Revenue Cycle Management
COVID-19
Reimbursement
Diabetes Awareness Month
Risk Management
Patient Retention
Staffing
Medical Economics® 100th Anniversary
Coding and documentation
Business of Endocrinology
Telehealth
Physicians Financial News
Cybersecurity
Cardiovascular Clinical Consult
Locum Tenens, brought to you by LocumLife®
Weight Management
Business of Women's Health
Practice Efficiency
Finance and Wealth
EHRs
Remote Patient Monitoring
Sponsored Webinars
Medical Technology
Billing and collections
Acute Pain Management
Exclusive Content
Value-based Care
Business of Pediatrics
Concierge Medicine 2.0 by Castle Connolly Private Health Partners
Practice Growth
Concierge Medicine
Business of Cardiology
Implementing the Topcon Ocular Telehealth Platform
Malpractice
Influenza
Sexual Health
Chronic Conditions
Technology
Legal and Policy
Money
Opinion
Vaccines
Practice Management
Patient Relations
Careers

Disposing of medical records

December 2, 2005

Article

Under HIPAA, who bears the responsibility (including cost) for discarding old patient records that contain protected health information-the employed physician or the practice he works for?

Q: Under HIPAA, who bears the responsibility (including cost) for discarding old patient records that contain protected health information—the employed physician or the practice he works for?

A: Typically, the practice, since it has the duty to retain the records in the first place. But check your state's law to determine how long they must be retained. In New York, for instance, physicians must maintain patient records for at least six years or, in the case of a minor, for at least one year after the patient turns 18; anyone who doesn't may face professional misconduct charges. Also at issue is how one discards records containing protected healthcare information. Under HIPAA, anyone disposing of records must do so in a way that minimizes the risk of exposure to unauthorized users - through shredding, for example.