subject: Hipaa And Business Records Retention [print this page] Have you heard of the Health Insurance Portability and Accountability Act (HIPAA)? Odds are that you have, especially if you are a hospital, Doctor's office, or other medical business. HIPAA is a law that was passed several years ago requiring any business in the medical field to have a written policy on how they deal with the security of their patient's information. The law received a lot of press at the time that it was passed, as it spoke to certain scandals that had happened in previous years. According to HIPAA, any business in the medical field that works with patient data must have a written policy for not only the destruction and shredding and confidential patient data that has been printed out in hardcopy, but also for business records retention, or the length of time that the company will hold onto and protect the patient data.
HIPAA does not specify how long you must retain health care business records, but it does speak to the fact that they must retained for a certain minimum amount of time depending on the type of record, and also that you must have a written policy that is followed the same way, to the letter, for each and every patient document. In order to maintain compliance, you must be able to show that you've followed your written procedure for each and every piece of the possibly millions of patient records that your business keeps.
There are certain companies that can assist you with business records retention. These third parties will archive the data for you, and keep it under literal and virtual lock and key. This allows your company to concentrate on its core business, rather than trying to be in the business of document security as well. Although there can be many benefits to outsourcing this business function to a company that is an expert in it, there are several things to watch out for. For one, make certain to do due diligence on the company that you are thinking of outsourcing to. You will want to not only have this company sign an iron clad non-disclosure agreement, but also make certain that they have their employees sign one with them as well. In addition you will, of course, want to verify for yourself that their security practices are up to industry standards. A non-disclosure agreement is useless if it isn't being put into practice, after all!
