Deciding how long to hold on to specific records in your facility can be a challenging task, especially when so many different types of records cross your desk every day. If you’re a pack rat like us, it’s tempting to hold on to everything indefinitely – an option we know can be space and cost-prohibitive, especially within the nursing home environment. Our reluctance to dispose of records is also driven by several critical questions, such as: What if I need this record to defend our facility in a lawsuit? What if a state or government agency audits or investigates our facility for issues contained within this record?

This is why it makes sense from a compliance and risk management standpoint to have a comprehensive and consistently applied record retention policy that includes all forms of electronic data. There are many reasons to implement a record retention policy, including compliance with statutory or regulatory requirements, maintaining control of records during litigation and improving your responsiveness and efficiency in complying with discovery demands, and avoiding the disclosure of unnecessary or obsolete records.

An effective policy will also help you avoid liability for any inadvertent destruction of evidence when litigation or a government investigation is pending or reasonably foreseeable, such as when a subpoena has been served. Generally speaking, anytime your organization is aware (or should have been aware in the exercise of reasonable diligence) of a pending dispute like an audit, investigation or lawsuit, you will be required to retain any record potentially related to the matter. For this reason, you’ll want to make sure that your record retention policy includes procedural steps for preserving relevant evidence and instructing employees not to delete or destroy relevant records (such as placing a “Litigation Hold” on records that are the subject of an investigation or lawsuit). As recent court cases illustrate, organizations can be subject to large sanctions for the destruction of records when litigation, government investigations, or other disputes are, or should have been, anticipated. If you inadvertently and in good faith dispose of relevant records as part of your fully implemented, consistently applied, active records management program, you are more likely to persuade a court or government investigator that missing records were not willfully destroyed. Courts generally do not look favorably on organizations that mismanage or dispose of records on an inconsistent basis, even if there was no bad faith motive in that inconsistency.

A good record retention policy will not only specify a record retention period for each type of relevant record (see chart at end of article for suggested, general purpose retention guidelines), but it will also establish a standard disposition policy. It may, for example, specify that the preferred method of disposition is shredding. A professional records management company or IT consultant can also assist you in managing and disposing of all records appropriately, including archived electronic files. As you develop your records disposal program, bear in mind that state and federal laws may dictate a certain type of records disposal process when certain information is included in a record. North Carolina law, for example, requires a written disposal procedure, certain diligence on records disposal vendors, and mandates a certain manner of disposal whenever “personal information” is included in your records. Finally, your record retention policy should identify a records custodian who is responsible for ensuring that the program is rigorously enforced from top management down.

The following chart provides some general records categories and suggested retention periods for commonly used records within the nursing home context and may serve as a good starting point for creating a record retention policy uniquely suited to your facility. Please remember, however, that many different sources of law may suggest specific record retention periods for specific types of records that may not be incorporated in this list. These retention periods are provided for informational purposes only and are not an adequate substitute for legal advice based on your individual business needs and legal requirements. 

TYPE OF RECORD	SUGGESTED RETENTION PERIOD
Clinical/Medical/Infection Control Records	5 years after discharge of an adult patient. If the patient is a minor when discharged, the facility shall ensure that the records are kept on file until his or her 19th birthday and then for an additional 5 years. If a facility discontinues operation, records must be stored in a business offering retrieval services for at least 11 years after the closure date.
HIPAA-Related Records	6 years from the date most recently in effect for HIPAA-mandated records such as policies or procedures, notices of privacy practices, consents, authorizations, and accountings of PHI disclosures
Governance (board minutes, bylaws, foundation documents)	Typically retained permanently
Quality Assurance, Safety Committee, and Abuse Investigation Records	Retain for 5 years
Finance/Accounting	Medicare specifies a retention requirement of 4 years; the recently revised Medicaid Provider Participation Agreements specify a minimum retention period of 6 years for all Medicaid finance and accounting records; it is common to retain these records for 7 years due to certain tax and financial reporting obligations at the federal level
Employment Application, Résumé, Hire/Promotion/Demotion/Transfer Decision, Request for Accommodation, Evaluations, FMLA Records	Medicare specifies a retention requirement of 4 years; the recently revised Medicaid Provider Participation Agreements specify a minimum retention period of 6 years for all Medicaid finance and accounting records; it is common to retain these records for 7 years due to certain tax and financial reporting obligations at the federal level
I-9 Immigration Forms	3 years after hiring or 1 year after termination, whichever is later
Wage Records (rates of pay, time earning sheets, etc.)	5 years after the calendar year in which compensation was paid
Most OSHA/Safety Records (including inspection/training records)	5 years following end of calendar year covered by the record (some specific types of OSHA records have much longer retention period, such as exposure records and employees’ medical files)
Contracts with Vendors/Suppliers	For contracts valued at $10,000 or more over a 12-month period, Medicare regulations specify a retention period of 4 years after the service(s) is furnished under the contract or subcontract; state laws imposing statutes of limitation on contracts actions may be as long as 15 years, however
Tax Records	7 years after taxes at issue were due or paid, whichever is later
Compliance Records (committee minutes, reports to the board, internal audits, etc.)	Based on a survey AHCA performed in 2007, 10 years appears to be the most common retention period for these records