18. Data Retention Policy

Despite not being a requirement within HIPAA, CIRG understand and appreciates the importance of health data retention. Acting as a subcontractor, and at times a business associate, CIRG is not directly responsible for health and medical records retention as set forth by each state. Despite this, CIRG has created and implemented the following policy to make it easier for CIRG Clients to support data retention laws.

18.1 State Medical Record Laws

• Listing of state requirements for medical record retention

18.2 Data Retention Policy

• Current CIRG Clients have data stored by CIRG as a part of the CIRG Service.
• Once a Client ceases to be a Client, as defined below, the following steps are
  1. Client is sent a notice via email of change of standing, and given the option to reinstate account.
  2. If no response to notice in #1 above within 7 days, or if Client responds they do not want to reinstate account, Client is sent directions for how to download their data from CIRG and/or to have CIRG continue to store the data at a rate of $25/month for up to 100GB. If there is more than 100GB of data, CIRG will work with Client to determine storage costs.
  3. If Client downloads data or does not respond to notices from CIRG within 30 days, CIRG removed data from CIRG systems and Client is sent notice of removal of data.