by | Updated April 7, 2022 | Medical Records | 6 min read Show
With a wide range of different medical record retention and destruction requirements on both a federal and state level, it’s critical to follow best practices to ensure you’re compliant with HIPAA and state standards. Not only is it essential in terms of protecting yourself from legal consequences, but also for protecting patients and their health information. Learn more in this video or transcription below about why medical record retention and destruction tracking needs to be a priority. The video covers HIPAA’s background and retention standards, general recommendations for how long to keep different types of medical records, and how to best manage retention and destruction for both your paper medical records and EMRs. Video Transcription What Makes Medical Record Retention and Destruction So Important?Staying on top of medical record management is essential for protecting patients. This ensures their information remains safe through proper storage and destruction. However, there are also legal incentives for making medical record retention and destruction a priority. Legal requirements on both a federal and state level that lay out standards for how long to keep medical records and when to destroy them. Additionally, is shows how noncompliance with them can be costly. For example, a single HIPAA violation fine can run as high as $50,000. HIPAA and State Retention RequirementsAdditionally, there’s a wide range of different medical record types, and with that comes a range of different retention times for them as well. While federal laws like HIPAA lay out general medical record retention standards, there are also state laws that have specific retention requirements which can vary from state to state. Medical Record Retention According to HIPAAPassed in 1996, HIPAA (the Health Insurance Portability and Accountability Act) includes the HIPAA Privacy Rule. Additionally, this is designed to hold healthcare providers accountable for protecting sensitive patient information. HIPAA Privacy Rule doesn’t give specific retention times for the various types of medical records. However, it does state that a medical record must be retained for 6 years from the date of its creation or the date it was last in effect, whichever is later. HIPAA’s retention requirements preempt state laws when they have shorter retention periods. However, state laws can also require medical records to be retained for longer than HIPAA’s 6 year standard. Medical Record Retention According to State LawsEach state has different minimum retention requirements, and in some cases they’re much longer than HIPAA’s requirements. Some states will also try to set shorter retention requirements. However, as before, HIPAA’s 6 year standard would preempt them. Some of the most common medical record types and their recommended retention times include:
* Preempted by the HIPAA Privacy Rule Additionally, keeping medical records and destruction logs help keep track of the records you’re currently retaining and have already destroyed. Maintaining a log helps simplify records management, but also helps ensure you’re staying compliant with HIPAA and other state laws. How It Works: Keeping a Medical Record Retention LogThere are two formats for medical records used in healthcare today, including paper records and EMRs (electronic medical records). Additionally, there are two methods for storing and tracking their retention times. Paper Medical Record RetentionWhen you’re storing hard-copy medical records in bulk with an off site storage provider, your file boxes can be labeled with their individual retention times. While stored you can check up on the status of records and their retention times, and once they expire storage providers will handle the medical record destruction. Digital Medical Record RetentionAn EHR (electronic health record) system is used to house and manage individual EMRs, and can be configured to track the retention times for medical records. Once retention periods expire, you can configure EHR systems to delete the files automatically. How It Works: Keeping a Medical Record Destruction LogJust like how there are two methods used for tracking paper and EMR retention periods, there are also two different ways to destroy medical records once their retention times expire.Paper Medical Record DestructionWhen retention times expire for medical records stored off site, storage providers can also shred the records with either an on-site industrial shredder in their facility or a secure partner shredding provider. After destroying the records, you receive a formal certificate of destruction with details including the date, location, and witnesses to the shredding which in the event of any legal dispute can be used as proof of compliance. Digital Medical Record DestructionAdditionally, EHR systems can delete the files after the retention times expire through proper configuration. Deleting files on a hard drive doesn’t mean they’re completely erased. When a file is deleted, the actual file stays stored on the hard drive and instead only a small bit of information on the hard drive pointing to where the file was located is erased. With special software, those deleted EMRs can still be recovered from a hard drive. Additionally, this means the only way to truly “erase” digital medical records is to destroy the hard drive altogether. In addition, hard drive destruction you also receive a certificate of destruction for proof of compliance. Staying On Top of Your Medical Record Retention and Destruction Requirements?At Shred Nations, we partner with a nationwide network of readily-available medical records storage, shredding, and hard drive destruction providers. Additionally, we help ensure there are no gaps in the medical records retention and destruction practices of members of the healthcare industry. Join the American Cancer Society, the Red Cross, and countless other organizations we’ve helped to find the best options for streamlining their medical record retention and destruction tracking. Start there process by simply filling out the form, giving us a call at (800) 747-3365, or contacting us directly using our live chat. What is the minimum period of time a medical record should be retained?In the USA— the Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers and other Covered Entities to retain medical records for six years, measured from the time the record was created, or when it was last in effect, whichever is later.
What is the HIPAA Privacy Rule requirement for the retention of health records?To keep your practice compliant with their regulations, you must retain all medical records for at least five years. Critical access hospitals must do so for six years.
How long should a patients records be kept?Regulations & Record Retention
Federal law mandates that a provider keep and retain each record for a minimum of seven years from the date of last service to the patient. For Medicare Advantage patients, it goes up to ten years.
How long are medical records kept in US?There is no one timeline for retaining and storing medical records. This is because HIPAA laws demand the users to store the medical records for six years, while federal law demands them to retain the medical records for at least seven years after the medical service is provided to the patients.
|