Years ago, as a 15 year-old high school student, I went to work at a doctor’s office in my hometown. As with many first jobs, I was tasked with the duties no one else would do. My $5.00-per-hour mission was to scan all of the practice’s old medical records onto CD files to clear out its massive “back room” – a disorganized, dungeon-like space packed floor-to-ceiling with paper charts and old medical records.
It took me months to even clear out a walkway to the shelves. Looking back on that job now, I wonder if my efforts were even worthwhile. Some of those records were ancient. Couldn’t the practice have just destroyed many of those charts, rather than scan them for safekeeping? How long does a medical practice need to keep old medical records and EOB’s anyway?
Whether you’re working with paper records or an EHR system, you’re undoubtedly housing a huge amount of patient data in your office. What can you toss, what must you keep, and what should you just save for a little while longer?
Read on to get the facts on EOB and medical record retention… if only to avoid saddling a local teenager with an unnecessarily tedious first work experience.
Keep it Simple – Keep EOBs Separate
Even though it usually ends up housed within a patient’s chart, the explanation of benefits form (EOB) is not technically part of the medical record, and you’re not required to hang on to it very long.
“We only keep EOBs for three years,” says Ann Crutchfield, a practice administrator at Rehabilitation & Electrodiagnostics PA in Tampa, Florida. “A few years back we added a searchable scanner to our copier/printer, and all EOBs and other billing records are now scanned. After 90 days, my billing staff destroys the originals. Less worries about how long to keep!”
Making EOB retention its own separate, seamless process is a wise choice for any practice, because when it comes to medical record retention, the question of “how long to keep” is a complicated one to answer.
Regulations & Record Retention
Federal law mandates that a provider keep and retain each record for a minimum of seven years from the date of last service to the patient. For Medicare Advantage patients, it goes up to ten years.
Providers must also comply with individual state regulations on record retention (which often differ from the national standards) and their states’ statutes of limitations on malpractice lawsuits.
The idea that records, either in paper or electronic form, should be saved for around ten years to comply with all requirements is an oft-touted rule of thumb. But, of course, there are exceptions.
Caring for minors? Keep their records at least two years after they reach the “age of majority” (twenty in most states) or even longer. In South Carolina, the records of a minor should be retained no less than thirteen years.
Have any records related to workplace injuries? If the Occupational Safety and Health Administration (OSHA) was involved, hang on to them for 30 years after the last date of service.
Are you treating veterans? Be prepared to stash their charts for a long time – 75 years. If a patient was not mentally competent at the time of treatment, retain the records indefinitely.
Lastly, should you ever discover that legal action is pending from a patient, be sure to save his relevant records, even if you’ve already kept them past their other retention deadlines. No destruction is allowed once you have knowledge of the litigation.
Storing Forever is Not an Option
If you’ve got plenty of space at your practice for stowing old paper records, you may be tempted to hang on to them forever, if only to avoid the hassle of electronic archiving or digging through them to determine what you can pitch. (This is the approach I probably would have advocated you take when I was 15.)
But taking that route is a very bad idea. In fact, even retaining your easily stored, already-converted electronic records indefinitely can cause you major problems.
Destroying records, digital or otherwise, once their retention deadlines arrive is extremely important. Even if your back room is locked and your health IT system offers top-notch encryption, security breaches and HIPAA violations can still occur.
“The more data you push through the pipes, the more likely you’ll spring a leak somewhere,” says Jason Straight, managing director of Kroll’s Cyber Security and Information Assurance unit. “Document retention and data security are inextricably linked.”
There’s no reason to leave any patient information – especially data that’s unnecessary to retain – vulnerable to being compromised. As long as you keep documented records of all destructions, proper disposal of old data is the best way to ensure patient confidentiality is upheld.
So comb through your old charts, dig through your electronic data and destroy what no longer needs to be retained.
Or just have some local teenager do it.
What’s your office’s medical record destruction and disposal policy?