Alabama Healthcare Compliance Requirements
State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Alabama.
Breach Notification Rules
Notification deadline
Most expedient time possible
Notification must be made as expeditiously as possible and without unreasonable delay, no later than 45 days after determination of breach.
AG notification threshold
1000+ affected individuals
Notify: AG
Harm analysis required
Penalty range
Up to $5,000 per day, max $500,000 per breach
Medical Records Retention
| Record type | Retention period | Measured from |
|---|---|---|
| General medical | 6 years | Last treatment |
PDMP Requirements — PMP AWARxE
Check required
All controlled substances
Check frequency
Every prescription
Delegation allowed
Penalty range
Disciplinary action by licensing board; possible misdemeanor charges
Exemptions
Hospice patients, inpatient hospital administration, ≤3 day supply administered in office
Mandatory Reporting Obligations
Mandated reporters
All healthcare professionals including physicians, nurses, dentists, mental health professionals, and any person called upon to render aid
Report to
Department of Human Resources (DHR) or local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Misdemeanor, up to 6 months jail and/or $500 fine
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
All physicians, nurses, social workers, and other healthcare professionals
Report to
Department of Human Resources, Adult Protective Services
Timeline
Immediately / as soon as possible
Penalty for failure
Misdemeanor, up to $500 fine
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
Healthcare providers treating injuries caused by weapons or criminal acts
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
Physicians, nurses, laboratory directors, and other healthcare providers
Report to
Alabama Department of Public Health
Timeline
Within 24 hours
Penalty for failure
Misdemeanor, up to $500 fine per violation
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
All healthcare providers treating gunshot wounds
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Stay compliant in Alabama
GuardWell tracks Alabama-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.