Despite not being a requirement within HIPAA, BloomAPI understand and appreciates the importance of health data retention. Acting as a subcontractor, and at times a business associate, BloomAPI is not directly responsible for health and medical records retention as set forth by each state. Despite this, BloomAPI has created and implemented the following policy to make it easier for BloomAPI Customers to support data retention laws.
- Current BloomAPI Customers have data stored by BloomAPI as a part of the BloomAPI Service.
- Once a Customer ceases to be a Customer, as defined below, the following steps are
- Customer is sent a notice via email of change of standing, and given the option to reinstate account.
- If no response to notice in #1 above within 7 days, or if Customer responds they do not want to reinstate account, Customer is sent directions for how to download their data from BloomAPI.
- If Customer downloads data or does not respond to notices from BloomAPI within 30 days, BloomAPI may remove data from BloomAPI systems and Customer is sent notice of removal of data.