How to Manage Your Medical Record Retention and Destruction

With a wide range of different medical record retention and destruction requirements on both a federal and state level, it’s critical to follow best practices to ensure you’re compliant with HIPAA and state standards. Not only is it essential in terms of protecting yourself from legal consequences, but also for protecting patients and their health information.

Learn more in this video or transcription below about why medical record retention and destruction tracking needs to be a priority. The video covers HIPAA’s background and retention standards, general recommendations for how long to keep different types of medical records, and how to best manage retention and destruction for both your paper medical records and EMRs.

Video Transcription

What Makes Medical Record Retention and Destruction So Important?

Staying on top of medical record management is essential for protecting patients. This ensures their information remains safe through proper storage and destruction. However, there are also legal incentives for making medical record retention and destruction a priority.

Legal requirements on both a federal and state level that lay out standards for how long to keep medical records and when to destroy them. Additionally, is shows how noncompliance with them can be costly. For example, a  single HIPAA violation fine can run as high as $50,000.

HIPAA and state retention requiremetsHIPAA and State Retention Requirements

Additionally, there’s a wide range of different medical record types, and with that comes a range of different retention times for them as well.

While federal laws like HIPAA lay out general medical record retention standards, there are also state laws that have specific retention requirements which can vary from state to state.

Medical Record Retention According to HIPAA

Passed in 1996, HIPAA (the Health Insurance Portability and Accountability Act) includes the HIPAA Privacy Rule. Additionally, this is designed to hold healthcare providers accountable for protecting sensitive patient information.

HIPAA Privacy Rule doesn’t give specific retention times for the various types of medical records. However, it does state that a medical record must be retained for 6 years from the date of its creation or the date it was last in effect, whichever is later.

HIPAA’s retention requirements preempt state laws when they have shorter retention periods. However, state laws can also require medical records to be retained for longer than HIPAA’s 6 year standard.

Medical Record Retention According to State Laws

Each state has different minimum retention requirements, and in some cases they’re much longer than HIPAA’s requirements.

Some states will also try to set shorter retention requirements. However, as before, HIPAA’s 6 year standard would preempt them. Some of the most common medical record types and their recommended retention times include:

Medical Record

Recommended Retention Period

Patient Health/Medical Records – Adults 10 years after the date of its last use
Patient Health/Medical Records – Minors Age of majority plus statute of limitations
Diagnostic Images (x-ray films, etc.) – Adults 5 years*
Diagnostic Images (x-ray films, etc.) – Minors 5 years after the age of majority*
Master Patient/Person Index Permanently
Physician Index 10 years
Disease Index 10 years
Operative Index 10 years
Register of Surgical Procedures Permanently
Register of Births/Deaths Permanently

* Preempted by the HIPAA Privacy Rule

Medical Record Retention and Destruction Logs

Additionally, keeping medical records and destruction logs help keep track of the records you’re currently retaining and have already destroyed.

Maintaining a log helps simplify records management, but also helps ensure you’re staying compliant with HIPAA and other state laws.

How It Works: Keeping a Medical Record Retention Log

There are two formats for medical records used in healthcare today, including paper records and EMRs (electronic medical records). Additionally, there are two methods for storing and tracking their retention times.

Paper Medical Record Retention

When you’re storing hard-copy medical records in bulk with an off site storage provider, your file boxes can be labeled with their individual retention times.

While stored you can check up on the status of records and their retention times, and once they expire storage providers will handle the medical record destruction.

Digital Medical Record Retention

An EHR (electronic health record) system is used to house and manage individual EMRs, and can be configured to track the retention times for medical records. Once retention periods expire, you can configure EHR systems to delete the files automatically.

How It Works: Keeping a Medical Record Destruction Log

Shred Events with Shred NationsJust like how there are two methods used for tracking paper and EMR retention periods, there are also two different ways to destroy medical records once their retention times expire.

Paper Medical Record Destruction

When retention times expire for medical records stored off site, storage providers can also shred the records with either an on-site industrial shredder in their facility or a secure partner shredding provider.

After destroying the records, you receive a formal certificate of destruction with details including the date, location, and witnesses to the shredding which in the event of any legal dispute can be used as proof of compliance.

Digital Medical Record Destruction

Additionally, EHR systems can delete the files after the retention times expire through proper configuration.

Deleting files on a hard drive doesn’t mean they’re completely erased. When a file is deleted, the actual file stays stored on the hard drive and instead only a small bit of information on the hard drive pointing to where the file was located is erased.

With special software, those deleted EMRs can still be recovered from a hard drive. Additionally, this means the only way to truly “erase” digital medical records is to destroy the hard drive altogether. In addition, hard drive destruction you also receive a certificate of destruction for proof of compliance.

Staying On Top of Your Medical Record Retention and Destruction Requirements?

At Shred Nations, we partner with a nationwide network of readily-available medical records storage, shredding, and hard drive destruction providers. Additionally, we help ensure there are no gaps in the medical records retention and destruction practices of members of the healthcare industry.

Join the American Cancer Society, the Red Cross, and countless other organizations we’ve helped to find the best options for streamlining their medical record retention and destruction tracking. Start there process by simply filling out the form, giving us a call at (800) 747-3365, or contacting us directly using our live chat. 

The Medical Records Retention and Destruction Process