I'm working in a HIPAA environment and we have a 6 year data retention requirement.
Wondering if anyone has a good strategy?
We're trying to figure out:
- Should we try to keep all the raw data?
- Are archived reports acceptable to meet the HIPAA requirement?
- Should we just send reports to an email distro to archive them?
Please share your experience or thoughts. Trying to stimulate discussion. We are still formulating our policy.