Arizona Healthcare Compliance Requirements
State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Arizona.
Breach Notification Rules
Notification deadline
45 calendar days
Notification must be made within 45 days after determination of a security breach.
AG notification threshold
1000+ affected individuals
Notify: AG
Harm analysis required
Penalty range
Up to $10,000 per violation, $500,000 aggregate
Medical Records Retention
| Record type | Retention period | Measured from |
|---|---|---|
| General medical | 6 years | Last treatment |
| Pediatric | 3 years | Patient turns 18 |
PDMP Requirements — Arizona Board of Pharmacy PDMP
Check required
All controlled substances
Check frequency
Every prescription
Delegation allowed
Penalty range
Licensing board discipline; Class 1 misdemeanor for willful noncompliance
Exemptions
Hospice patients, cancer treatment, ≤3 day supply in emergency, dispensing practitioner administering in office
Mandatory Reporting Obligations
Mandated reporters
Physicians, nurses, dentists, psychologists, counselors, social workers, and all other healthcare professionals
Report to
Department of Child Safety (DCS) or local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Class 1 misdemeanor, up to 6 months jail and/or $2,500 fine
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
Physicians, nurses, and all healthcare practitioners with direct patient contact
Report to
Adult Protective Services, Department of Economic Security
Timeline
Immediately / as soon as possible
Penalty for failure
Class 1 misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
Healthcare providers treating injuries from domestic violence or criminal acts
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Class 1 misdemeanor
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
Physicians, nurses, laboratory directors, healthcare facility administrators
Report to
Arizona Department of Health Services or local county health department
Timeline
Within 24 hours
Penalty for failure
Class 2 misdemeanor, up to $750 fine
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
All healthcare providers treating gunshot or stab wounds
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Class 3 misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Stay compliant in Arizona
GuardWell tracks Arizona-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.