Medical Records Retention: Understanding the Problem

Medical records are critical for the well being of patients and for the daily operations of health data management. Medical records are governed by multiple standards, rules and regulations. The need to retain medical records for years or even decades makes them complex to manage. Read on to learn how medical records are defined, how long they need to be retained, and how you can manage organizational and storage aspects of your medical records.

In this article you will learn:

What are medical records?

Three types of electronic medical records

How long are medical records kept for

Medical records management

Low-cost storage for medical records with Cloudian

This is part of a series of articles about Health Data Management.

What are Medical Records?

Almost every person in the developed world has a medical record. Medical records collect valuable and sensitive information about individuals, their well being, medical conditions they suffer from and related medical treatments.

Medical records may contain the following information:

• Personal Identification Information (PII, also known as Private Health Information or PHI) — social security numbers, addresses, and identification specific to the healthcare provider.
• Medical history— a medical history is recorded even without an individual’s knowledge. For example, if someone hasn’t undergone immunization, the medical records may bear this fact. Medical history includes any diagnosis, past and existing health conditions, and potentially critical, life-saving information such as allergies or sensitivity to medicine.
• Family medical history— an individual’s medical records also reflect relevant medical conditions recorded for close family members, which may be congenital or have another impact on their well being.
• Medication history—what substances an individual has ingested, whether prescribed medication, over the counter, herbal remedies or even illegal drugs.
• Treatment history— which medical treatments the individual has received and how they impacted medical conditions.
• Medical directives— health records may also contain a “living will”, instructions the individual wishes to communicate to medical staff if they are unable to speak.

Three Types of Electronic Medical Records

Thirty years ago, almost all medical records were recorded on paper and saved in physicians’ file cabinets or in hospital archive rooms. Many medical practices still capture at least some patient records on paper. However, medical records are increasingly digitized, and there are three major types of digital health records currently managed by the healthcare industry.

1. EMR (Electronic Medical Record)
   Simply put, EMR is a system that allows medical practitioners to record patient visits. The EMR holds a wealth of data about patient conditions or complaints, treatments they have received and their results, and billing information related to medical services provided.
2. EHR (Electronic Health Record)
   EHR is a broader system that includes information from multiple medical centers. It enriches EMR data by adding information from wearable devices, public medical research, health-related databases, and demographic or survey information that can shed light on patient well being. EHR is intended to engage patients and help them provide more information about their lifestyle and situation, which can improve care for themselves and others with similar conditions.
3. PHR (Personal Health Record)
   PHR is a system, typically operated and provided by insurance companies, that allows individuals to track their health information. It typically takes the form of an application users can interface with, which they can use to store and use medical data. This can include personally-collected data, from wearable devices or personal data entry, medical documents added by the user, and information added directly from EMR systems.

Read more in our guide to Healthcare Data.

How Long are Medical Records Kept?

Healthcare providers and individual physicians are required to keep medical records for a period of time, as defined by the law in their country. For example:

• In the USA— the Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers and other Covered Entities to retain medical records for six years, measured from the time the record was created, or when it was last in effect, whichever is later.
• In the UK— the Records Management Code of Practice for Health and Social Care 2016 specifies that anyone working with or in the National Health Service (NHS) is required to retain medical records for up to 20 years after the last interaction with the patient, up to 8 years after their death, or up to 25 years after the birth of the last child for maternity records.

Read more in our guide to HIPAA compliant cloud storage.

Other Factors Affecting Medical Records Retention Period

In the USA, there are several other parameters that may affect the requirement to retain medical records:

• Frequency of visits— the less frequently patients visit their caretakers, the longer they may have to keep records.
• Insurance contracts— third-party payors may have their own contractual requirements to retain medical records.
• Statute of Limitations— in the USA there is a final date by which a patient must file a lawsuit, and until such time the patient’s records must be retained.
• State laws— physicians operating in different US states may be subject to medical retention regulations from one of more states.

Medical Records Management

In many modern healthcare organizations, ongoing management of healthcare records is a discipline that requires dedicated staff and expertise. Medical records management includes:

• Ensuring that medical records are accessible, safe and secure
• Overseeing digitization initiatives and ensuring they meet organizational goals, relevant industry standards and legal requirements
• Caring for the resilience of medical records – taking care of redundancy, backup, and disaster recovery
• Managing IT systems used to manage and access medical records, such as EMR systems

Secure, Low-Cost Health Data Storage with Cloudian

With more and more digitized health records, a growing use of images and video, and the need to retain records for years or even decades, there is a need for exponentially growing storage volumes. Healthcare organizations need a solution for low-cost, on-premises storage that can scale up easily and allow them to conveniently retain medical records.

Cloudian addresses this challenge with HyperStore, an Exabyte-scale, on-premise, cost-effective storage platform for healthcare environments. HyperStore can retain medical records of all kinds, allows instant access to the records, and uses object storage technology that can store large volumes of data at 70% lower cost compared to disk-based storage.

Hyperstore provides the following benefits for healthcare organizations:

• Cloud flexibility—deployments can start small and grow as needed, from a 3-node configuration to thousands of nodes as needed. Each node can be a physical appliance or virtual, running on commodity hardware.
• Broad integrations—Hyperstore integrates with numerous healthcare applications and archive solutions, allowing it to be used as a central repository, with access to a complete view of patient information.
• Security and compliance—Hyperstore is HIPAA-compliant, with security features including data encryption and transparent key management, AES-256 server-side encryption for data at rest, SSL for data in transit, RBAC with specified levels of access, audit trail logging, WORM (Write Once Read Multiple) for storage of immutable data.
• Rich metadata—HyperStore has rich metadata tagging features built-in, which lets data scientists to discover new patterns and insights in healthcare data.
• Data protection—HyperStore provides data durability of 99.999999999999% (14 nines), by distributing data using replication or erasure coding. The number of replicas and erasure code scheme can be customized to meet the SLA.

Read more about Cloudian’s storage solutions for healthcare.