Retention and Destruction of Compliance Documents Policy

Policy: Retention and Destruction of Compliance Documents

Policy Number: 205 Policy Section: Compliance
Owner: Cynthia Grant Approved By: Paul Vogelman, COO
Effective Date: 5/04/2022 Date of Last Review: 3/23/2023


SUD Specialty Group -- CA; Mental Health Specialty Group, P.A.; Mental Health Specialty Group NJ, PC; and Mental Health Specialty Group KS, P.A. (collectively, the "Group") contracts with Path CCM, Inc. d/b/a Rula Health ("Rula") for management and administrative support services. This policy applies to the Group and Rula.


Policy Statement

This policy ensures the proper retention and destruction of compliance documents in accordance with local, state, and federal laws and regulations. 



This policy applies to all team members. For purposes of this policy, the Group’s and Rula’s team members include individuals who would be considered part of the workforce such as employees, independent contractors, business team members, and other persons whose work performance is under the direct purview of Rula or the Group’s business practices. 



Compliance Documents: All documents associated with compliance including but not limited to policies and procedures, as well as documents specified in CFR §164.316(b)(1) and (2)



  1. The Group, Rula, and their contractors do not create, maintain, or use paper compliance documents. All documents are electronic/digital.  
  2. The Compliance Officer in coordination with the VP of Engineering or delegate is ultimately responsible for administration of this policy and the implementation of processes and procedures to facilitate compliance with the policy. 
  3. Timeline
    1. Retention of compliance documents shall comply with federal and state regulations and contractual requirements. The more stringent requirement shall be followed. This policy shall be consistently applied and documents destroyed after the retention period has expired.
    2. The record retention and destruction schedule is not intended to be all-inclusive and additional checks may need to be completed prior to the destruction of documents.  
  4. Destruction of Records
    1. When electronic documents or computerized data is destroyed, it shall be permanently and irreversibly non-retrievable. 
    2. Destruction of electronic documents will take place through the available method at the time of destruction. 
    3. The Compliance Officer or designee will record dates of record destruction and maintain documentation to include dates of disposed records, method of destruction, and statement that the records were destroyed during the normal course of business. 
    4. If, in the event, records are in the process of being destroyed and the Group and/or Rula are made aware of an audit, investigation, litigation or other legal matter that is reasonably calculated to lead to the discovery of admissible evidence, is reasonably likely to be requested during discovery or is the subject of a pending discovery request, destruction actions related to applicable documents will be immediately suspended. 
    5. The Compliance Officer along with the Executive Team and legal counsel, if necessary, will determine next steps. Notice will be provided to affected individuals to suspend all destruction actions until further notice. 
  5. Compliance Document Retention Schedule
Record Type Schedule Comments 
Internal Clinical Audits and Peer Review Results 3 years  
Internal Compliance Investigations and Results 3 years Investigations that are substantiated may be stored in the HR file and follow HR required retention and destruction timelines.  
External Audits (and any corrective action plans) 10 years  
Documents related to claims filed through insurance carrier Retain until claims are closed or until the statute of limitations expires, whichever is later.   
Policies and Procedures 6 years from the date of its creation or the date when it last was in effect, whichever is later  
HIPAA documents  6 years from the date of its creation or the date when it was last in effect, whichever is later Includes but not limited to privacy policies, privacy practice notices, privacy complaints, remediation plans
Internal Incident Reports and/or Quality of Care Investigations Retain until the incident or investigation is closed. Aggregated data will be retained for 3 years.  
Patient Grievances Retain until the grievance is resolved. Aggregated data will be retained for 3 years.  

Attachments: None

Was this article helpful?

0 out of 0 found this helpful