What are the HIPAA Retention Requirements?
Understanding your HIPAA retention requirements is an essential part of running your telebehavioral health practice in today’s day and age. With EHR systems and the increasingly digital nature of health care, questions about what your requirements are in regards to record retention under HIPAA regulation are bound to arise.
So how do you find out about your HIPAA retention requirements and how do you ensure that you have everything in place to keep your patients’ data safe and secure?
Understanding HIPAA Retention Requirements
Under HIPAA regulation, there are technically no requirements for record retention. That being said, HIPAA regulation does state that healthcare professionals must implement effective security safeguards to maintain the privacy and security of health care data. HIPAA regulation states that these safeguards must be maintained in order to “protect the privacy of Protected Health Information for whatever period such information in maintained.”
These safeguards are outlined in the HIPAA Security Rule, and include standards that all health care providers, including behavioral health professionals, must address. The regulation outlines specific technical, physical, and administrative safeguards that must be in place to secure protected health information (PHI) for as long as it is maintained.
Note that HIPAA regulation does not state how long your practice must retain medical records, only that your medical records are maintained in accordance with HIPAA retention requirements for as long as they are maintained.
State HIPAA Retention Requirements
That being said, HIPAA regulation defers to state law when it comes to medical retention requirements. Each state has its own unique laws that govern the length for which medical records must be maintained.
So when it comes to understanding your HIPAA retention requirements, the important thing to remember is that federal HIPAA regulation sets standards for how your medical records must be protected, while state law sets rules for how long your medical records must be maintained.
Keep this information in mind as you assess the needs of your behavioral health practice and your ongoing HIPAA compliance!
If you need assistance with HIPAA compliance, consider working with our TBHI affiliate, the HIPAA Compliancy Group. (When you purchase services from them, TBHI will be paid a small commission.) They can help you support your HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance. The Guard is built to address the HIPAA regulations, including guided walkthroughs of HIPAA Risk Assessments. With The Guard, you can focus on running your practice while keeping your patients’ data protected and secure.Compliancy Group’s team of expert Compliance Coaches® can also field questions and guide you through the implementation process, taking the stress out of managing compliance. Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!
Basic Telehealth Legal Issues: Rules, Regulations & Risk Management
Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!