Is Your Medical Records Management System HIPAA Compliant?
Tue, Jan 12, 2021
By: Jim Beran
Many people believe that federal law always trumps state law, but this is not always the case. One such case involvesHIPAA regulations for medical records management.
If your state’s laws require that you keep medical records longer than HIPAA requires, the state law trumps the federal regulation; otherwise, you must keep records according to HIPAA.
What Is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was passed into law in 1996 to direct people to protect patient privacy. When it comes to record retention, you are compliant if you keep medical records for at least six years after creation or last use, whichever comes last.
The medical records retention Florida laws are longer than HIPAA medical records retention laws for hospitals and shorter for physicians. In Florida, doctors must keep medical records for five years after the doctor’s last contact with the patient. Hospitals must keep medical records for seven years.
Staying HIPAA Compliant with Medical Records
To make sure you are staying HIPAA compliant with medical records, physicians and hospitals should have a records retention schedule for each file. When medical professionals convert to electronic records, it is easier to meet HIPAA compliance since the electronic log can keep track of when you last saw a patient. If you are still maintaining records by hand, you’ll have to adjust the date manually.
And, without electronic medical records, it’s easier to make a mistake with records retention. If you transpose a date or forget to write a date down, you could discard records before their retention time is up.
Additional HIPAA Compliance Regulations
Since HIPAA is all about patient confidentiality, you must meet standards for storing patient records. To remain HIPAA compliant, you must protect against anticipated security threats, train your employees in security procedures related to medical records, limit access to record storage areas, and monitor access to the records.
A patient or his or her designated representative has the right to his or her records. Before discarding old records, you should make every attempt to contact the patient to ask if he or she wants copies. If not, or if you cannot contact the patient, you need to discard the records at the end of the retention period. The best way to protect your patients’ records is to shred the records.
Shredding services, such as those offered by Gilmore Services, allows you to stay compliant with HIPAA regulations. We provide locked shred boxes so that you can deposit files that have surpassed their retention date and keep them safely locked up. On a schedule that you set with us, we’ll come out and shred the files right in your parking lot.
The shredded files are then mixed with files from other businesses and baled into large bales weighing up to 1,800 pounds. We then ship the bales to a recycling plant.
If you have records stored on electronic media, we can also shred hard drives, USB drives, and other storage media.
Contact Gilmore Services
If you have patient files that are past their retention time, contact Gilmore Services to discuss your medical records retention and ways we can help improve your security and process.