Question

HIT 110: Updating Retention/Destruction Policy AHIMA Competencies: Domain III. Health Services Organization and Delivery, Subdomain B. Health Care Privacy, Confidentiality, Legal, and Ethical Issues: 1. Adhere to the legal and regulatory requirements related to health information infrastructure: Apply legislative and regulatory processes; 2. Apply policies and procedures for access and disclosure of personal health information: Evaluate health information/record laws and regulations (such as retention, patient rights/advocacy, advanced directives, privacy, etc.). Scenario: You work for a 650-bed acute care Level I research trauma center and teaching hospital. There are 6 months’ worth of data in the new electronic health record. There are 2 years’ worth of paper records on the shelf. The 2 years of paper records include the contents of the EHR, since clinicians do not trust the EHR’s reliability yet. All older records are maintained on microfilm. Your department has just run out of shelf space for paper records. Because of this, you have been asked to evaluate the current retention policy, which is to retain health records indefinitely. You also have a responsibility to develop a documentation destruction plan for the facility. A Compliance Board subcommittee made up mostly of clinicians has taken the liberty of proposing the following retention and destruction criteria: Master Patient Index (MPI) data should be retained for 20 years; Medical records will be retained for 5 years after the patient’s last visit; Registries and indices will be retained for 10 years; Retired medical records will be destroyed by recycling. None of the Compliance Board subcommittee members holds an HIM credential. The members include the director of nursing, chief of surgery, chief of medicine, director of quality management, and a supervisor from environmental services. Step 1: Critique the proposed plan and its timelines. Step 2: Research an appropriate retention policy timeline from an HIM authority/organization. Step 3: Rewrite this plan so that it complies with federal laws, privacy regulations, and citations to the HIM authority or source. This assignment should be brief and result in a basic framework that looks something like the criteria you received from Compliance Board’s subcommittee.

Answer 1

Health information management professionals traditionally perform data and information warehousing functions (e.g., purging) utilizing all media including paper, images, optical disk, computer disk, microfilm, and CD-ROM. These warehouses or resources from which to retrieve, store, and maintain data and information include, but are not limited to, application-specific databases, diagnostic biomedical devices, master patient indexes, and patient medical records and health information.

To ensure the availability of relevant data and information, appropriate retention schedules must be established. To support this requirement, the following information has been compiled. It includes AHIMA's retention recommendations, accreditation agency retention standards, federal health record retention requirements, and state laws or regulations pertaining to retention of health information.

AHIMA's Recommended Retention Standards Health Information, Recommended Retention Period

• Diagnostic images (such as x-ray film) 5 years
• Disease index 10 years
• Fetal heart monitor records 10 years after the infant reaches the age of majority
• Master patient/person index Permanently Operative index 10 years
• Patient health/medical records (adults) 10 years after the most recent encounter
• Patient health/medical records (minors) Age of majority plus statute of limitations
• Physician index 10 years
• Register of births Permanently
• Register of deaths
• Permanently Register of surgical procedures Permanently

Each healthcare provider should ensure that patient health information is available to meet the needs of continued patient care, legal requirements, research, education, and other legitimate uses.

Each healthcare provider should develop a retention schedule for patient health information that meets the needs of its patients, physicians, researchers, and other legitimate users, and complies with legal, regulatory, and accreditation requirements The retention schedule should include guidelines that specify what information should be kept, the time period for which it should be kept, and the storage medium (paper, microfilm, optical disk, magnetic tape, or other).

Compliance documentation

Compliance programs should establish written policies to address the retention of all types of documentation. This documentation includes clinical and medical records, health records, claims documentation, and compliance documentation. Compliance documentation includes all records necessary to protect the integrity of the compliance process and confirm the effectiveness of the program, including employee training documentation, reports from hotlines, results of internal investigations, results of auditing and monitoring, modifications to the compliance program, and self-disclosures.

The documentation should be retained according to applicable federal and state law and regulations and must be maintained for a sufficient length of time to ensure their availability to prove compliance with laws and regulations.

The majority of states have specific retention requirements that should be used to establish a facility's retention policy. In the absence of specific state requirements for record retention, providers should keep health information for at least the period specified by the state's statutes of limitations or for a sufficient length of time to prove compliance with laws and regulations. If the patient was a minor, the provider should retain health information until the patient reaches the age of majority (as defined by state law) plus the period of the statute of limitations, unless otherwise provided by state law. A longer retention period is prudent, since the statute may not begin until the potential plaintiff learns of the causal relationship between an injury and the care received. In addition, under the False Claims Act (31 USC 3729), claims may be brought for up to seven years after the incident; however, on occasion, the time has been extended to 10 years.

Unless longer periods of time are required by state or federal law, the American Health Information Management Association recommends that specific patient health information is retained for established minimum time periods.

Accreditation agency retention standards:

Joint Commission RC.01.05.01: The hospital retains its medical records. The retention time of the original or legally reproduced medical record is determined by its use and hospital policy, in accordance with law and regulation.

• Retention periods are not specified for behavioural health.
• Retention periods are not specified for employment and community services.

Requires organizations to have policies that address retention of records and electronic records.

State Requirement retention standards:

Healthcare facilities must retain medical records for a minimum of five years beyond the date the patient was last seen or a minimum of three years beyond the date of the patient's death.

Each healthcare provider should ensure that patient health information is available to meet the needs of continued patient care, legal requirements, research, education, and other legitimate uses Each healthcare provider should develop a retention schedule for patient health information that meets the needs of its patients, physicians, researchers, and other legitimate users, and complies with legal, regulatory, and accreditation requirements The retention schedule should include guidelines that specify what information should be kept, the time period for which it should be kept, and the storage medium (paper, microfilm, optical disk, magnetic tape, or other)