What are MedStatix’s retention policies on data being consumed and persisted on the MedStatix platform from athenahealth? Data received is retained indefinitely in an encrypted-at-rest state on the MedStatix platform. That allows us to comply with our customers retention policies and/or legal holds which will vary in length. To comply with those customer policies, we will delete a customer’s data on their instructions after an internal approval process.
What are MedStatix’s data purge policies in the following scenarios:
Patient terminates relationship with Provider: Patient data is retained indefinitely when a Patient terminates their relationship with their Provider. The data will be deleted in compliance with the provider’s retention policy as relayed to Medstatix in deletion requests.
Provider terminates relationship with practice (or as contracting entity with MedStatix): Patient and Provider data is retained indefinitely by Medstatix, pending deletion requests from clients or the Provider. That allows Medstatix to comply with retention policies held by clients and/or the Provider.
Client terminates relationship with MedStatix: Patient and Provider data is retained indefinitely when a client terminates their relationship with MedStatix, unless the client makes a specific request to delete the data.