Please note: By submitting this form, you are scheduling a consultation. In the dropdown menu above, select Consultation only. “Follow-up” and “New Patient” options do not apply.
Please note: By submitting this form, you are scheduling a consultation. In the dropdown menu above, select Consultation only. “Follow-up” and “New Patient” options do not apply.
MEDICAL RECORDS RETENTION POLICY
EvolveMD Concierge Medicine – Chicago, Illinois
Dr. Brian Donahue, MD
Compliance with Illinois Medical Practice Act (225 ILCS 60/)
This policy is established in accordance with Illinois law and medical practice standards:
◉ Illinois Medical Practice Act (225 ILCS 60/22) – Medical record maintenance requirements
◉ Illinois Health Insurance Portability and Accountability Act
◉ Illinois Personal Information Protection Act (815 ILCS 530/)
◉ American Medical Association Guidelines
◉ Illinois Department of Public Health Regulations
Adult Patient Records (18 years and older):
◉ Minimum Retention Period: 10 years from the date of the last patient encounter
◉ Recommended Retention: 10 years plus statute of limitations for medical malpractice (2 years in Illinois)
◉ Total Recommended Retention: 12 years from last patient encounter
Minor Patient Records (Under 18 years):
◉ Minimum Retention Period: Until patient reaches age 25, OR 10 years from last encounter, whichever is longer
◉ Illinois Specific: Records must be available until minor reaches majority plus statute of limitations
◉ Maximum Retention: Until patient reaches age 27 (age 18 + 2 years + 7 years for potential discovery)
Deceased Patient Records:
◉ Retention Period: 10 years from date of death
◉ Executor/Family Access: Available to authorized representatives during retention period
◉ Autopsy Records: May require longer retention per coroner requirements
Specialized Record Types:
Mental Health Records:
◉ Retention: 12 years from last encounter (enhanced protection under Illinois Mental Health Code)
◉ Minors: Until age 30 or 12 years from last encounter, whichever is longer
◉ Special Handling: Separate destruction protocols required
Substance Abuse Treatment Records:
◉ Federal Requirements: Follow 42 CFR Part 2 requirements
◉ Illinois Requirements: 7 years minimum, 12 years recommended
◉ Confidentiality: Enhanced destruction and access protocols
Genetic Testing Information:
◉ Illinois Genetic Information Privacy Act: Special retention and destruction requirements
◉ Retention: 10 years unless patient requests earlier destruction
Access Restrictions: Limited to authorized personnel only
Membership Agreements and Communications:
◉ Retention: Duration of membership plus 7 years
◉ Includes: Membership contracts, fee records, service agreements
◉ Access: Available for auditing and regulatory review
24/7 Communication Records:
◉ Text Messages: Medical advice texts retained as part of medical record
◉ Phone Consultations: Documentation retained per standard medical record requirements
◉ Video Consultations: Session notes retained, recordings destroyed after transcription unless medically necessary
Patient Portal Communications:
◉ Secure Messages: Retained as part of medical record (10+ years)
◉ Appointment Requests: Retained for 3 years
Administrative Communications: Retained for 7 years
Data Storage Security:
◉ HIPAA-compliant cloud storage with business associate agreements
◉ Encryption at rest and in transit (AES 256-bit minimum)
◉ Regular security audits and penetration testing
◉ Access logging and audit trails are maintained
Backup and Disaster Recovery:
◉ Daily automated backups with geographic redundancy
◉ Quarterly backup restoration testing
◉ Business continuity plan for EHR access during emergencies
◉ Partnership with certified EHR backup services
System Migration and Upgrades:
◉ Data integrity verification during all system changes
◉ Historical data accessibility maintained through upgrades
◉ Migration documentation and validation protocols
◉ Patient notification of any system changes affecting record access
Patient Access Rights (Illinois Enhanced):
◉ Timeframe: 60 days maximum for record production (Illinois requirement)
◉ Format Options: Paper copies, electronic files, or direct transmission to third parties
◉ Fee Structure: Illinois-compliant fee schedule for record copying
• Up to 10 pages: No charge for first copy set
• Additional pages: $0.75 per page maximum
• Electronic records: $6.50 maximum handling fee
• Rush requests: Additional $16.00 maximum
Third-Party Access:
◉ Authorized Representatives: Power of attorney, legal guardians, executors
◉ Healthcare Providers: With proper authorization and medical necessity
◉ Legal Proceedings: Court orders and subpoenas processed per Illinois rules
◉ Insurance Companies: With patient authorization for specific purposes
Physical Record Destruction:
◉ Method: Cross-cut shredding or professional document destruction service
◉ Certificate of Destruction: Required for all professional destruction services
◉ Witness Requirements: Two staff members witness all record destruction
◉ Documentation: Destruction log maintained permanently
Electronic Record Destruction:
◉ Method: NIST 800-88 compliant data sanitization
◉ Verification: Cryptographic wiping verification required
◉ Cloud Data: Certified deletion from all backup systems
◉ Mobile Devices: Remote wiping capability for all devices with access to PHI
Destruction Schedule:
◉ Annual Review: All records assessed for retention compliance
◉ Quarterly Destruction: Eligible records destroyed on quarterly schedule
Emergency Destruction: Protocols for urgent destruction needs (practice closure, security breach)
Ownership Transfer:
◉ Record Ownership: Clearly defined in practice sale agreements
◉ Patient Notification: 30-day advance notice to active patients
◉ Access Continuity: Uninterrupted record access during transition
◉ Compliance Transfer: New owner assumes all retention obligations
Practice Closure:
◉ Patient Notification: 90-day advance notice via certified mail and prominent website posting
◉ Record Storage: Arrangement with qualified custodian for remaining retention period
◉ Access Information: Contact information for future record requests
◉ Illinois Department of Public Health Notification: Required reporting of practice closure
Illinois Department of Public Health Oversight:
◉ Inspection Readiness: Records available for IDPH inspection during business hours
◉ Compliance Documentation: Policies and procedures available for review
◉ Staff Training Records: Documentation of privacy and retention training
◉ Incident Reporting: Breach and privacy incident reporting protocols
◉ Internal Auditing:
◉ Monthly Access Logs Review: All patient record access monitored and reviewed
◉ Quarterly Policy Compliance Check: Retention policy adherence verification
◉ Annual Staff Training: Privacy, security, and retention policy education
◉ External Audit: Annual third-party privacy and security assessment
New Patient Orientation:
◉ Written copy of retention policy provided during intake
◉ Explanation of record access rights and procedures
◉ Contact information for record requests and questions
◉ Acknowledgment signature required in patient file
Ongoing Communication:
◉ Annual policy updates mailed to active patients
◉ Website posting of current retention policies
◉ Patient portal notifications of any policy changes
◉ Educational materials about record security and privacy
Primary Contact:
EvolveMD Concierge Medicine
Medical Records Department
Dr. Brian Donahue, MD
Email: support@evolvemdchicago.com
Phone: (224) 985-9530
Illinois Regulatory Contact:
Illinois Department of Public Health
Office of Health Care Regulation
525 W. Jefferson St., 5th Floor
Springfield, IL 62761
Annual Review: This policy is reviewed annually and updated as needed to reflect changes in Illinois law, federal regulations, and best practices in medical record management.
Last Updated: 18 November 2025
Acknowledgment: All EvolveMD staff receive annual training on this policy and sign acknowledgment of understanding and compliance commitment.