Skip Navigation

Since the HIPAA Privacy Rule protects a decedent’s health information for 50 years following the individual’s death, am I required to keep the decedent’s information for that period of time?

Answer:

No.  The Privacy Rule does not include medical record retention requirements and covered entities may destroy such records at the time permitted by State or other applicable law.