book a no-cost consultation
I Am a....

Healthcare (ROI)

I lead HIM / ROI

See ROI workflows.

I manage a practice

See plan options.

I run clinical operations

See multi-location setup.

I own compliance & security

Review compliance controls.

I own IT / integrations

Review integrations.

organization type

Solo Practitioners

Organization-type landing page.

Group Practices

Organization-type landing page.

Hospitals / IDNs

Organization-type landing page.

FQHCs

Organization-type landing page.

Imaging Centers

Organization-type landing page.

Law Firm (Retrieval)

I’m in Legal Ops / Litigation

Talk to sales.

I’m an attorney

Get turnaround details.

I’m a paralegal / case manager

Track requests.

I manage the office

Standardize intake.

Insurance

I run claims

See bulk retrieval.

I’m in medical review

See retrieval tracking.

I lead HEDIS / quality

Audit readiness.

I own compliance

Review compliance controls.

I own IT

Review security and integrations.

Patient / Family

I need my medical records

Request records, Check status.

I want to store & share records

Learn how sharing works.

I’m checking request status

Check status, Get support.

I need help

Contact support, Browse FAQs.

Schedule a Demo

Consultation Booking

Request Records

Patient request entry

Track a Request

Status tracking entry

Customer Stories

Proof and outcomes
Information

Company

About Us

Careers

Leadership

Contact Us

Resources

Documentation

Glossary

White Paper

SUpport

Technical Support

Pricing Review

Refund Request

Stop Payment

Information

Articles

Webinars

Case Studies

News & Press Releases

Events & Conferences

Schedule a Demo

Consultation Booking

Request Records

Patient request entry

Track a Request

Status tracking entry

Customer Stories

Proof and outcomes

Are Billing Records Part of the Medical Record Under HIPAA?

Anna Paris
April 18, 2026

ChartRequest is Proudly Partnered With

Billing records maintained by or for a covered healthcare provider are part of the HIPAA designated record set. 45 CFR § 164.501 expressly includes medical records and billing records about individuals maintained by or for a covered health care provider.

That matters because many teams still treat billing records as separate from the chart. In practice, that creates incomplete access responses, inconsistent release decisions, and workflow gaps between HIM and revenue cycle teams.

HHS explains that individuals have a right to access protected health information in a designated record set, and that designated record sets include medical records, billing records, payment and claims records, and other records used to make decisions about individuals.

The common confusion comes from the phrase medical record. Many requestors use it to mean the chart. HIPAA, however, ties access rights to the designated record set. If your workflow responds only from the EHR and ignores billing systems or account documentation, it can miss part of what HIPAA requires.

What Does HIPAA Say About Billing Records and the Designated Record Set?
Are Billing Records Part of the Medical Record Under HIPAA, or Just Part of the Designated Record Set?
- How Billing Workflows Intersect with Amendment and Restriction Rights
What Usually Counts as Billing Records Under HIPAA?
What Do Requestors Usually Mean When They Ask for Billing Records?
When Should Providers Release Billing Records, Clinical Records, or Both?
What Mistakes Cause Providers to Leave Billing Records Out?
- Why Mixed Billing Files Need Extra Review
How Can Providers Operationalize Billing Record Access Without Manual Reconstruction?
How Can Providers Reliably Handle Billing Record Requests?
Frequently Asked Questions

What Does HIPAA Say About Billing Records and the Designated Record Set?

HIPAA defines the designated record set in three categories. For providers, the key category is straightforward: medical records and billing records about individuals maintained by or for the provider. Billing records do not need a separate analysis to qualify. They are already included by category.

That does not mean everything in a billing platform automatically falls within scope. A patient’s itemized statement, payment history, charge detail, or claim information is much more likely to qualify than an internal staff memo stored in the same system for convenience.

The practical takeaway is simple. Providers need a record type inventory, not a location only rule. HIPAA does not ask only where a document sits. It asks what kind of record it is, who maintains it, and whether it falls into one of the designated record set categories.

Are Billing Records Part of the Medical Record Under HIPAA, or Just Part of the Designated Record Set?

The legally precise answer is that billing records are part of the designated record set. That means they can fall within HIPAA access and amendment rights.

In day-to-day operations, many people use medical record to mean the clinical chart. That shorthand causes problems when staff assume a request for records reaches only clinical documentation. HHS says an individual has a right to inspect and obtain a copy of protected health information in a designated record set, subject to limited exceptions such as psychotherapy notes and information compiled in reasonable anticipation of, or for use in, a legal proceeding.

