Creating a Medical Record Retention Policy

Medical Retention

It is essential that health organizations comply with medical record retention laws both in their state and with any licensing agencies. Non-compliance can result in consequences, including fines and increased legal liability. By taking the time to create an effective medical record retention policy, you reduce risk for non-compliance and secure protected health information (PHI) so it’s easily accessible as inquiries from patients, payers, auditors, law firms and other entities are fielded in years to come.

Here are some tips for helping to create a medical record retention policy:

  • Document your medical record retention and archiving policy. Documentation of the policy is important for both succession purposes and emergencies when the primary health information management staff is unavailable. Be sure to include the process by which medical records will be retained in your organization’s official policy (i.e., process for storing records in paper format as well as in scanned or discrete data element format). Sample medical records management and retention policies can be found in an online search.
  • Evaluate options available for electronic medical record retention. Many health organizations opt to electronically archive scanned images and/or discrete health data elements from historical patient records.  This usually involves a data extraction from a legacy health application and a migration of that data into a secure relational database.  A typical health data archive includes a front end user interface that allows easy access for viewing historical patient records.  This is different from a backup of the historical data which makes it more difficult to access information on-demand.  Electronic medical record retention into an archive is a great option when one hospital information system, electronic health record, practice management system or any other healthcare application containing PHI is replaced with another.  Scanned paper documents may also be stored in such an archive. As it is essential to adhere to HIPAA regulations when archiving legacy electronic patient data, consider HIPAA data retention safeguards.

Download RFP

  • Review your documented medical record retention policy with legal counsel. Due to the number of variables affecting the length of time a provider should keep a medical record, it is recommended that your retention policy gets reviewed by legal counsel.  An attorney will be able to validate federal and state laws as well as medical board and state association or agency policies.  They may also offer guidance on policies regarding the destruction of records.
  • Train your staff on the procedures for both retaining and accessing medical record data. Your retention strategy is only effective if the information is secure and the necessary personnel can quickly access the records when needed. Train all relevant employees on the process for accessing retained medical data and update the employee handbook with the guidelines health information retention and archiving.

Is a documented medical record retention policy in place for your organization? If so, when is the last time it was reviewed? 

Medical Record Retention

Editor’s Note: This blog has been updated from an earlier post on February 26th, 2015.


Aug 01 2018

Ready to learn more?

Contact us today to learn more about our healthcare data management solutions.

First Name *
Last Name *
Email *

Healthcare IT tips, guides, news & more delivered to your inbox

Sign me up