HIPAA Data Retention Requirements

HIPAA does not govern the length of time patient medical records are kept but instead those requirements fall under state law.

In Florida the requirement for keeping medical records is 5-7 years:

  • According to Rule 64B8-10.002(3), FAC : A licensed physician shall keep adequate written medical records, as required by Section 458.331(1)(m), Florida Statutes, for a period of at least five years; however, medical malpractice law requires records to be kept for at least seven years.
  • From the date of last contact with the patient
  • Must include any data used to make decisions for said patient

HIPAA has a requirement that data associated with complying with HIPAA policies be kept for 6 years from the date that HIPAA policy was last used. This includes policies, procedures, assessments, and records of any actions taken to comply with HIPAA policies.

Of special note, this includes:

  • Patient authorizations for the disclosure of PHI
  • Disaster contingency plans - Covered entities must have contingency plans that establish policies and procedures for responding to an emergency or other occurrence (fire, system failure and natural disaster) that damages systems that contain e-PHI (45 CFR §164.308(a)(7)(i)). 

Other data holding requirements: Beyond these legally required limits patient data should be kept long enough to defend against personal injury or breach of contracts disputes.

Disclaimer - We are not lawyers. You should always consult with a legal professional to determine if you are in compliance with the law, what extra data holding policies they recommend, and what level of insurance you should have to protect your practice. Always check your insurance policy(and provide it to your IT heads or us if we are your external IT department) to make sure you meet its IT requirements for enforcing your policy should you ever need to use it.

*TIP: Hiring an IT company like BeyondITSystems.com to provide managed services which conform to best practices can save you money on your insurance and get you higher limits for less money. It's best to have BeyondITSystems review both your applications as you shop for insurance and your policy once its written to look for specific practices that can save you money and further protect your business.

   

CONTACT:

813-815-ITIT

813-815-4848


Copyright © BeyondITSystems.com.  All Rights Reserved.