Telehealth rules, Hawaii Telehealth, Psychotherapy Models for telebehavioral health, HIPAA Retention

HIPAA Retention


Please support’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

What are the HIPAA Retention Requirements?

Understanding your HIPAA retention requirements is an essential part of running your telebehavioral health practice in today’s day and age. With EHR systems and the increasingly digital nature of health care, questions about what your requirements are in regards to record retention under HIPAA regulation are bound to arise.

So how do you find out about your HIPAA retention requirements and how do you ensure that you have everything in place to keep your patients’ data safe and secure?

Understanding HIPAA Retention Requirements

Under HIPAA regulation, there are technically no requirements for record retention. That being said, HIPAA regulation does state that healthcare professionals must implement effective security safeguards to maintain the privacy and security of health care data. HIPAA regulation states that these safeguards must be maintained in order to “protect the privacy of Protected Health Information for whatever period such information in maintained.”

These safeguards are outlined in the HIPAA Security Rule, and include standards that all health care providers, including behavioral health professionals, must address. The regulation outlines specific technical, physical, and administrative safeguards that must be in place to secure protected health information (PHI) for as long as it is maintained.

Note that HIPAA regulation does not state how long your practice must retain medical records, only that your medical records are maintained in accordance with HIPAA retention requirements for as long as they are maintained.

State HIPAA Retention Requirements

That being said, HIPAA regulation defers to state law when it comes to medical retention requirements. Each state has its own unique laws that govern the length for which medical records must be maintained.

So when it comes to understanding your HIPAA retention requirements, the important thing to remember is that federal HIPAA regulation sets standards for how your medical records must be protected, while state law sets rules for how long your medical records must be maintained.

Keep this information in mind as you assess the needs of your behavioral health practice and your ongoing HIPAA compliance!

HIPAA Resources

Recent Webinar: Cyber-Attacks: Top 5 Things You Can Do Tomorrow Morning to Protect Your Practice

Recent Webinar: Social Media and HIPAA Compliance: Protecting Your Practice in the Digital Age

Visit our other On-Demand Webinars

If you need assistance with HIPAA compliance, consider working with our TBHI affiliate, the HIPAA Compliancy Group. (When you purchase services from them, TBHI will be paid a small commission.) They can help you support your HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance. The Guard is built to address the HIPAA regulations, including guided walkthroughs of HIPAA Risk Assessments. With The Guard, you can focus on running your practice while keeping your patients’ data protected and secure.Compliancy Group’s team of expert Compliance Coaches® can also field questions and guide you through the implementation process, taking the stress out of managing compliance. Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!

Basic Telehealth Legal & Ethical Rules: HIPAA, Privacy, Working Across State Lines, Malpractice Insurance

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Privacy Policy and Terms and Conditions.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x