Data Retention Policy

This document explains how long we retain your information and how we dispose of it when it's no longer needed.

Overview

We retain your information for as long as necessary to provide you with healthcare services, comply with legal requirements, and protect your rights. This policy explains:

How long different types of information are retained
When and how information is disposed of
Your rights regarding your information

Retention Periods

Medical Records

Retention Period: 7 years from the date of your last service

What This Includes:

Appointments and bookings
Prescriptions
Appointment requests
Medical notes and health information
Communications with healthcare providers related to your care

Why We Retain This: HIPAA requires us to retain medical records for a minimum of 6 years. Many state laws require 7 years. We retain your records for 7 years to comply with the most stringent requirements and to ensure continuity of care.

Audit Logs

Retention Period: 6 years minimum

What This Includes:

Records of who accessed your health information
Authentication and login records
System activity logs related to your information

Why We Retain This: HIPAA requires us to retain audit logs for 6 years to support compliance audits and security investigations.

Financial Records

Retention Period: 7 years

What This Includes:

Payment transactions
Invoices and receipts
Subscription records
Refund records

Why We Retain This: IRS and accounting regulations require us to retain financial records for 7 years for tax and audit purposes.

Account Information

Retention Period: While your account is active, plus 2 years after account closure

What This Includes:

Your account profile information
Preferences and settings
Non-medical communications

Why We Retain This: We retain this information for customer service purposes and to comply with legal requirements.

Consent Records

Retention Period: 7 years from the consent date, or until you withdraw your consent

What This Includes:

Your consent forms (photo, video, testimonial, marketing, treatment)
Records of consent withdrawals
Consent expiration records

Why We Retain This: We retain consent records to demonstrate compliance with your consent choices and to support legal requirements.

Data Disposal

When Information is Deleted

When information reaches the end of its retention period, we will:

Identify the information eligible for disposal
Verify that the retention period has expired
Securely delete the information from our active systems
Document the disposal in our records

How Information is Deleted

We use secure deletion methods to ensure your information cannot be recovered:

Database Records: Permanently deleted from our databases
Files: Permanently deleted from our secure storage systems
Backups: Deleted according to our backup retention policy

All deletion activities are logged and monitored to ensure proper disposal.

Anonymization

In some cases, we may anonymize information instead of deleting it. Anonymized information:

Has all identifying information removed
Cannot be linked back to you
May be used for statistical or research purposes

Your Rights

Right to Request Deletion

You have the right to request deletion of your information, subject to legal requirements. We may not be able to delete information if:

It's required to be retained by law (such as medical records)
It's needed for ongoing legal proceedings
It's necessary for legitimate business purposes

Right to Access

You can request a copy of your information at any time. We will provide it to you in a format you can use.

Right to Request Restrictions

You can request restrictions on how we retain or use your information, though we may not be able to accommodate all requests due to legal requirements.

Legal Holds

Sometimes, we may be required to retain information longer than our standard retention period due to:

Legal Proceedings: If information is needed for ongoing or anticipated legal proceedings
Investigations: If information is needed for an investigation
Court Orders: If a court orders us to retain information

When information is subject to a legal hold, we will retain it until the legal hold is released, even if it exceeds our standard retention period.

Backup Retention

We maintain backups of our systems to protect against data loss. Backups are retained according to the following schedule:

Daily Backups: Retained for 30 days
Weekly Backups: Retained for 12 weeks
Monthly Backups: Retained for 12 months
Yearly Backups: Retained for 7 years

Backups containing your information are encrypted and securely stored. When backups are deleted, your information is permanently removed.

Exceptions

Extended Retention

We may retain information longer than the standard retention period if:

It's subject to a legal hold
Required by specific regulations
Needed for an ongoing investigation
You request extended retention (with proper authorization)

Early Deletion

We may delete information earlier than the standard retention period if:

You request deletion (subject to legal requirements)
Required by court order
The information was incorrectly collected

Compliance

This policy is designed to comply with:

HIPAA: Health Insurance Portability and Accountability Act
State Laws: State-specific medical record retention requirements
IRS Regulations: Tax record retention requirements
Other Applicable Laws: Any other federal, state, or local laws

Questions About Data Retention

If you have questions about:

How long we retain your information
When your information will be deleted
Requesting deletion of your information
Legal holds on your information

Please contact us:

Email: maylis@doctoronthewatch.com Phone: +1 (917) 526-9746

Changes to This Policy

We may update this policy from time to time to reflect changes in legal requirements or our practices. We will notify you of any material changes by posting the updated policy on our website.

Last Updated

12/15/2025

Next Review Date

12/15/2026