Website back end users activity log and HIPAA compliance [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 8 years ago.

Improve this question

Can someone inform me as to what is the required length of time I should keep website user activity logs in a DB to meet HIPAA compliance?

Thanks

Answer 1

Disclaimer: I am not a lawyer and I second Josh Berke's comment.

Six months is generally what I've heard discussed as a minimum, but when it comes to HIPAA compliance there is no such thing as being too safe. If there's no technical limitation, retain audit trails for as long as you can.