GuardWell Compliance

Multi-State Compliance Engine for All 50 States

Multi-State Healthcare Compliance Software

Configure your operating states and auto-activate state-specific compliance requirements — privacy laws, breach notification rules, OSHA state plans, mandatory reporting, records retention, and telehealth regulations. Covers all 50 states with 500+ requirements.

All 50 states covered500+ state requirementsBreach deadline calculatorMulti-state telehealth support

7-day free trial · No setup fees · Cancel anytime

Why State Compliance Matters

State healthcare regulations often exceed federal requirements. Breach notification deadlines range from 15 to 90 days depending on the state. Records-retention windows and mandatory-reporting rules vary widely. Multi-state practices and telehealth providers must comply with every state where they operate.

50

States with unique requirements

15–90 days

Breach deadline range by state

5–10+ yrs

Records retention range by state

Varies

Telehealth licensing by state

What GuardWell Covers

Everything you need to manage state law compliance in one platform.

Auto-Activation by State

Configure your primary and additional operating states. GuardWell automatically activates the relevant state-specific requirements and weaves them into your existing HIPAA, OSHA, and DEA checklists.

Breach Deadline Calculator

Per-state breach notification deadlines with AG notification thresholds. When an incident occurs, instantly see the earliest deadline across all applicable states.

State OSHA Plans

For states operating their own OSHA programs (CA, MI, WA, etc.), additional state-specific safety requirements appear alongside federal items with clear state badges.

Mandatory Reporting Obligations

Per-state mandatory reporter rules — child/elder abuse, gunshot wounds, communicable diseases, domestic violence — with timelines, recipient agencies, and immunity provisions tracked per state.

Records Retention Rules

State-specific medical records retention periods (ranging from 5 to 10+ years), minor record rules, and special category retention requirements.

State-Specific Training

12 state-specific compliance training courses auto-assigned based on operating states — covering state privacy laws, breach procedures, and mandatory reporting requirements.

How It Works

Get compliant in three straightforward steps.

01

Configure your states

Select your primary state and any additional operating states (for telehealth or multi-location practices). GuardWell auto-activates all relevant state requirements.

02

Review state items

State-specific requirements appear within their parent modules (HIPAA, OSHA, DEA) with clear state badges. Work through them alongside federal requirements.

03

Stay current

The AI Regulatory Intelligence engine monitors state law changes and updates requirements automatically. State breach deadlines are calculated in real time when incidents occur.

Frequently Asked Questions

Common questions about state law compliance.

GuardWell covers all 50 states plus DC for breach notification rules, records retention, and mandatory reporting. State OSHA plans and state-specific training are available for the most common operating states. (PDMP query enforcement is handled by your EMR or Surescripts/Bamboo Health, not GuardWell.)

In Settings, configure your primary state and add any additional operating states. GuardWell activates state-specific requirements for every configured state and blends them into your existing compliance modules. The breach calculator shows deadlines for all applicable states simultaneously.

Yes. When you add states as operating states for telehealth purposes, GuardWell activates the relevant privacy, breach notification, and consent requirements for each state where you provide telehealth services.

When you log a breach incident, GuardWell checks the notification laws for every state where affected individuals reside. It calculates each state's deadline and AG notification threshold, then shows you the earliest deadline so you can prioritize notifications accordingly.

Yes. GuardWell's regulatory intelligence engine monitors state law changes and updates requirements automatically. When a state updates its breach notification deadline or mandatory-reporting rules, your checklists are updated and you receive a notification about the change.

GuardWell tracks medical records retention periods for each state, which range from 5 to 10+ years. It also covers special rules for minor patient records, mental health records, and other category-specific retention requirements that vary by state.

Inside the App

AI Compliance Concierge

Stuck on a state law compliance question? Open the Concierge inside GuardWell and ask in plain English. It reads your live compliance data and answers with specifics — not generic regulation summaries.

Try prompts like

  • What's the breach notification deadline if affected patients live in CA, TX, and NY?
  • Which mandatory reporting categories apply for my primary state?
  • How long do I need to retain pediatric records in my state?

Unlimited Concierge queries are included in the $199/mo plan. Concierge runs on Claude Sonnet 4.6 with deep links into the rest of the app.

Explore More Compliance Modules

GuardWell covers 15 compliance areas in one platform.

HIPAA Compliance
OSHA Compliance
OIG Compliance Program
Staff Compliance Training
Security Risk Assessment
Incident Management
CLIA Lab Compliance
DEA Compliance
CMS / Medicare Compliance
Allergen Safety & Anaphylaxis
OIG / LEIE Sanctions Screening
Audit Prep & Investigation Response

Start managing state law compliance today

Join practices using GuardWell Compliance to stay ahead of audits, enforcement actions, and regulatory inspections — $199/month with annual billing. Try free for 7 days.

7-day free trial · No setup fees · Cancel anytime

Browse by Region

US Census regional groupings — pick a region for a curated overview of breach deadlines, retention rules, and PDMP requirements across its states.

Northeast Region

9 states

NY SHIELD Act, MA 201 CMR 17 WISP, CT breach rule, PA, NJ, MA, ME, NH, RI, VT — breach deadlines, retention rules, PDMP and AG requirements.

Midwest Region

12 states

Illinois PIPA + BIPA, Ohio R.C. §1349.19, Michigan MAPS, Wisconsin §134.98 — breach deadlines, retention rules, PDMP, and AG requirements.

South Region

17 states

Texas HB 300, Florida FIPA 30-day, Virginia CDPA, NC + GA + SC + KY KASPER — breach deadlines, retention rules, PDMP, and AG requirements.

West Region

13 states

California CMIA 15-day, Colorado HB 18-1128 30-day, Washington RCW 19.255 + My Health My Data Act — breach deadlines, retention, PDMP.

State-by-State Compliance Guides

Explore breach notification deadlines, records retention requirements, and mandatory reporting obligations for every state.

AKAlaskaALAlabamaARArkansasAZArizonaCACaliforniaCOColoradoCTConnecticutDCDistrict of ColumbiaDEDelawareFLFloridaGAGeorgiaHIHawaiiIAIowaIDIdahoILIllinoisINIndianaKSKansasKYKentuckyLALouisianaMAMassachusettsMDMarylandMEMaineMIMichiganMNMinnesotaMOMissouriMSMississippiMTMontanaNCNorth CarolinaNDNorth DakotaNENebraskaNHNew HampshireNJNew JerseyNMNew MexicoNVNevadaNYNew YorkOHOhioOKOklahomaOROregonPAPennsylvaniaRIRhode IslandSCSouth CarolinaSDSouth DakotaTNTennesseeTXTexasUTUtahVAVirginiaVTVermontWAWashingtonWIWisconsinWVWest VirginiaWYWyoming

GuardWell

Healthcare Compliance Assistant

Hi! I'm GuardWell's sales assistant.

I can answer questions about our healthcare compliance platform, pricing, and features. How can I help?

Powered by GuardWell AI