The Health Insurance Portability and Accountability Act (HIPAA) requires Covered Entities and Business Associates to maintain required documentation for a minimum of six (6) years from the date of its creation, or the date when it last was in effect, whichever is later. HIPAA preempts state requirements if the state has a shorter retention period. If you have any questions specific to your state’s records retention policies, it is best to contact your legal counsel for their recommendations.
Total HIPAA Compliance has created a table of each state’s medical records retention requirements for healthcare providers and insurance agents.
- 45 CFR § 164.316 (b)(2)(i)