FAQs Categories
Since the HIPAA Privacy Rule protects a decedent’s health information for 50 years following the individual’s death, am I required to keep the decedent’s information for that period of time?
Answer:
No. The Privacy Rule does not include medical record retention requirements and covered entities may destroy such records at the time permitted by State or other applicable law.