The Health Insurance Portability and Accountability Act (HIPAA) mandates that Covered Entities and Business Associates retain certain documentation for a minimum of six years. However, state laws may have their own retention requirements.
Key Takeaways:
- HIPAA’s Minimum Requirement: HIPAA mandates a six-year retention period for specified documents.
- State Preemption: If a state has a shorter retention period, HIPAA’s requirement takes precedence. If a state has a longer retention period, the longer retention period must be abided by.
- Consult Legal Counsel: For specific questions about your state’s requirements, seek advice from legal counsel.
Understanding State-Specific Regulations
While HIPAA sets the baseline, individual states may have additional or stricter retention requirements. It’s crucial to consult your state’s laws or seek legal advice to ensure compliance with both federal and state regulations.
- 45 CFR § 164.316 (b)(2)(i)
Feeling overwhelmed by HIPAA compliance? Our team offers comprehensive resources and guidance to help you navigate the complexities of HIPAA. Contact us today to learn more!