With a wide range of different medical record retention and destruction requirements on both a federal and state level, it’s critical to follow best practices to ensure you’re compliant with HIPAA and state standards. Not only is it essential in terms of protecting yourself from legal consequences, but also for protecting patients and their health information.
Learn more in this video or transcription below about why medical record retention and destruction tracking needs to be a priority. The video covers HIPAA’s background and retention standards, general recommendations for how long to keep different types of medical records, and how to best manage retention and destruction for both your paper medical records and EMRs.
What Makes Medical Record Retention and Destruction So Important?
Staying on top of medical record management is essential for protecting patients. This ensures their information remains safe through proper storage and destruction. However, there are also legal incentives for making medical record retention and destruction a priority.
Legal requirements on both a federal and state level that lay out standards for how long to keep medical records and when to destroy them. Additionally, is shows how noncompliance with them can be costly. For example, a single HIPAA violation fine can run as high as $50,000.
Additionally, there’s a wide range of different medical record types, and with that comes a range of different retention times for them as well.
While federal laws like HIPAA lay out general medical record retention standards, there are also state laws that have specific retention requirements which can vary from state to state.
Medical Record Retention According to HIPAA
Passed in 1996, HIPAA (the Health Insurance Portability and Accountability Act) includes the HIPAA Privacy Rule. Additionally, this is designed to hold healthcare providers accountable for protecting sensitive patient information.
HIPAA Privacy Rule doesn’t give specific retention times for the various types of medical records. However, it does state that a medical record must be retained for 6 years from the date of its creation or the date it was last in effect, whichever is later.
HIPAA’s retention requirements preempt state laws when they have shorter retention periods. However, state laws can also require medical records to be retained for longer than HIPAA’s 6 year standard.
Medical Record Retention According to State Laws
Each state has different minimum retention requirements, and in some cases they’re much longer than HIPAA’s requirements.
Some states will also try to set shorter retention requirements. However, as before, HIPAA’s 6 year standard would preempt them. Some of the most common medical record types and their recommended retention times include:
Recommended Retention Period
|Patient Health/Medical Records – Adults||10 years after the date of its last use|
|Patient Health/Medical Records – Minors||Age of majority plus statute of limitations|
|Diagnostic Images (x-ray films, etc.) – Adults||5 years*|
|Diagnostic Images (x-ray films, etc.) – Minors||5 years after the age of majority*|
|Master Patient/Person Index||Permanently|
|Physician Index||10 years|
|Disease Index||10 years|
|Operative Index||10 years|
|Register of Surgical Procedures||Permanently|
|Register of Births/Deaths||Permanently|
* Preempted by the HIPAA Privacy Rule
Medical Record Retention and Destruction Logs
Additionally, keeping medical records and destruction logs help keep track of the records you’re currently retaining and have already destroyed.
Maintaining a log helps simplify records management, but also helps ensure you’re staying compliant with HIPAA and other state laws.
How It Works: Keeping a Medical Record Retention Log
There are two formats for medical records used in healthcare today, including paper records and EMRs (electronic medical records). Additionally, there are two methods for storing and tracking their retention times.
Paper Medical Record Retention
When you’re storing hard-copy medical records in bulk with an off site storage provider, your file boxes can be labeled with their individual retention times.
While stored you can check up on the status of records and their retention times, and once they expire storage providers will handle the medical record destruction.
Digital Medical Record Retention
An EHR (electronic health record) system is used to house and manage individual EMRs, and can be configured to track the retention times for medical records. Once retention periods expire, you can configure EHR systems to delete the files automatically.
How It Works: Keeping a Medical Record Destruction Log
Paper Medical Record Destruction
When retention times expire for medical records stored off site, storage providers can also shred the records with either an on-site industrial shredder in their facility or a secure partner shredding provider.
After destroying the records, you receive a formal certificate of destruction with details including the date, location, and witnesses to the shredding which in the event of any legal dispute can be used as proof of compliance.
Digital Medical Record Destruction
Additionally, EHR systems can delete the files after the retention times expire through proper configuration.
Deleting files on a hard drive doesn’t mean they’re completely erased. When a file is deleted, the actual file stays stored on the hard drive and instead only a small bit of information on the hard drive pointing to where the file was located is erased.
With special software, those deleted EMRs can still be recovered from a hard drive. Additionally, this means the only way to truly “erase” digital medical records is to destroy the hard drive altogether. In addition, hard drive destruction you also receive a certificate of destruction for proof of compliance.
Staying On Top of Your Medical Record Retention and Destruction Requirements?
At Shred Nations, we partner with a nationwide network of readily-available medical records storage, shredding, and hard drive destruction providers. Additionally, we help ensure there are no gaps in the medical records retention and destruction practices of members of the healthcare industry.
Join the American Cancer Society, the Red Cross, and countless other organizations we’ve helped to find the best options for streamlining their medical record retention and destruction tracking. Start there process by simply filling out the form, giving us a call at (800) 747-3365, or contacting us directly using our live chat.