Records Retention

I set out trying to do an article on how long hospital and physicians billing offices should retain their records. Once I started getting into it, I realized that if I were going to send out a newsletter and try to document all the time limits that I might be writing a book. It may not be known by everyone, but each state gets to determine the length of time that records are expected to be kept. While doing the research I saw state regulations for the retention of billing records range anywhere from 6 to 20 years.

The easiest time period to quote is the recommendation for records pertaining to federal programs; 10 years. It is assumed that this is the safest period of time to cover almost any event that you may ever have to worry about. Even there, the regulations don't quite say that facilities must specifically keep copies of their bills, as in UB-92s or 1500 forms, by name. Based on what the HIPAA recommendations are regarding privacy, documents relating to uses and disclosures, authorization forms, responses to a patient who wants to amend or correct their information, the patient's statement of disagreement, and a complaint record, among many other things, must be maintained for 6 years. (64 Fed. Reg. 59994). This is the federal statute of limitation for civil penalties. (42 CFR Part 1003). It is this amendment why hospitals and other health care providers maintain medical records as well as billing records for Medicare (Title XVIII), Medicaid (Title XIX), and Maternal and Child Health (Title V) for at least 6 years. Records must also be retained for two years after a patient's death under HIPAA.

After that it goes all over the place. However, one thing seems clear. What's really needed are records retention policies of some kind. It's pretty much acknowledged that hospitals can't hold onto every piece of information forever. Those who aren't scanning onto optical disk just don't have the space. Those that are scanning usually aren't taking the time to go backwards and scan old records so they can free up space.

Therefore, what's really needed by most areas is some sort of records retention plan. It needs to clarify what's kept. It needs to clarify just what you're keeping for 6 years, 7 years, 10 years, whatever. It needs to clarify how you're going to destroy the records. It needs to clarify how you're keeping the records; is everything scanned, are some records kept on paper, etc. Records retention policies should be in every department within your facility. It should be a mandatory requirement from every compliance committee at every facility or physician's office in the country. News reports from the last two years of auditing firms who have attempted to hide their indiscretions by shredding records shows how important it is to have a written policy throughout your facilities on this issue.

The following is a possible example of a records retention policy for patient accounting records. This is only a generalized version; use it as a template for creating your own, based on whether your information is scanned or physically stores: 

     1. The following records will be physically stored in an offsite facility contracted with by the hospital for a period of at least 7 years: patient demographic records; one copy of UB-92 and 1500 form for any claims billed on paper; copies of any electronic billing reports; copies of all monthly aged trail balance reports; copies of any printed reports that detail patient activity after accounts have been closed for X number of days; copies of any outside information that was obtained by the patient or insurance companies to facilitate the payment of claims, that is not a part of the patient's medical record.
 
     2. The following records will be physically stored in an offsite facility contracted with by the hospital for a period of at least 10 years: all physical logs detailing patient or insurance payments; all cash or check folders that contain copies of checks, ledgers, or any other information that details specific payments; all insurance vouchers from Medicare, Medicaid, or any other entity with which the hospital has specific contracts; any contact from patients disputing any portion of their hospital bills for which the billing department has kept the original document.

     3. The records above shall be separated by their time periods, and the outside of any boxes or other containers which contain these records shall have marked what is inside the particular box or container, the dates of service they consider, and the dates these records may be removed.

     4. Any original records determined to be of a nature in which the hospital may have some legal liability or responsibility shall be retained indefinitely within the hospital billing office in an area to be determined for such specific purpose. If the original is maintained by another department, a copy of said records shall remain with the business office marked "copy" in its stead.

     5. It shall be the policy of this department that a review of all stored records will be completed on a semi-annual basis to determine which records stored at the offsite facility are ready to be removed. With the assistance of the maintenance department, these records shall be removed and destroyed in accordance with whatever policy the maintenance department has in place at the time.

     6. All records stored either at the offsite facility or on the premises of the facility shall be locked and secured, protected from the elements to the best of the ability of whomever is in charge of the area of storage, and be accessible only by those authorized to views those records with the permission of either the director of patient accounting or those the director reports to.

As stated earlier, this is only a sketch of a possible policy. For instance, the above policy doesn't address whether records will be alphabetized or set up in numerical order. It doesn't indicate whether records will be separated by insurance type. It doesn't cover whether records determined to be ready for removal should be approved by either the chief financial officer, the compliance officer, or anyone else. It didn't address charges which may be entered by patient accounting personnel; sometimes those records are retained by patient accounting, sometimes they go back to the department of origin. These, as well as other issues, need to be determined and confirmed, then put into your policy.

It's hard to stress the importance of having such a plan in place. If there's any common theme that's been a constant whenever one hears of hospitals having to pay fines for some kind of violation, it's been the lack of any kind of documentation or policy regarding whatever the offense might be. Records retention, outside of the medical records department, is probably the last thing anyone ever thinks about. It should be one of the first.