MENU
Before electronic medical records (EMRs) digitized patient charts, physicians often ran out of physical storage space and had to destroy specific records. However, even EMRs don’t have unlimited storage and memory, so the need to destroy records hasn’t entirely disappeared.
It’s crucial to understand that destruction practices that violate medical records retention laws are grounds for lawsuits. We’ll explain how your practice can retain and destroy medical records in compliance with existing laws. [Related article: How to Implement an Electronic Health Records System]
Medical records retention is the act of keeping your patient charts and other medical information on file. When you retain your records, you develop a track record of your treatment plans and quality of care. The latter is an important measure within value-based care models.
Proper medical records retention is advisable for successful long-term patient treatment. It’s also helpful when dealing with medical malpractice suits, licensing board complaints and medical billing audits.
Several factors determine the number of years for which you must retain medical records.
The following federal laws pertain to medical record retention:
Most states have extensive regulations regarding retaining or destroying medical records. Consult experts in your state about these laws and how they affect your medical records retention. Below are a few examples of state medical records retention guidance:
Case law is a subset of state law concerning medical malpractice suits. It determines how long after the state’s statutory period a patient may file suit if they discover that medical malpractice led to their current complaints.
Case law exists because some injuries or conditions aren’t immediately obvious signs of medical malpractice, which means medical malpractice suits can sometimes be exempt from statutory limits. Confer with experts in your state to learn more.
Consult other practitioners and medical law experts in your area to determine which state and case laws govern the retention of your medical records.
To keep your medical records retention in line with the guidance above, follow these best practices.
A patient’s medical records should include the following information:
Retain any records that physicians and specialists outside your practice send you for your own use with a patient, according to the same retention time frames as your records. Additionally, keep your practice’s medical billing documents regarding the patient so you can track which services were performed and paid for.
Several medical recordkeeping dos and don’ts can ensure that your patient charts are readily usable for any future purposes.
Do:
Don’t:
Patient charts are crucial to successful outcomes. Accurate patient charts help practitioners avoid misdiagnosing patients or implementing ineffective treatment plans.
In almost all cases, a patient’s written consent is required to share their medical records with other parties. Given this privacy concern, medical records retention is as much about keeping records on file as it is about securing them from unauthorized access. HIPAA-compliant EMRs come with safeguards that make connected medical device security seamless.
In the U.S., limited exceptions exist to medical record sharing and confidentiality regulations. Some portions of U.S. law can allow the sharing of medical records without the patient’s consent if the following conditions are met:
Although your practice bears the burden of retaining medical records, all records belong to the patients named in them. So, set up your medical records to make patient access easy.
Medical software, such as EHR systems and medical practice management system (PMS) patient portals, streamline this access. Note that you must comply with all patient requests to share their medical records with any parties they request.
The terms EMR and EHR (electronic health record) are often used interchangeably. However, while EMRs are essentially digital patient charts, EHRs have additional functions like digital prescribing capabilities.
Eventually, all medical records will exist long enough that you’re no longer required to keep them. In this case, follow destruction best practices, including the following:
Among our picks for the best medical software, we recommend the following platforms for HIPAA-compliant records retention:
Technically, patients own their EMRs. The practice remains responsible for storing them but patients can demand access at any time. Patients can even demand you hand over their records without retaining copies.
If your practice closes, you can’t just destroy your patient records and call it a day. After all, records belong to patients, not you. Notify your patients of your impending closure and inform them of their right to designate another practitioner to hold their records. Alternatively, you can release the patient’s records directly to them.
Medical records and other sensitive documents go through a life cycle comprising three stages. The first stage is the document’s creation and the second and more involved stage is maintenance. During this stage, you may need to edit your medical records and move them to new locations within your medical software. The third and final stage is the destruction of your medical records in compliance with HIPAA regulations.
Although state regulations may tell you the date after which you can destroy records you no longer need, many experts suggest retaining documents indefinitely. However, if you need to clear up storage space, delete only documents you’ve retained long after the final date permitted by law.
In almost all circumstances, doctors cannot refuse to release medical records when patients request them. Extremely limited exceptions may exist in certain states or localities, but it’s best to assume that when a patient demands their records, you should hand them over.
However, you don’t have to release a patient’s medical records to a third party unless you receive direct authorization from the patient. Getting the patient’s explicit permission for record release is best. This way, you avoid breaching the patient’s confidentiality and winding up with a lawsuit on your hands. After all, that’s one of your biggest reasons for following medical records retention guidelines in the first place.