For release workflows, the important question is not whether a document is part of the chart. It is whether the requested information is part of the designated record set.

How Billing Workflows Intersect with Amendment and Restriction Rights

Billing records can also be part of amendment workflows because 45 CFR § 164.526 gives individuals the right to request amendment of protected health information in a designated record set.

Restriction requests are a separate issue under 45 CFR § 164.522. In a narrow paid-in-full scenario, a covered provider must agree to restrict disclosure to a health plan for payment or healthcare operations purposes unless disclosure is otherwise required by law. Billing workflows can intersect with access, amendment, and restriction rights, but each right has its own rule.

What Usually Counts as Billing Records Under HIPAA?

For most providers, billing records include documents and data used to bill for services, document charges, track payments, and manage the patient’s financial account.

Common examples include:

itemized statements
charge detail and service date records
payment histories
claim information maintained by or for the provider
account balance records
account notes about billing activity
correspondence about charges, write-offs, adjustments, or patient responsibility

Some materials need a closer look. Explanation of benefits documents, insurance cards, or identification images may be part of the accessible record if the provider maintains them as part of the patient’s account file or otherwise uses them to make decisions about that individual.

The label alone does not decide the issue. What matters is how the provider maintains and uses the document. That is why designated record set mapping matters. Providers need to identify which billing system artifacts are part of the patient’s accessible record and which are purely administrative or internal.

For a broader look at how designated record sets should be defined across release workflows, HIPAA ROI compliance explains why the designated record set should not be reduced to the EHR chart alone.

What Do Requestors Usually Mean When They Ask for Billing Records?

Most requestors are not asking for raw revenue cycle exports. They usually want one of three things:

proof of service dates and charges
diagnostic and procedure codes associated with care
documentation showing what was billed, what was paid, and what remains the patient’s responsibility

That is why request language often needs clarification. A patient disputing a balance may need only itemized charges and payment history. A personal injury firm may need both clinical documentation and billing records. An insurer or employer may ask for billing records when it actually needs a narrower set of records tied to a specific claim or date range.

Clarifying intent does not weaken access rights. It improves fulfillment and reduces overdisclosure. That same intake discipline matters across patient rights to medical records, where scope, authority, timing, and record type all affect what a provider must produce.

Clean intake is what keeps those decisions consistent. The strongest release workflows separate who is asking, what authority they have, what record types are requested, and what date or condition limits apply. A compliant medical records release form helps here because vague authorization language often creates the same ambiguity that slows billing record fulfillment.

When Should Providers Release Billing Records, Clinical Records, or Both?

When the requestor is the individual exercising the HIPAA right of access, the main question is whether the requested information sits in the designated record set. If it does, it is generally in scope unless the individual narrows the request or a specific exception applies.

When the requestor is a third party, the analysis changes. Attorneys, insurers, employers, and other outside requestors do not get the designated record set as a matter of right. They receive only what the patient authorized or what HIPAA otherwise permits or requires.

A few common scenarios show the difference.

Patient Access Request: If the patient asks for their records without limiting the request to clinical notes, billing records should generally be included because they are part of the designated record set. If the patient asks only for clinical records, billing records can be excluded because the patient limited the scope.

Third-Party Authorization for Billing Only: If the authorization clearly requests billing records only, the provider should release billing records only.

Broad Third-Party Authorization: If the authorization requests all records related to a particular condition or date range, the provider may need to produce both clinical and billing records if both are necessary to satisfy the request as written.

Ambiguous Request: If the request says all medical records and the requestor appears to want proof of charges or dates of service, the safer move is to clarify the scope before release.

What Mistakes Cause Providers to Leave Billing Records Out?

The most common mistake is treating billing records as optional. The team pulls the chart from the EHR, fulfills the request, and never checks whether billing records were also in scope.

A second mistake is assuming records stored in a separate system somehow fall outside HIPAA access rules. Location does not decide designated record set status.

A third mistake comes from overreading the phrase medical record. Staff hear medical record request and assume the requestor meant clinical documentation only. The better question is what designated record set information the requestor actually sought.

Why Mixed Billing Files Need Extra Review

Billing records can include guarantor information, family references, payor correspondence, or account notes that mention another person. That does not remove the patient’s access right, but it can require review and redaction rather than a bulk export.

Another common problem is failing to inventory billing system record types. When teams do not know which billing documents are part of the accessible record, they fall back on inconsistent judgment calls. That creates delays, denials, and uneven release decisions across sites or staff.

