Your work is vital. We are raising funds to support it.
I work at a non-profit in Pennsylvania and I was wondering how long HIPPA compliance rules require us to keep our backups?(And does that depend on what type of non-profit we are?)I was advised here that I should find out the compliance rules of my industry before deleting backups.
The HIPAA Privacy Rule does not include medical record retention requirements. Rather, State laws generally govern how long medical records are to be retained. However, the HIPAA Privacy Rule does require that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of medical records and other protected health information (PHI) for whatever period such information is maintained by a covered entity, including through disposal. See 45 CFR 164.530(c).
Please keep in mind that yours is a legal question, not a technical one. Vague on-line suggestions, including mine, mean little. Your data retention policy should be set by management, probably with input from your organization's legal advisors. Researching the topic is admirable and might prove helpful, but as an IT tech your responsibility should be to support the policy, not set it.
I don't think that's quite what HITECH says.
But it raises a good point. There might be other external regulations or requirements to which Andrew's (undefined) organization must adhere.
Close this window