However, there are some general guidelines that say:. Covered entities must review their own circumstances to determine what steps are reasonable to safeguard PHI through disposal and develop and implement policies and procedures to carry out those steps.
The key is that any medical records you get rid of must be destroyed in a manner that prevents them from being reconstructed or otherwise accessed. Click here to learn how Gilmore Services can help with medical record destruction. According to HIPAA, medical records must be kept for either: Six years from their creation; or Six years from their last use Most states have data retention laws, too. There are specific requirements regarding the storage, retention and disposal of these records.
The record not only includes the notes that you make, but can also include a variety of sources and media including:. Medical records can be kept as physical files or electronically. Electronic files must be capable of being printed.
All medical records, regardless of how they are kept, must be stored in a manner that:. You must take all reasonable steps to protect the security of your medical records. For example, electronic medical records should be password protected, backed up regularly and backed up offsite.
You should use antivirus software, keep your portable devices safe and secure and encrypt your files where possible. Hardcopy records should be stored in a locked filing cabinet or in a secured dedicated room at the practice, or by a secure storage provider. For more tips on how to do this, please read our factsheet: Preventing data breaches.
Different jurisdictions and organisations have different requirements for retaining records. Many doctors keep medical records for as long as possible. While this may be sensible in some cases, it can be at odds with Australian privacy law requirements. If the patient was aged under 18 years at the date of the last entry in the medical record, you must wait until that patient would have turned 25 years old before you can dispose of the record.
New South Wales, Victoria and the Australian Capital Territory have specific legislation relating to medical records and health information. In these jurisdictions the legislation requires doctors to retain records for the times specified above. For doctors practising in states and territories without specific legislation, Avant recommends using the NSW, Victoria and ACT requirements as a guide and keeping records for the same minimum period.
Obstetric records, which often contain information about the baby and the mother, should be retained for 25 years from the birth of the child. Doctors must keep all documents related to a claim under Medicare for at least two years from the date the service was provided. By keeping records for seven years you will also satisfy this requirement. If Medicare claims are audited by the Department of Health, you are required to keep all the records relating to that claim until the audit is finalised.
Many medical providers choose to be on the safe side when it comes to the retention of medical records, using the following guidelines:. For a more information on retention periods for medical records, providers may wish to consult the American Health Information Management Association.
Many medical healthcare providers are pivoting from paper to digital record management. Even with the shift to digital, most providers still have substantial old paper documents to retain. Ensuring the confidential retention of these medical records is vital for compliance. Thankfully, the secure retention of these medical records is possible with designated storage facilities. These facilities must be highly secure, yet you must be able to access the information stored there when necessary.
Part of HIPAA requirements are that patients must be able to access their private health information on request. After the HIPAA records retention period for has been satisfied, information may be safely disposed of through secure shredding. Some states require the healthcare service provider to produce an abstract that notifies patients their records have been destroyed and certifies the information is now unreadable.
Except where there are contravening state laws, the destruction of HIPAA records should ensure that reconstructing the information on them is not possible. HIPAA-covered entities also must keep a record of:. If you destroy HIPAA records with this model, your contract with the third-party service provider must have the following:. The correct method for the retention and destruction of medical records is a function of their format.
You have to demagnetize tapes and cut DVDs into tiny bits. Because the bulk of private health information is still in paper form, off-site shredding via a third party like Armstrong Archives is ideal. The third party can transport the documents via a locked container before it is shredded with industrial-grade shredding equipment. Industrial shredders use the cross-cut shredding method to ensure the destruction meets HIPAA standards.
Below are answers to some common questions about the retention and destruction of health information:. Yes, hospitals destroy medical records.
0コメント