The Digital Paper Trail and HIPAA Compliance

Transitioning to paperless documentation is a difficult process in light of HIPAA standards. The process of storing information does not end after having converted these to digital EMRs. Rather, HIPAA continues and provides for a new set of rules in keeping these documents. There are two considerations: (1) the legal requirements of retention time and (2)  the method of data creation and destruction.

First, records have to be kept for a period of time, made accessible to the courts for evidentiary purposes. The following documents have to be kept on record for at least 10 years:

1. Ledger records and insurance-related information.
2. Patient communication relating to billing conflicts or issues with billing.
3. Reimbursement vouchers from government-funded and private insurances.

On the other hand, these documents can be removed after at least 7 years:

1. Claims and billings
2. Patient demographic information (e.g., patient balance and activity)

Second, records have to be reviewed on a bi-annual basis. Despite being digital and paperless, medical records can still take up a lot of space when practice is booming. After having complied with the minimum retention time, offices are obligated to conduct assessments and reviews regarding the files they are legally able to destroy. These files have to be protected by some security system such as a password or an authentication service.

Files have to be stored in distinguished categories such as reports per patient. They should be labeled with the appropriate title and must indicate the date until which they cannot be destroyed. Furthermore, the destruction of these files have to be in compliance with HIPAA standards and should only be done by authorized persons in accordance with the same.

The following two tabs change content below.

‍