18. Data Retention Policy

Despite not being a requirement within HIPAA, W2H understands and appreciates the importance of health data retention. Acting as a subcontractor, and at times a business associate, W2H is not directly responsible for health and medical records retention as set forth by each state. Despite this, W2H has created and implemented the following policy to make it easier for W2H Customers to support data retention laws.

18.1 State Medical Record Laws

• Listing of state requirements for medical record retention

18.2 Data Retention Policy

• Current W2H Customers have data stored by W2H as a part of the W2H Service.
• Once a Customer ceases to be a Customer, as defined below, the following steps are
• Customer is sent a notice via email of change of standing, and given the option to reinstate account.
• If no response to notice in #1 above within 7 days, or if Customer responds they do not want to reinstate account, Customer is sent directions for how to download their data from W2H within 90 days.
• If Customer downloads data or does not respond to notices from W2H within 30 days, W2H will remove identifiable data from W2H systems and Customer is sent notice of removal of data.