Banner

Article

Disposing of medical records

Under HIPAA, who bears the responsibility (including cost) for discarding old patient records that contain protected health information-the employed physician or the practice he works for?

Q: Under HIPAA, who bears the responsibility (including cost) for discarding old patient records that contain protected health information—the employed physician or the practice he works for?

A: Typically, the practice, since it has the duty to retain the records in the first place. But check your state's law to determine how long they must be retained. In New York, for instance, physicians must maintain patient records for at least six years or, in the case of a minor, for at least one year after the patient turns 18; anyone who doesn't may face professional misconduct charges. Also at issue is how one discards records containing protected healthcare information. Under HIPAA, anyone disposing of records must do so in a way that minimizes the risk of exposure to unauthorized users - through shredding, for example.

Related Videos
Related Content
© VRVIRUS - stock.adobe.com
May 9th 2025

Pros and cons of AI patient portal messages

Off the Chart: A Business of Medicine Podcast - Physician panel: Navigating the 2025 vaccination crisis
May 7th 2025

Physician panel: Navigating the 2025 vaccination crisis

AccurKardia wins MedTech Breakthrough Award: ©MedTech
May 9th 2025

AccurKardia wins Best New Tech Solution for ECG at MedTech Breakthrough Awards

Off the Chart: A Business of Medicine Podcast - Ep. 63: Healthy eating with Chef Dr. Mike
May 5th 2025

Ep. 63: Healthy eating with Chef Dr. Mike

capitol hill congress washington dc summer sunset: © Philip - stock.adobe.com
May 9th 2025

Physician pay, HHS leadership, maternal health: a Senate roundup

Ganesh Padmanabhan: ©Autonomize AI
May 9th 2025

The administrative reckoning in health care: Why agentic AI may be the system’s only escape hatch