Interesting question. There is also a 6 years + year of creation requirement for certain ERISA documents. I have heard that EDI specialists use 6 years as a rule of thumb for maintaining the data, but haven't been able to nail down the source.
Kathy Bakich The Segal Company -----Original Message----- From: Leah Hole-Curry [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 7:20 PM To: [EMAIL PROTECTED] Subject: Re: Data Retention Requirements Ellen, I am not aware the transctions standard requires any specific retention period. Covered entities are subject to complaints and compliance reviews though, so if you don't retain transactions for some time period, how can you prove you were in compliance? Privacy standards require documentation to be retained for six years from date of creation or when last in effect(164.530j). Many times contracts require you to keep documentation for certain time periods. If you are a public entity, or acting on behalf of a public entity, you are subject to records retention requirements set by statute or administrative code. Medicaid, for instance requires some records to be kept for three years after the event or activity. State retention requirements for contract activity (which many transactions involve) vary, but a good starting place is the statute of limitations for contracts in your jurisdiction. Leah Hole-Curry Fox Systems, Inc. 602-708-1045 >>> [EMAIL PROTECTED] 02/05/02 16:10 PM >>> Is anyone aware of any HIPAA requirement regarding a specific period of time for which incoming translation data must be retained by the receiving entity? The security regulation requires a data backup plan to create and maintain "for a specific period or time, retrievable exact copies of information." Other than that, I have found no references to data retention requirements. In the absence of a HIPAA mandate on this topic, can anyone share their policy/rationale for data retention of incoming transaction data? Thank you, Ellen Tatge IS Project Manager - HIPAA EDI Transactions Presbyterian Healthcare Services 505/923-6882 --- PRESBYTERIAN HEALTHCARE SERVICES DISCLAIMER --- This message originates from Presbyterian Healthcare Services or one of its affiliated organizations. It contains information, which may be confidential or privileged, and is intended only for the individual or entity named above. It is prohibited for anyone else to disclose, copy, distribute or use the contents of this message. All personal messages express views solely of the sender, which are not to be attributed to Presbyterian Healthcare Services or any of its affiliated organizations, and may not be distributed without this disclaimer. If you received this message in error, please notify us immediately at [EMAIL PROTECTED] ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL ENTITY TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE. If the reader of this message is not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail indicating in subject line "Received in error" and then delete the message you received. Thank you. ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request.