These are exactly the issues that surface in broader compliance reviews. Strong HIPAA compliance and medical records exchange practices depend on record classification, role clarity, and visible workflows in day-to-day release operations. The same controls make a defensible HIPAA audit checklist much easier to support.

How Can Providers Operationalize Billing Record Access Without Manual Reconstruction?

Providers that handle billing records well usually have five controls in place.

1. A Designated Record Set Inventory That Includes Billing Systems

Identify where billing records are created, stored, retrieved, and amended, who owns each system, and what limitations affect export or review. That same inventory work supports the scope and policy discipline discussed in How the HITECH Act shapes HIPAA, EHRs, and data exchange.

2. Intake Fields That Separate Record Type from Requestor Type

A patient request, an attorney request, a payor request, and a subpoena should not all run through the same vague intake logic. Staff need structured fields for authority, requested record type, scope, and channel.

3. Retrieval Steps That Reach Beyond the EHR

If the workflow retrieves only from the clinical chart, it will miss billing records. Cross-system retrieval has to be part of the process design.

4. Review Rules for Mixed Billing Files

Billing records can contain patient data alongside guarantor or third-party information. Teams need a defined review standard for redaction, scope confirmation, and release documentation.

5. Audit-Ready Documentation of What Was Produced and Why

If the organization decides that a request covered billing records, the file should show that decision. If the organization decides that a particular billing artifact falls outside scope, the file should reflect that too.

Technology matters here. Release teams do not benefit from keeping billing, clinical, and imaging retrieval in separate invisible workflows. Release of information software helps teams manage cross-system requests more consistently through structured intake, routing, and status visibility.

How Can Providers Reliably Handle Billing Record Requests?

Providers do not need more reminders that billing records matter under HIPAA. They need a workflow that makes those records reachable, reviewable, and releasable without manual reconstruction across disconnected systems.

That is where many teams still break down. The rule is clear, but fulfillment often depends on handoffs between HIM, revenue cycle, and other staff working across separate platforms. That creates delays, inconsistent scope decisions, and incomplete responses when billing records are in play.

ChartRequest helps providers close that gap. We support structured release workflows that make it easier to capture the right scope, route requests correctly, retrieve billing and clinical records across systems, and document exactly what was produced. That gives teams better control over access fulfillment without relying on inboxes, side notes, or one-off follow-up.

For providers trying to reduce incomplete responses and make release decisions more defensible, the priority is not just knowing that billing records are in scope. It is building a process that can prove the right records were identified, reviewed, and delivered every time.

See how ChartRequest handles the release of information with a 5-day turnaround time guarantee.

Frequently Asked Questions

Are Billing Records Always Part of the Designated Record Set?

For covered healthcare providers, billing records about individuals maintained by or for the provider are part of the designated record set under HIPAA. The harder question is usually which specific documents in a billing environment qualify as billing records or otherwise fall within the designated record set analysis.

Do Patients Have the Right to Access Billing Records Under HIPAA?

Yes. HHS states that individuals have a right to access protected health information about themselves in a designated record set, and designated record sets include billing records. If a provider maintains the billing records, the access workflow should be able to reach them.

Providers generally must act on an access request within 30 days under 45 CFR § 164.524. A one-time 30-day extension is permitted if the provider cannot meet that deadline and notifies the individual in writing before the initial period expires.

Can a Provider Charge for Copies of Billing Records?

Potentially, yes, but only within HIPAA’s reasonable, cost-based fee limits and any stricter state-law limits that apply. HHS explains that the fee may include only certain labor, supply, and postage costs when responding to an individual’s access request.

Can Billing Records Be Amended?

They can be subject to amendment requests because HIPAA’s amendment right applies to protected health information in a designated record set. Whether a provider must accept a particular requested change depends on the amendment standard and any valid basis for denial under the rule.

Are Billing Records Part of an Accounting of Disclosures?

Not usually in routine payment workflows. HIPAA’s accounting requirement under 45 CFR § 164.528 excludes disclosures made for treatment, payment, and healthcare operations, which covers most standard billing activity.

Stay Updated

Find out the latest news and tips in our newsletter.

100% Privacy. No spam guaranteed.

Medical Records Release

Medical Records Retrieval

Add-On Services

Mobile App

Reduce Administrative Burden

Accelerate Case Resolution

Ensure Compliance & Security

Healthcare (ROI)

organization type

Law Firm (Retrieval)

Insurance

Patient / Family

Company

Resources

SUpport

Information