QUESTION

Does my health insurance company keep my medical records on file? If they do, for how long do they keep the records?

ANSWER

It’s illegal for your medical insurance company to hang on to your medical records unless the records are related to an ongoing reimbursement issue. Doctors’ offices and hospitals, on the other hand, generally keep medical records for five to 10 years after a patient’s last treatment, discharge or death. State laws vary on how long records must be kept depending on various factors, such as whether the records are kept by a doctor in private practice or a hospital and whether the patient is an adult or a child. However, most insurance companies are members of MIB Group, Inc. (formerly the Medical Information Bureau), which exchanges medical information with about 430 life and health insurance companies and maintains files on about 18 million people. Information on every exam, test result and treatment is submitted by health-care providers to health insurance companies as a medical code that is unique to each type of service rendered. Insurance companies then pass this information on to MIB. MIB expunges the records after seven years. MIB member insurance companies tend to be more reputable, and their collection of records more uniform, than is the case with nonmember companies. You can request a free copy of your MIB file (if there is one) from MIB once a year. It’s a good idea to check your file for errors—for example, a surgery you never had or a benign tumor that is recorded as malignant—and have any that you find corrected. (The file you receive will define the codes that are listed.) But if you’re really asking about the privacy of your medical records, there is a law that’s supposed to protect that. The 1996 federal Health Insurance Portability and Accountability Act (HIPAA) stipulates that your health records remain private—including when you transfer to a different health insurance company and/or transfer your records among health-care providers. HIPAA gives you rights regarding your health information…sets limits on how the information can be used…and sets rules for how it must be kept secure with administrative, technical and physical safeguards. Additionally, with the passage in 2014 of the Affordable Care Act (ACA), health insurance companies were prohibited from denying coverage for preexisting conditions, so the need for them to see your medical records went away—indeed, they are no longer permitted to ask for your records when you apply for health insurance. Any health insurance company that violates your privacy may be fined or face criminal charges. This means that only you can give a physician, family member, friend, company or insurance underwriter permission to look at your medical records. Most patients sign a release form at the time of service—such as at a doctor visit or hospital stay—that allows health insurance companies to see their health records in case there is a claim dispute. For instance, if you’re denied coverage of a procedure or get billed for a service you didn’t receive, the insurance company will need to review your medical records to resolve the dispute. You can choose not to sign the release. But in that case, your insurance company might not cover the service—and your health-care provider might not even be willing to provide it. Although no law or other safeguard is perfect, this is the way our system is currently set up, and I see no special danger in a patient signing these HIPAA release forms.