Archive Requirements for HIPAA Documents
The Health Insurance Portability and Accountability Act (HIPAA) enacted in 1996 by the federal government protects a patient's privacy rights. Amended in 2003, HIPAA protects the privacy of patients' medical and personal records, both on and offline, from third parties and other entities that may utilize the information for personal gain or advantage. Record and document retention periods stated in the act are specific, but HIPAA leaves much authority to the states.-
Retention Period
-
The federal government requires legal medical entities governed by HIPAA regulations to archive or retain medical and personal records for a minimum of six years according to the American Speech-Language Hearing Association. Six years is the national standard of federal compliance that all medical enterprises or businesses must adhere; each individual state has enacted further privacy and retention laws in addition to federal standards.
Records Archived
-
HIPAA documents that must be archived include any patient information relating to uses and disclosures, business partner contracts, authorization forms, notices of information practices, responses to a patient who wants to amend or correct their information, complaints records and a patient's statement of disagreement. In the event of a patient's death, HIPAA requires archiving records for a minimum of two additional years after the date of death.
Archiving
-
Under HIPAA laws, electronic data must be archived in a secure network that requires a password and security codes to ensure the safety and integrity of the data. Paper files and records must be stored in a box or container that is not viewable or readable by employees or the general public until the disposal date has expired. Common practices include archiving records by months and dates for easier disposal as disposal compliance is mandatory. In order to archive records, the medical business entity must meet HIPAA compliance standards to be considered a covered entity.
-