Regulations & Record Retention
Federal law mandates that a provider keep and retain each record for a minimum of seven years from the date of the last service to the patient. For Medicare Advantage patients, it goes up to ten years.
Providers must also comply with individual state regulations on record retention (which often differ from the national standards) and their states’ statutes of limitations on malpractice lawsuits. The idea that records, either in paper or electronic form, should be saved for around ten years to comply with all requirements is an oft-touted rule of thumb. But, of course, there are exceptions.
Caring for minors?
Keep their records at least two years after they reach the “age of majority” (twenty in most states) or even longer. In South Carolina, the records of a minor should be retained no less than thirteen years.
If the Occupational Safety and Health Administration (OSHA) was involved, hang on to them for 30 years after the last date of service.
Are you treating veterans?
Be prepared to stash their charts for a long time – 75 years. If a patient was not mentally competent at the time of treatment, retain the records indefinitely.
Lastly, should you ever discover that legal action is pending from a patient, be sure to save his relevant records, even if you’ve already kept them past their other retention deadlines. No destruction is allowed once you have knowledge of the litigation.
EOBs
Even though it usually ends up housed within a patient’s chart, the explanation of benefits form (EOB) is not technically part of the medical record, and you’re not required to hang on to it very long. Many practices only house them for 2-3 years. Making EOB retention its own separate, seamless process is a wise choice for any practice, because when it comes to medical record retention, the question of “how long to keep” is a complicated one to answer.
Storing Forever is Not an Option
If you’ve got plenty of space at your practice for stowing old paper records, you may be tempted to hang on to them forever, if only to avoid the hassle of electronic archiving or digging through them to determine what you can pitch. But taking that route is a very bad idea. In fact, even retaining your easily stored, already-converted electronic records indefinitely can cause you major problems.
Destroying records, digital or otherwise, once their retention deadlines arrive is extremely important. Even if your backroom is locked and your health IT system offers top-notch encryption, security breaches and HIPAA violations can still occur. There’s no reason to leave any patient information – especially data that’s unnecessary to retain – vulnerable to being compromised. As long as you keep documented records of all destructions, proper disposal of old data is the best way to ensure patient confidentiality is upheld.