Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

HIPAA and Medical Records Retention Requirements by State

The Health Insurance Portability and Accountability Act (HIPAA) requires Covered Entities and Business Associates to maintain required documentation for a minimum of six (6) years from the date of its creation, or the date when it last was in effect, whichever is later. HIPAA preempts state requirements if the state has a shorter retention period. If you have any questions specific to your state’s records retention policies, it is best to contact your legal counsel for their recommendations.

Total HIPAA Compliance has created a table of each state’s medical records retention requirements for healthcare providers and insurance agents.

  1. 45 CFR § 164.316 (b)(2)(i)

Sharing is caring!

Does your organization comply with HIPAA?

Find out if your organization needs to comply with HIPAA using our simple, fast, online questionnaire.

Start Questionnaire →

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)

[el.selectedIndex]
[el.selectedIndex]
[fieldObj.selectedIndex]
[fieldObj.selectedIndex]
[el.selectedIndex]
[el.selectedIndex]
[fieldObj.selectedIndex]
[fieldObj.selectedIndex]
[el.selectedIndex]
[el.selectedIndex]
[fieldObj.selectedIndex]
[fieldObj.selectedIndex]