In 2017 alone over 3,000,000 healthcare records were breached. The total number of medical record breaches continues to increase year over year, and experts don’t see this phenomenon slowing down anytime soon.
Both large and small medical organizations are targeted as hackers try to find the quickest and easiest ways to steal the most information.
Hackers target all types of personal information, such as credit card and tax-related info, but medical records are a prime target for criminals because of the vast amount of private, valuable information they contain.
To combat the ill effects of healthcare breaches, healthcare organizations are held to a high standard and are heavily regulated to ensure patient information security.
Record retention laws have been established to keep the information contained in medical records as safe as possible. These laws classify types of records and specify a specific length of time they need to be kept for. Once a record expires, it should be effectively destroyed immediately.
This article focuses on record retention laws and guidelines, why they are important, and provides tips to ensure your practice is keeping in compliance.
Why Record Retention Times Are Important
The best way to keep private information safe is to never write it down. Unfortunately for the healthcare industry, this is impossible.
Diligent record-keeping is necessary to provide thorough and correct patient care, but having robust amounts of personal details in writing presents a catch twenty-two scenario.
To ease the strain on healthcare institutions, record retention periods were created to make a simple, standardized record management process that healthcare providers can rely upon.
With specific guidelines in place for how long to keep all types of private records, medical offices can easily sort and organize their files, streamlining record-keeping procedures while maintaining a strict, high level of security.
Medical Record Retention Laws
The most pertinent nationwide regulations regarding medical record-keeping stem from HIPAA.
Passed in 1996, the Health Insurance Portability and Accountability Act was enacted with several goals, all centered around medical record security and simplifying the record-keeping process for healthcare practitioners.
HIPAA is broken up into five distinct titles:
Title I: HIPAA Health Insurance Reform
Title II: HIPAA Administrative Simplification
Title III: HIPAA Tax-Related Health Provisions
Title IV: Application and Enforcement of Group Health Plan Requirements
Title V: Revenue Offsets
Yet while HIPAA dictates security and privacy rules, it does not specify exact record retention periods for documents other than policies and documentation regarding compliance efforts. Medical record retention is governed at the state level.
General Record Retention Guidelines
Each state has different requirements for how long healthcare practitioners should keep certain records.
At your organization, you must create and document a record retention schedule and set up your record management procedures to streamline retention and quick disposal efforts.
Here is a general record retention table to help you get started:
Health Information |
Recommended Retention Period |
Diagnostic Images (x-ray films, etc) (adults) | 5 years |
Diagnostic Images (x-ray films, etc) (minors) | 5 years after the age of majority |
Disease Index | 10 years |
Master Patient/Person Index | Permanently |
Operative Index | 10 years |
Patient Health/Medical Records (adults) | 10 years after the most recent encounter |
Patient Health/Medical Records (minors) | Age of majority plus statute of limitations |
Physician Index | 10 years |
Register of Births/Deaths | Permanently |
Register of Surgical Procedures | Permanently |
As you can see, record retention periods differ according to the type of information contained in the document and whether the document regards an adult or a minor.
The above chart does not cover every record type, but you can use it to help guide you in the right direction. As you create your own record retention schedule it helps to be as specific as possible so that employees never have to guess about when to dispose of a record.
As far as storing your records up until it’s time to dispose of them, organize your files so they are quick to locate, but also so they are grouped with other documents that expire at the same time. This will help with efficient disposal.
What to Do With Expired Medical Records
To maintain a high level of security, documents passed their set retention period should be destroyed as soon as possible. Shredding medical records as soon as they expire is an important step in the record retention process that should not be neglected.
There are two effective options for disposing of expired medical records:
Witnessed Shredding
Shredding services are highly customizable, with programs allowing you to witness the shredding or save costs by sending the paperwork to an offsite facility.
Scheduled Shredding
You can even pre-schedule ongoing shredding services and simply have a shredder stop by as often as you need to shred files you place in shred bins around your office.
Protect Your Medical Records and Partner With a Local Shredding Professional
Shred Nations has a nationwide network of reliable document shredding partners who comply with HIPAA as well as all state and local information security laws.
Get matched with a shredding provider near you who can handle your exact shredding needs. Call us today at (800) 747-3365, use the chat feature, or fill out the form on the right and we’ll get you several free quotes from dependable shredders in your area.
We look forward to helping you keep your patient’s information safe and secure.