The length of time a practice should keep dental records after a patient’s last visit will vary according to state and federal laws and the provisions of contracted dental benefit plans. It’s a good rule of thumb to check with your attorney, state dental board or state dental association for specific information regarding the requirements in your state and applicable federal law.
It’s also a good idea to contact your professional liability insurance carrier so you can find out – and follow – their recommendations for record retention. Your malpractice carrier may recommend that you maintain the records for an extended period of time beyond that required by state law. It’s recommended that you follow the advice of your professional liability carrier.
General tips about the retention of dental records include:
- Be aware that there are usually different requirements regarding how long to retain the dental records for adults vs. the dental records for children.
- In most cases, the records of minors must be kept for a certain period of time after the child reaches the age of majority as defined by your state.
- Additional recordkeeping requirements apply to practices that are considered covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Refer to the articles on HIPAA Privacy Rule and Protected Health Information and HIPAA Enforcement Rule, which appear in this module. Examples of those extra standards include, but are not limited to, those requiring that:
- Dental practices are considered covered entities if they transmit electronic “covered transactions,” such as electronic claims, to dental plans. It’s also possible to become a covered entity by contracting with an outside service, such as a clearinghouse, to submit electronic covered transactions on behalf of the dental practice.
- HIPAA compliance documents, such as training documentation and written policies and procedures, must be retained for at least six (6) years from the date they were created or from the date the document was last in effect, whichever is later.
- All dental practices should have a legally compliant records retention policy and all staff should understand and adhere to the policy.
- It’s a good idea to regularly review and discuss the practice’s record retention policy during staff meetings so staff is reminded of the procedures to be followed.
Dentists working in practices under an office-sharing arrangement in which the dentist is either an employee or an independent contractor likely do not have the responsibility for determining the practice’s record retention schedule or the authority to delegate responsibility to other staff.
In a multi-practitioner practice of any nature, determining the party responsible for maintaining and retaining the original patient record of any patient treated at the practice facility may depend on the legal structure of the practice, such as the type of professional corporation (PC). Unless an applicable agreement specifies differently, a professional corporation would likely be considered the owner of a paper or electronic dental record, whether or not the owner was involved in the patient's treatment. That entity would have full responsibility for deciding what record retention policies will be implemented.
- ADA's HIPAA Factsheet
- HIPAA Enforcement Rule
- ADA Tip Sheet on Certain Provisions of the HIPAA Privacy Rule [PDF]
- HIPAA Breach Notification Rule