Protected Health Information: How Long Do You Need to Keep Records?

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

In your home, it is likely that you have at minimum a pile of paperwork and records that you’ve held onto “just in case you need it” for a possible tax audit, warranty, to make a return, or several other random reasons you’ll need to reference it in the future. No one ever seems to be 100% sure of how long they need to hold onto records, and with most information held electronically, we tend to lose track and not pay attention.

If you’re working in the healthcare industry, you do need to pay attention, or else you may be putting yourself at the risk of violating HIPAA laws and guidelines.

Are There Rules?

HIPAA covers key elements like whose information is protected, what information is protected, and the safeguards that must be in place. While the timelines may vary according to the information being discussed, there are guidelines in place that your business should be aware of.

There may also be confusion over the way that the legislation defines requirements for medical record retention as compared to other record retention. For example, the HIPAA Security Rule has requirements where Covered Entities and Business Associates must maintain required documentation for a minimum of six (6) years on certain data and information. That is defined as from the date it was created or the date that it was last in effect, whichever is later. However, each state has different rules and requirements that you need to be aware of for different types of data and documentation.

Don’t Take a Chance

While you can search online for information that your state publishes, you may find the results confusing. For example, according to this document published by the Centers for Medicare and Medicaid Services, one result may direct you to another. HIPAA Secure Now can help to ensure that your business not only remains compliant but that it also stays up to date on policy and procedure changes that might affect your business without you realizing it.

This article was originally published on HIPAA Secure Now! and is republished here with permission.