It’s no surprise that you must store patient medical records for a set amount of time—often up to 10 years—depending on your state rules. And if you don’t comply with this requirement, you could face fines up to $50,000 per violation. What you may not know, however, is that your responsibility doesn’t end once you agree to store the records. The medical records storage method you use is just as important as the storage timespan.
Check out these three tips to evaluate where your records can be stored to keep them safe and compliant.
1. Consider Digital vs. Paper
You can store PHI digitally, in paper form, or both, but you must evaluate which of these options best suits you when you’re reviewing your medical records storage opportunities.
While some practices believe that digital storage is more HIPAA-compliant than paper storage, that’s not necessarily the case. As long as your storage system is secure, you can remain within the HIPAA guidelines. For instance, paper storage systems can include a variety of options, including offsite storage areas with locked doors on each unit, filing cabinets, storage boxes and more. If you use cabinets or storage boxes, they must be lockable and not easily portable for people to take out of the office.
If you’re opting for digital storage methods, you’ll want to confirm that you have the capacity to store thousands of records and won’t overload your system. Plus, if you want to use an EHR-based storage system, make sure you have at least one person with the IT knowledge to support and retrieve records as necessary.
If you are considering storing records using a cloud-based storage system, make sure the vendor you’re using has multiple levels of encryption to keep your data safe. It should be password-protected, and you shouldn’t share the password with multiple people.
2. Check the Cost
In general, paper storage locations can be more expensive than digital medical records storage, just because you’re paying for the real estate where they’re housed. However, if you only recently switched over to a digital record system, it might be extremely time-intensive to transfer all of your paper records to a digital format and then to shred all of the paper copies. Therefore, it could be cost-effective to just store them as they are (in paper form). However, it’s a good idea to weigh the costs of both options before you make a decision.
3. Ensure You Can Access Records
Because patients have a right to request their records—and you must respond promptly to these requests to avoid fines—you should always be able to access stored records. If you’re storing them in a way that they’re difficult to get to, then you’ll face further problems up the road if patients want their records and you can’t honor those requests.
You also can’t charge patients extra if you need to pay to travel to a storage facility to get the records. It’s a HIPAA violation to refuse patients access to their records or to charge them more than what’s reasonable and necessary to make copies of the records. Keep that in mind when evaluating where you plan to store your patient records.
Knowing what records you can destroy – and when – is tricky. Delete the wrong things too soon and you could find yourself facing major fines. Get expert guidance to what you need to keep and for how long in Healthcare Training Leader’s online training session, Avoid Medical Record Destruction Mistakes and $50,000 Fines. In this 60-minute immediately accessible training, you’ll get everything you need to create a compliant medical records destruction policy to protect your practice. Sign up today.
|Subscribe to Healthcare Practice Advisor|
|Get actionable advice to help improve your practice’s
reimbursement, compliance, and success in this weekly eNewsletter.