Comply with HIPAA and more!
The Health Insurance Portability and Accountability Act (HIPAA), a US federal law that governs the privacy and security of protected health information (PHI).
Regarding records management and retention policies, HIPAA requires covered entities (such as healthcare providers, health plans, and healthcare clearinghouses) and their business associates (organizations that handle PHI on behalf of covered entities) to implement reasonable and appropriate administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of PHI.
Healthcare organizations must follow both HIPAA requirements and any state-specific laws that apply to them, ensuring that they retain PHI for the required periods.
It is important to note that HIPAA also requires covered entities to develop and implement written policies and procedures for the retention and destruction of PHI. These policies should address how long different types of PHI should be retained and how PHI should be securely disposed of when it is no longer needed.