RETENTION OF PERSONAL DATA [DP150]
        Back to Table of Contents


        Scope: Enterprise
        Distribution: Executive Leadership Team; Director of Information Technology, Privacy and Data Security; Directors, Managers and
        Supervisors; Services and Programs Employees; and Other Employees with Access to Protected Health Information and Other Privacy‐
        Restricted Participant Information (includes Contractors, temporary employees and Interns)
        Purpose: To limit the retention of personal data to what is needed by the organization for its stated purposes.
        External Regulation or Standard: GAPP Principle 5: Use and Retention


        Who is Responsible     Statement    Policy, Standard, or Procedure Statement
                                Number
        Employees with Access    DP150.1    The organization will retain personal Protected Health Information (PHI) and
        to Protected Health                 other Privacy‐Restricted Participant Information (PRPI) for no longer than
        Information (PHI) and               necessary to fulfill the purposes stated in appropriate Notice of Privacy
        Other Privacy‐                      Practices unless a law or regulation requires otherwise. PHI and other PRPI no
        Restricted Participant              longer retained will be disposed of and destroyed in a manner that prevents
                                            loss, misuse, or unauthorized access. Also see C‐001 RECORDS RETENTION ‐
        Information (PRPI)
                                            DESTRUCTION AND PRESERVATION ORDERS ‐ LITIGATION HOLDS






















































         GES CONFIDENTIAL                                                                                    34