18. Data Retention Policy

Despite not being a requirement within HIPAA, WayToHealth understands and appreciates the importance of health data retention. Acting as a subcontractor, and at times a business associate, WayToHealth is not directly responsible for health and medical records retention as set forth by each state. Despite this, WayToHealth has created and implemented the following policy to make it easier for WayToHealth Customers to support data retention laws.

18.1 State Medical Record Laws

• Listing of state requirements for medical record retention

18.2 Data Retention Policy

• Current WayToHealth Customers have data stored by WayToHealth as a part of the WayToHealth Service.
• Once a Customer ceases to be a Customer, as defined below, the following steps are
• Customer is sent a notice via email of change of standing, and given the option to reinstate account.
• If no response to notice in #1 above within 7 days, or if Customer responds they do not want to reinstate account, Customer is sent directions for how to download their data from WayToHealth within 90 days.
• If Customer downloads data or does not respond to notices from WayToHealth within 30 days, WayToHealth will remove identifiable data from WayToHealth systems and Customer is sent notice of removal of data.