Protected Health Information: How Long Do You Need to Keep Records?

Depending on the services you offer and the reasons you have access to PHI, there are various alternative responses to this question.

However, you must keep all Protected Health Information you have handled, saved, or transferred if your company is a Covered Entity, Business Associate, or Business Associate Subcontractor as defined by HIPAA.

In these circumstances, safe PHI retention is essential.

All records containing PHI must be kept for a minimum of six years in accordance with the HIPAA Security Rule.

However, there are various term requirements for PHI retention under various federal standards and state legislation.  With a six-year PHI retention requirement for critical access hospitals, the Centers for Medicare & Medicaid Services (CMS) mandates that hospitals maintain their information for a minimum of five years.

The Occupational Safety and Health Administration (OSHA), on the other hand, mandates that businesses keep employee exposure and medical records for 30 years.

If your company is bound by several laws, you should adhere to the one that is the strictest regarding record retention.

For doctors, different states have varied regulations about how long you must keep records, and the durations range quite a bit.

While the California Medical Association advises doctors to keep records for 10 years after the date of the patient’s last visit, several states mandate PHI preservation of patient data for seven years. There is a lot of possibility for HIPAA violations with keeping that many records for so long!

What is medical records retention?

Keeping your patient charts and other medical documents on file is known as medical records retention. By keeping your records, you may establish a history of your treatment plans and level of care.

Retaining medical records properly is advised for effective long-term patient care. Additionally, it is beneficial when dealing with medical billing audits, licencing board complaints, and malpractice lawsuits.

How long after a contract has ended should insurance agents keep PHI on file?

Almost all state insurance departments require companies that are under their jurisdiction (such as agents) to keep records for 5-7 years.

Since each regulatory body has its own rules, check with your local legislation and the state department to find out what PHI retention standards you must follow.