Data Retention Policy

  1. What are MedStatix’s retention policies on data being consumed and persisted on the MedStatix platform from athenahealth? Data received is retained indefinitely in an encrypted-at-rest state on the MedStatix platform.  That allows us to comply with our customers retention policies and/or legal holds which will vary in length.   To comply with those customer policies, we will delete a customer’s data on their instructions after an internal approval process.
  2. What are MedStatix’s data purge policies in the following scenarios:
    • Patient terminates relationship with Provider: Patient data is retained indefinitely when a Patient terminates their relationship with their Provider. The data will be deleted in compliance with the provider’s retention policy as relayed to Medstatix in deletion requests.
    • Provider terminates relationship with practice (or as contracting entity with MedStatix): Patient and Provider data is retained indefinitely by Medstatix, pending deletion requests from clients or the Provider. That allows Medstatix to comply with retention policies held by clients and/or the Provider.
    • Client terminates relationship with MedStatix: Patient and Provider data is retained indefinitely when a client terminates their relationship with MedStatix, unless the client makes a specific request to delete the data.