Most personal medical records should be kept for at least 3 to 7 years, but some documents are worth holding onto permanently. The right timeline depends on the type of record, your state’s laws, whether the records involve a minor, and whether you’ve used medical expenses on your taxes.
General Timelines for Adults
There is no single federal law telling you exactly how long to keep your own medical records. HIPAA sets rules for healthcare providers and insurers, but it doesn’t actually include record retention requirements for patients. Instead, the timelines that matter most come from state laws, tax rules, and practical need.
State requirements for providers range widely. Montana and Wyoming require hospitals and providers to keep records for just 3 years. Massachusetts requires hospitals to retain records for 20 years after a patient’s last treatment. Connecticut requires children’s hospitals to hold records for 25 years after discharge. These laws apply to your doctors and hospitals, not directly to you, but they give you a useful frame of reference: if your provider could legally destroy a record after a few years, having your own copy becomes essential.
A safe general rule is to keep routine medical records, like visit summaries, test results, and prescription information, for at least 7 to 10 years. That covers most state statutes of limitations for malpractice claims and gives you a long enough window to reference past care if a new health issue surfaces.
Records Worth Keeping Permanently
Some records never lose their relevance. Johns Hopkins Medicine recommends maintaining a lifelong personal health history that includes major conditions, surgeries, accidents, and hospitalizations. A family health history covering parents, siblings, and grandparents is equally important, since patterns of disease in your family can shape screening recommendations for decades.
Other records to keep indefinitely:
- Immunization records. You may need proof of vaccination for travel, employment, or school enrollment throughout your life.
- Surgical records and hospital discharge summaries. Details about past procedures, especially implants or complications, can be critical if you need surgery again.
- Chronic condition documentation. If you’ve been diagnosed with a long-term condition like diabetes, heart disease, or autoimmune disorders, your full treatment history helps future providers make better decisions.
- Legal health documents. Living wills, medical power of attorney forms, and advance directives should be kept current and accessible at all times.
Children’s Medical Records
Records for minors require a longer retention window. The American Academy of Pediatrics recommends keeping pediatric records for at least 10 years or until the child reaches the age of majority (18 in most states) plus the applicable statute of limitations for malpractice claims, whichever is longer.
In practice, this can stretch much further than you’d expect. In states where the statute of limitations doesn’t begin until the child turns 18, a malpractice case related to newborn care could be filed 20 years after delivery. That means records from the first days of your child’s life may need to be preserved for two decades. If you’re unsure about your state’s rules, holding onto all pediatric records until your child is at least 25 to 30 is a reasonable approach. North Carolina, for example, requires hospitals to retain a minor’s records until the patient turns 30.
Imaging Records Like X-Rays and MRIs
Diagnostic images follow their own timeline. The Conference of Radiation Control Program Directors recommends retaining imaging records, whether film, digital, or CD, for 7 years for adults. For minors, the recommendation is the age of majority plus 7 years, which typically means holding onto a child’s scans until age 25. The written radiology report should be kept for at least the same length of time as the images themselves.
Many imaging centers now provide digital copies through patient portals. If your portal access could expire or you’re switching providers, download copies and store them yourself.
Medical Records and Your Taxes
If you’ve deducted medical expenses on your tax return or used a health savings account (HSA) to pay for care, the IRS expects you to keep supporting documentation. The standard rule is 3 years from the date you filed the return. If you underreported income by more than 25% of what’s shown on your return, the window extends to 6 years. If you never filed a return, there’s no expiration at all, so keep those records indefinitely.
This means receipts, explanation of benefits statements, and pharmacy printouts tied to a specific tax year should be stored for at least 3 years after filing. For HSA-related expenses, keep records that document the expense was for a qualifying medical purpose in case the IRS questions a withdrawal.
Records After Someone Dies
If you’re managing records for a deceased family member, there is no federal 50-year retention mandate. The U.S. Department of Health and Human Services has clarified that HIPAA does not require providers to keep a deceased person’s records for any set period. Instead, state law governs how long providers must hold them. As a family member, keeping the deceased person’s records for at least 3 years is practical for settling estates, handling life insurance claims, or addressing any billing disputes. Records relevant to hereditary conditions are worth keeping permanently, since they become part of your family health history.
Storing Records Safely
Paper records should be kept in a fireproof, waterproof container at home. But digital copies are far more practical for long-term storage. Scan paper documents and save them as PDFs. Store digital copies in at least two locations: a secure cloud storage service with a strong, unique password and two-factor authentication, plus a backup on an encrypted external drive or USB.
Johns Hopkins Medicine suggests keeping documents from the past year readily accessible and packing away older records. A simple folder structure organized by year and record type (test results, visit notes, prescriptions, insurance forms) makes retrieval easy when you need it.
How to Safely Destroy Old Records
When records have outlived their usefulness, don’t just toss them in the recycling bin. Medical documents contain the kind of personal information that fuels identity theft: your full name, date of birth, Social Security number, insurance details, and diagnostic codes.
For paper records, shredding is the simplest safe method. A cross-cut shredder works well for home use. For larger volumes, many communities offer free shredding events, or you can use a professional destruction service. For digital files, simply deleting them isn’t enough. Use software designed to overwrite the data, or physically destroy the storage device by shredding, melting, or pulverizing it. If you’re disposing of an old computer or phone that held medical information, a factory reset alone may not be sufficient. Specialized disk-wiping software provides a more thorough erasure.