Data Management Policies

Data Retention Policy

Tap2Refer maintains Protected Health Information (PHI) in accordance with HIPAA requirements and industry best practices:

• Active patient referral records are retained for a minimum of 6 years from the date of last activity
• Audit logs are maintained for a minimum of 6 years
• Backup records are retained for 6 years
• System logs are retained for 12 months
• Failed login attempts and security incident logs are retained for 24 months

Data Deletion Procedures

Tap2Refer follows these procedures for secure data deletion:

• Data is securely deleted using industry-standard methods when retention periods expire
• Upon written request, patient data can be deleted after verification and in accordance with applicable laws
• Deletion requests are logged and executed within 30 days
• Backup copies are included in deletion procedures
• Hardware decommissioning includes secure data wiping

Data Restoration Procedures

In the event data restoration is required:

• Data is restored from encrypted backups using secure protocols
• Restoration requests require administrative approval
• All restoration activities are logged in the audit system
• Data integrity is verified post-restoration
• Users are notified when their data is restored

Data Access and Correction

Patients have the right to:

• Request access to their PHI
• Request corrections to their PHI
• Receive an accounting of PHI disclosures
• Request restrictions on PHI use and disclosure

To exercise these rights, please contact our Privacy Officer at privacy@tap2refer.com