Skip to main content

Best Practices in Data Retention and Deletion

Learn why automatic PHI deletion is crucial for your organization and your patients.

Rachel Shelswell avatar
Written by Rachel Shelswell
Updated this week

At Caredove, safeguarding Personal Health Information (PHI) is paramount. Our data retention and deletion policies are designed to balance privacy protection with operational efficiency, ensuring compliance with privacy regulations and facilitating seamless integration with your organization’s systems.

Understanding PHI Retention Periods

Caredove’s default data retention settings are structured to minimize unnecessary storage of PHI:

  • 7 days after the booked appointment date.

  • If no booked appointment: 7 days after the referral is downloaded.

  • If the referral is not downloaded: 60 days after the initial submission date, or 7 days after the appointment date, whichever comes last.

These settings apply to the Essentials subscription. For organizations with an Advanced Subscription, Organizational Administrators can extend the retention period up to 90 days. Requests for longer retention periods can be considered upon special request by your organization’s privacy officer.


The Importance of Automatic PHI Deletion

Automatic deletion of PHI is a critical component of our privacy strategy:

  • PHI requires the highest level of privacy protection.

    • Due to its sensitive nature, personal health information must be handled with extreme care.

    • Safeguarding PHI should always be a top priority.

  • Automatic deletion supports privacy by design.

    • Implementing automatic deletion ensures that PHI is removed on a regular basis, reducing the risk of unnecessary exposure.

    • It helps enforce privacy consistently without relying on manual actions.

  • Extended retention increases the risk of unauthorized access.

    • The longer PHI is kept, the more individuals may interact with it—intentionally or not.

    • Once the information has served its purpose, it should be deleted to mitigate potential breaches.

  • Automation removes reliance on manual processes.

    • Automatic deletion functions independently of staff availability, vacation schedules, or missed calendar reminders.

    • This ensures consistent, timely, and reliable removal of sensitive data.


Data Recovery Options

PHI data can be recovered up to 120 days after deletion. Recovery requests must be submitted in writing to Caredove personnel via chat support. After this period, data is permanently deleted and cannot be recovered.


Integrating Caredove with Your Systems

To maintain long-term records outside of Caredove:

  • Download Referrals: Manually download referral information and upload it into your organization’s case management system.

  • Implement Integrations: Set up integrations between Caredove and your case management system to automate data transfer, ensuring that PHI is stored according to your organization’s retention policies. See which systems we currently integrate with.

These practices ensure that your organization retains necessary information while adhering to privacy regulations.


Conclusion

Caredove’s data retention and deletion policies are designed to protect PHI and support your organization’s compliance with privacy standards. By understanding these practices and integrating them with your systems, you can ensure efficient and secure management of personal health information. For more Privacy related information, please refer to our Privacy Policy or to our Legal page.

For further assistance or to discuss integration options, please contact our support team via the chat.

Did this answer your question?