Cliff Note: How long to keep these privacy records

Since federal privacy rules require lots of documentation, a frequently asked question is:  How long do we have to keep all the documents that accumulate as a result of compliance with the Health Insurance Portability and Accountability Act (HIPAA)?

The answer:  Six years — and that means six years after the date of a document’s creation or it’s  most recent effective date.

Keep in mind, all HIPAA-related activities must be documented.  This includes privacy policies and procedures,  privacy notices, resolution of complaints, staff training, business associate agreements and all else pertaining to privacy protections.

Source: The U. S. Department of Health & Human Services

Leave a Comment

Your email address will not be published. Required fields are marked *