CMS Releases Record Retention Guidelines

A updated post on record retention with a simple record retention schedule can be found here.

State laws generally govern how long medical records are to be retained.

However, the Health Insurance Portability and Accountability Act (HIPAA) of 1996  administrative simplification rules require a covered entity, such as a physician billing Medicare, to retain required documentation for six years from the date of its creation or the date when it last was in effect, whichever is later. HIPAA requirements preempt State laws if they require shorter periods. Your State may require a longer retention period.

While the HIPAA Privacy Rule does not include medical record retention requirements, it does require that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of medical records and other protected health information (PHI) for whatever period such information is maintained by a covered entity, including through disposal.

The Centers for Medicare & Medicaid Services (CMS) requires records of providers submitting cost reports to be retained in their original or legally reproduced form for a period of at least 5 years after the closure of the cost report.

CMS requires Medicare managed care program providers to retain records for 10 years.

A medical record folder being pulled from the ...

Image via Wikipedia

Additional information:

  1. Providers/suppliers should maintain a medical record for each Medicare beneficiary that is their patient.
  2. Medical records must be accurately written, promptly completed, accessible, properly filed and retained.
  3. Using a system of author identification and record maintenance that ensures the integrity of the authentication and protects the security of all record entries is a good practice.
  4. The Medicare program does not have requirements for the media formats for medical records. However, the medical record needs to be in its original form or in a legally reproduced form, which may be electronic, so that medical records may be reviewed and audited by authorized entities.
  5. Providers must have a medical record system that ensures that the record may be accessed and retrieved promptly.
  6. Providers may want to obtain legal advice concerning record retention after CMS-required time periods.
Enhanced by Zemanta

Bringing you the latest healthcare news!

The Manage My Practice Blog keeps our readers up to date with the latest healthcare news, trends and analysis.

Recent Posts

Back to the the Blog!
Back to the the Blog!

Where have I been? Ten years after I started my consulting business and started blogging, in 2018 I stopped blogging when I took a very interesting interim position at the University of Washington...

read more

Get in touch

Email: marypat@managemypractice.com
Phone: (919) 370 0504