4.5 Retention and Destruction Policies

Retention is a lifecycle control, not a storage preference

The AHIMA RHIA Domain 2, Data and Information Governance, includes retention and destruction policies. Retention determines how long health information must be kept. Destruction determines how eligible information is disposed of once retention requirements are met and no hold applies. The exam tests governance judgment, so avoid memorizing a single universal number. Retention depends on record type, jurisdiction, organizational policy, payer and accreditation requirements, litigation or audit holds, and operational use.

A few anchors help, but always defer to the governing schedule. HIPAA requires covered entities to retain HIPAA-related documentation (policies, notices, authorizations, accountings of disclosures) for 6 years from creation or last effective date, this is documentation retention, not medical-record retention. Medicare typically expects providers to retain records for at least 5 years (managed-care records often 10 years), while many state laws set adult medical-record retention at roughly 5-10 years and minors' records until some period after the age of majority.

AHIMA's long-standing guidance recommends retaining the master patient index permanently. When two requirements overlap, the longest applicable period generally controls.

A retention schedule should classify records and define the event that starts the clock. The trigger may be discharge, last encounter, final payment, date of creation, or, for minors, reaching the age of majority. A destruction process should require approval, confirm eligibility, protect confidentiality, document what was destroyed, and suspend destruction whenever a legal hold, audit, investigation, or active request applies.

What can go wrong

Retention risk appears when departments keep unofficial schedules, destroy records without approval, retain everything forever without reason, or fail to suspend destruction when a hold exists. Over-retention raises storage cost and e-discovery burden. Under-retention damages patient care, reporting, legal defense, and audit response. Poor destruction can expose protected health information even after the official retention period ends, a HIPAA breach risk.

The RHIA should distinguish the official record from copies, drafts, working documents, backups, scanned images, indexes, and data extracts. A copy may not carry the same retention status as the legal record, yet it can still contain sensitive information and require controlled handling. Backups and system archives create special challenges that policy should address with IT and compliance.

Destruction decision checklist

• Identify the record class and governing retention schedule.
• Confirm the retention trigger and the calculated eligibility date.
• Check for legal hold, audit hold, investigation, active request, or operational need.
• Verify approval authority and any required segregation of duties.
• Use a confidential destruction method appropriate to the medium.
• Obtain and store the destruction documentation.
• Update indexes, logs, or inventories per procedure.
• Audit the process periodically for consistency and vendor performance.

For paper, destruction usually means secure shredding or pulping through an approved process or business associate. For electronic information, it means deletion, media sanitization, or cryptographic erasure consistent with policy and security standards. The RHIA does not personally perform every technical step; the role is to ensure the governance controls exist and are followed.

Exam reasoning

When a scenario asks whether records can be destroyed, look for the schedule, eligibility, approval, hold status, and documentation. If any is missing, the best answer is to pause and verify. Never choose convenience, storage pressure, or an informal department preference over the approved retention policy, especially when a hold may apply. Retention and destruction govern the full life of health information from creation through defensible disposition.

Legal hold and defensible disposition

The single most tested concept here is the legal hold (litigation hold). When litigation, an audit, an investigation, or a government request is reasonably anticipated, the organization must suspend routine destruction of potentially relevant records, even if they are otherwise eligible for disposal. Destroying records under a hold can be treated as spoliation of evidence and expose the organization to sanctions. So an exam stem that says "records are eligible for destruction" but also mentions pending litigation has only one correct action: preserve them and confirm with legal and compliance.

The counterpart concept is defensible disposition: destroying records on schedule, with documentation, so the organization can prove the destruction was routine, authorized, and consistent rather than an attempt to hide evidence. A destruction certificate or log, recording what was destroyed, when, by what method, and under whose authority, is what makes disposition defensible later.

A worked retention example

A records manager finds boxes of paper charts for adult patients last seen 8 years ago and wants to shred them to reclaim space. The governed steps: classify the records (legal health record), confirm the retention trigger (last date of service) and the eligibility date against the longest applicable requirement (state law plus any payer or accreditation rule), check for any active legal hold or audit, obtain documented approval from the authorized role, use an approved confidential shredding vendor under a business associate agreement, and file the destruction certificate.

If even one chart belongs to a patient in active litigation, that chart is pulled and preserved. The exam rewards this sequence over "shred to free space."