Medicare Compliance & Reimbursement

HIPAA:

Will HIPAA Make Packrats Of Us All?

Think twice before deleting patient e-mails

Providers working with small computer systems have a recurring HIPAA-related quandary: How long do e-mails need to be kept before being deleted to make room for new information?

The length of time providers must keep old e-mails "depends on whether the emails are part of the patient medical record," Kristen Rosati of Phoenix, AZ-based Coppersmith Gordon Schermer Owens & Nelson reminds providers. Use state licensure, accreditation standards, and HIPAA's definition of a designated record set to make this determination.

"If the e-mail [is communication] with a patient about treatment, then that e-mail would be part of the designated record set and must be kept for 6 years" under HIPAA, Rosati advises.

To manage this, Rosati suggests printing any e-mails that should be part of the patient's medical record and adding them to the paper file. However, "if you're storing all your medical records electronically, your system definitely should be backed up in some way because you need to be able to re-create those records if there's ever some type of failure of the system," she cautions.

Remember to ensure security for paper records as well, she warns, including protecting them from hazards such as water and fire damage, among others.

The Bottom Line: Consult the state guidelines on "medical record keeping and what the expectations are" first to determine what is part of a designated records set, advises attorney Bill Sarraille with Sidley Austin Brown & Wood in Washington. To save system space, print e-mails that should be part of the patient's medical record, but remember to apply reasonable security safeguards to protect them.
You’ve reached your limit of free articles. Already a subscriber? Log in.
Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:
  • Simple explanations of current healthcare regulations and payer programs
  • Real-world reporting scenarios solved by our expert coders
  • Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
  • Instant access to every article ever published in Revenue Cycle Insider
  • 6 annual AAPC-approved CEUs
  • The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more