With a wide range of different medical record retention and destruction requirements on both a federal and state level, it’s critical you’re following best practices to ensure you’re staying in line with HIPAA and state standards. Not only is it essential in terms of protecting yourself from legal consequences, but also for protecting patients and their health information.
Learn more in this video or transcription below about why medical record retention and destruction tracking needs to be a priority, HIPAA’s background and retention standards, general recommendations for how long to keep different types of medical records, and how to best manage retention and destruction for both your paper medical records and EMRs.
What Makes Medical Record Retention and Destruction So Important?
At its core, staying on top of medical record management is essential for protecting patients by ensuring their sensitive information is safely stored and destroyed, however there are also legal incentives for making medical record retention and destruction a priority.
Legal requirements on both a federal and state level that lay out standards for how long medical records need to be kept and when they should be destroyed, and noncompliance with them can be costly—a single HIPAA violation fine can run as high as $50,000.
There’s a wide range of different medical record types, and with that comes a range of different retention times for them as well.
While federal laws like HIPAA lay out general medical record retention standards, there are also state laws that have specific retention requirements which can vary from state to state.
Medical Record Retention According to HIPAA
Passed in 1996, HIPAA (the Health Insurance Portability and Accountability Act) includes the HIPAA Privacy Rule, which is designed to hold healthcare providers accountable for protecting sensitive patient information.
Although the HIPAA Privacy Rule doesn’t give specific retention times for the various types of medical records, it does state that a medical record must be retained for 6 years from the date of its creation or the date it was last in effect, whichever is later.
HIPAA’s retention requirements preempt state laws when they have shorter retention periods, however state laws can also require medical records to be retained for longer than HIPAA’s 6 year standard.
Medical Record Retention According to State Laws
Each state has different minimum retention requirements, and in some cases they’re much longer than HIPAA’s requirements.
Some states will also try to set shorter retention requirements, however as before HIPAA’s 6 year standard would preempt them. Some of the most common medical record types and their recommended retention times include:
Recommended Retention Period
|Patient Health/Medical Records – Adults||10 years after the date of its last use|
|Patient Health/Medical Records – Minors||Age of majority plus statute of limitations|
|Diagnostic Images (x-ray films, etc.) – Adults||5 years*|
|Diagnostic Images (x-ray films, etc.) – Minors||5 years after the age of majority*|
|Master Patient/Person Index||Permanently|
|Physician Index||10 years|
|Disease Index||10 years|
|Operative Index||10 years|
|Register of Surgical Procedures||Permanently|
|Register of Births/Deaths||Permanently|
* Preempted by the HIPAA Privacy Rule
Medical Record Retention and Destruction Logs
By keeping medical records and destruction logs you can keep track of the medical records you’re currently retaining and have already destroyed.
Maintaining a log for managing retention and destruction helps to not only simplify records management, but also help ensure you’re staying compliant with HIPAA and other state laws.
How It Works: Keeping a Medical Record Retention Log
There are two formats for medical records used in healthcare today—paper records and EMRs (electronic medical records)—and because of that there are also two methods for storing and tracking their retention times.
Paper Medical Record Retention
When you’re storing hard-copy medical records in bulk with an off site storage provider, your file boxes can be labeled with their individual retention times.
While stored you can check up on the status of records and their retention times, and once they expire storage providers will handle the medical record destruction.
Digital Medical Record Retention
An EHR (electronic health record) system is used to house and manage individual EMRs, and can be configured to track the retention times for medical records. Once retention periods expire, an EHR system can also be configured to automatically delete the files.
How It Works: Keeping a Medical Record Destruction Log
Paper Medical Record Destruction
When retention times expire for medical records stored off site, storage providers can also shred the records with either an on-site industrial shredder in their facility or a secure partner shredding provider.
Once medical records are destroyed, you receive a formal certificate of destruction with details including the date, location, and witnesses to the shredding which in the event of any legal dispute can be used as proof of compliance.
Digital Medical Record Destruction
When the retention periods expire for EMRs, an EHR system can also be configured to delete them.
It’s important to note though that deleting files on a hard drive doesn’t mean they’re completely erased. When a file is deleted, the actual file stays stored on the hard drive and instead only a small bit of information on the hard drive pointing to where the file was located is erased.
With special software those deleted EMRs can still be recovered from a hard drive, meaning the only way to truly “erase” digital medical records is to destroy the hard drive altogether. Similar to shredding medical records, with hard drive destruction you also receive a certificate of destruction for proof of compliance.
Staying On Top of Your Medical Record Retention and Destruction Requirements?
At Shred Nations we partner with a nationwide network of readily-available medical records storage, shredding, and hard drive destruction providers in order to help ensure there are no gaps in the medical records retention and destruction practices of members of the healthcare industry.
Get free quotes and join the American Cancer Society, the Red Cross, and countless other organizations we’ve helped to find the best options for streamlining their medical record retention and destruction tracking by simply filling out the form to the right, giving us a call at (800) 747-3365, or contacting us directly using our live chat.