TMCnet Feature Free eNews Subscription
December 02, 2019

Document Management: How Long Should Your Practice Keep Medical Documents?



Handling your patient records properly is important, but medical document management doesn't have to be stressful. Find out how long to keep documents and more. 

Without a question, record-keeping is one of the most daunting tasks any healthcare business owner faces on a daily basis. A single patient can result in a plethora of documents. Multiply one patient by hundreds, and you have an astounding amount of data that has to be properly handled. Pair that fact with the idea that HIPAA can slap you with penalties for handling any bit of this data the wrong way, and you have enough anxiety to go around for everyone within your operation simply due to medical document management.



How long should your practice keep these documents and how can you simplify the process of record-keeping?

Don Baham of Kraft Technology Group in Nashville outlines a few things you should know as the manager of a medical practice.

Laws Vary By State Regarding How Long to Keep Patient Records

You can't simply Google (News - Alert) how long to keep patient records and data and get a straightforward answer to your question. The laws regarding record-keeping in the medical industry can actually vary according to what state it is that you live in. For example, in the state of Alabama, the only defined timeframe for medical doctors is to keep the records "As long as may be necessary to treat the patient and for medical-legal purposes." Hospitals in the state have to keep records for five years. In Delaware, records have to be kept for seven years after the last date of entry on a patient's record.

Paperwork Leaves You Wide-Open for HIPAA Violations, But So Can Electronic Recordkeeping

No matter how careful you are with filing physical paperwork, you are putting your practice at risk of a HIPAA violation due to human error. Human error can be something as simple as not properly shredding a file before it goes in the trash or leaving a patient file out and accessible to the public.

Unfortunately, electronic data-keeping for patient records can also be risky if you do not have a good setup and patient data rules according to HIPAA are often misunderstood or neglected. According to the G2 (News - Alert) Blog, the most common HIPAA violations with electronic data include:

  • Not promptly restricting access when an employee with access is let go or moves on from the company
  • Accessing patient records for reasons other than what is technically allowed, which is only for treatment or for a task associated with payment information
  • Using personal email accounts within the practice to send or receive patient records instead of using secure email platforms on the intranet
  • Collecting or downloading patient records to personal devices, such as a mobile phone or laptop
  • Not relying on an encrypted network to transmit information regarding patient records

For smaller practices that do not have a designated team of professionals overseeing medical document management and tech processes, it is best to bring in the assistance of a managed healthcare IT services provider. These companies, especially the ones who are familiar with working in the healthcare industry, can make sure you are compliant with your patient data and help you implement the proper security protocols.


 
» More TMCnet Feature Articles
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE

LATEST TMCNET ARTICLES

» More TMCnet Feature Articles