On 11/2/06, Link, Gary M. <[log in to unmask]> wrote:
> The article at this address http://www.hipaadvisory.com/regs/recordretention.htm
> contains the statement "Records must be retained for two years after a patient's death under HIPAA."
I've never seen anything like that in all my years of reading HIPAA.
This is like the individual who was told by their IT Security Group
that Sarbanes-Oxley required that passwords contain an uppercase
letter, a unique character (say an exclamation point), numbers and be
at least 8 characters long. I told the individual to ask them to point
to the exact part of SOX that required that.
I suspect this is the same situation
--
Peter Kurilecz CRM CA
Richmond, Va
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance