Consulting a patient’s medical record is the first step to providing great care. In just a few pages, healthcare workers can see prior procedures, conditions the patient has been diagnosed with, and past symptoms. All of this information creates a timeline of what a patient has been through and helps make future healthcare decisions easier.
However, this medical information isn’t just useful for healthcare employees. It’s also valuable to hackers. Holding onto medical records for longer than you need puts your patients’ data at risk.
A medical record or data breach can lead to huge legal problems. Storing old medical records, whether paper or electronic, increases the possibility of a data breach and requires a lot of maintenance. It’s important to purge any records you don’t need to save.
How long should you keep medical records? Let’s take a look at how long medical records need to be stored and how you should store them.
How long do you need to store medical records?
Individual states set the standard for how long to retain records. For instance, many states mandate that healthcare providers hold onto records from adult patients for seven years. States may also require that you keep minors’ records until two years after they reach the age of majority (i.e., until that patient turns 20). Since each state has different laws, researching your state’s laws is essential to maintain legal compliance.
While state laws tend to apply to all medical records, federal laws and agencies focus on specific types of records. Under HIPAA, any HIPAA-related records (such as implementing new protection measures for PHI) need to be stored for six years. The Centers for Medicare & Medicaid Services requires that records of costs submitted to federal healthcare programs be kept for five years from the time they were created.
If you’re dealing with a work accident, OSHA stipulates that any record of treating an employee’s workplace injury be held for the entire time that employee works for that employer plus an additional 30 years. Veterans’ records typically have to be stored for 75 years, unless they are mentally incompetent at the time of treatment. In that case, the record has to be kept forever.
Finally, a recent court ruling found that medical practices can be sued for making a false claim to a federal healthcare program up to 10 years after it happened. So healthcare providers that deal with federal healthcare programs have to retain records for 10 years to avoid legal trouble. You also have to keep any medical records that relate to an active lawsuit or legal action.
No matter what type of record or where your healthcare practice is, you’ll likely have to keep medical records for a long time. But that doesn’t mean you can put your files in a box and forget about them. Just as laws dictate how long you need to keep records, there are laws that decide how you can store them.
How should you store medical records?
Whether you keep records electronically or in paper form, you need to keep them secure and protected. Paper records should be stored in a locked area that only staff can access.
Electronic records are a bit trickier to store. Safeguards need to be put in place to protect data but allow staff access to essential information.
You need a secure network to store and transmit your data. Any data you send over email or messaging services has to be encrypted. Plus, if you use an outside storage provider or messaging service, they have to sign a business associate agreement (BAA) with your organization.
By storing records securely, you’ll protect your patients’ information. Medical records are an important part of the healthcare system. Keeping them for the right length of time will prevent legal issues and help you access the information you need to help your patients.
Look at your records
Keeping records for longer than you should increases your risk for data breaches and HIPAA violations. However, getting rid of them too soon can make it harder to provide the best care. By following federal and state laws, you’ll improve your patient care and protect their data.
How can you collect the information you need for your records?
JotForm offers HIPAA-compliant online forms. Whether you want to streamline your information gathering or increase your telehealth options, our forms can help you keep your patients’ medical records safe.