Federal and state laws and payers require healthcare providers to create and maintain a whole host of records.

Records that are required to be maintained take many forms. A record may be a document from the business office, human resources, a medical record, a lab specimen, policies and procedures, equipment maintenance logs, incident and accident reports, etc. The retention requirements vary based on the type of record and may vary based on state and federal law.

Record retention requirements have been around seemingly forever, so what’s new? What’s new, is the stepped up enforcement. If a provider fails to maintain the required records for the required period of time or fails to completely and timely respond to a request for documentation by a payer or a state or federal regulator, payers can deny payment, initiate civil and criminal actions for “false claims” and revoke and bar re-enrollment of the provider in the payer’s network, Medicare and any other governmental program

Recently, Medicare has begun to apply a strict liability approach to document retention and access standards. One of the challenges some providers, such as surgeons and hospital based providers face, is that they rely on other health care entities providing or furnishing the underlying service or item to maintain the records.

We recently represented a pulmonologist who received a request for medical records from Medicare for ICU records maintained by the various hospitals where he provided ventilator management services. When he was unable to produce the hospital records in a timely manner, Medicare began recouping nearly half a million dollars from his practice. Over time, and with our assistance, he was able to produce most of the records, but not until substantial dollars had been recouped and he was considering filing for bankruptcy.

Providers need to have a records management program. The program should address which records to retain, the retention periods and the specifics of record destruction. In deciding which records to retain, providers need to consider the following: (1) federal, state, local and payer retention requirements; (2) recommendations of accreditation and professional organizations: (3) the impact on the continuity of patient care information; and (4) the likelihood of utilization of the particular record. After identifying the records to be retained, providers need to provide for storage, retrieval and destruction of the records.

In light of Medicare’s new enforcement efforts, providers should focus on the ability to retrieve records in a complete and timely fashion.