HIPAA Compliance Doesn’t End with Retirement


HIPAA healthcare requirements document with hand holding a magnifying glassThe time has finally come when you can stop lying about your age and start bragging about it. You are moving on from the old saying, “time is money” to “do I get a senior’s discount?” Although you have dreamed of the moment when you can let go of the hustle and bustle of work, you can’t completely let go of your obligation of HIPAA compliance. You still have responsibilities to state and federal laws that don’t cease upon retirement.

The Health Insurance and Portability and Accountability Act (HIPAA) requires providers to continually provide confidentiality of their patient’s protected health information (PHI) and that it remains available to the patient or authorized people or organizations. You are still legally required to ensure that patient records are properly protected until they are properly destroyed, even after you have “left the building.”

Patient Rights

HIPAA privacy rules and state law give patients the right to their medical records. When you retire, you are responsible for ensuring that active patients receive reasonable notification and that you supply them with their records within 30 days of their request.


Patients should be notified by US mail and include:

  • The date of retirement
  • How to obtain medical records or have them transferred
  • Contact information if the records are being transferred to another practice without the patient’s consent

Although not required, it is recommended that mail is sent certified to ensure proof of receipt by the patient.

Legal Consequences

On February 13, 2018, the Department of Health and Human Services settled with Filefax Inc. for $100K because, as a medical record storage company, they inappropriately handled the medical records of about 2150 patients, not making them secure. Even though Filefax had closed its doors during the investigation, they were still responsible under the law. The protection of PII is always the responsibility of an organization until it is properly destroyed.

Time to Relax

Retirement is when you stop living at work and start working at living, and it should be an enjoyable and relaxing time in your life. You can’t do that if the medical records of your patients aren’t handled with the proper care.

Docusafe supports New Jersey, New York, and Pennsylvania healthcare facilities with paper and electronic medical records so that you remain HIPAA compliant. We’re here to answer any questions. Give us a call at 888-264-7367 or complete the form on this page.

Request Your Quote

When You're Ready, Let's Talk!