GuardWell Compliance

Connecticut Healthcare Compliance Requirements

State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Connecticut.

60-day breach deadline7-year retentionConnecticut PMP

Breach Notification Rules

Notification deadline

60 calendar days

Notification must be made no later than 60 days after discovery of the breach. AG must be notified simultaneously.

AG notification threshold

All breaches

Notify: AG

Harm analysis required

Yes — breach presumed unless risk assessment shows low probability of compromise

Penalty range

Up to $5,000 per violation under CUTPA

Comparable to federal HIPAA
View statute

Medical Records Retention

Record typeRetention periodMeasured from
General medical7 yearsLast treatment
Pediatric7 yearsPatient turns 18

PDMP Requirements — Connecticut PMP

Check required

All controlled substances

Check frequency

Every prescription

Delegation allowed

Yes — authorized staff can check on provider's behalf

Penalty range

License suspension or revocation; fines up to $1,000 per violation; possible criminal penalties

Exemptions

Hospice patients, cancer treatment, ≤72 hour supply in ER, inpatient hospital or long-term care facility administration

Register for Connecticut PMP

Mandatory Reporting Obligations

Mandated reporters

Physicians, surgeons, nurses, dentists, dental hygienists, psychologists, school employees, social workers, and all healthcare professionals

Report to

Department of Children and Families (DCF) Careline

Timeline

Immediately / as soon as possible

Penalty for failure

Class A misdemeanor, up to 1 year jail and/or $2,000 fine

Immunity provision

Good faith reporters immune from civil and criminal liability under CGS 17a-101e

Mandated reporters

Physicians, nurses, dentists, psychologists, and all licensed healthcare professionals

Report to

Department of Social Services, Elderly Protective Services

Timeline

Immediately / as soon as possible

Penalty for failure

Up to $2,500 fine

Immunity provision

Good faith reporters immune from civil and criminal liability

Mandated reporters

Healthcare providers when treating injuries reasonably believed to result from abuse

Report to

Local law enforcement

Timeline

Immediately / as soon as possible

Immunity provision

Good faith reporters immune from civil liability

Mandated reporters

Physicians, laboratories, healthcare facilities, and infection control practitioners

Report to

Connecticut Department of Public Health

Timeline

Within 24 hours

Penalty for failure

Up to $1,000 fine per violation

Immunity provision

Good faith reporters immune from civil liability

Mandated reporters

All healthcare providers treating gunshot wounds or stab wounds

Report to

Local law enforcement

Timeline

Immediately / as soon as possible

Penalty for failure

Class A misdemeanor

Immunity provision

Good faith reporters immune from civil and criminal liability

Guides & Articles

HIPAA

HIPAA Compliance Checklist for Small Medical Practices in 2026

HIPAA

HIPAA Breach Notification: Rules, Timelines, and Penalties

OSHA

Bloodborne Pathogens Exposure Control Plan: What Every Practice Needs

Compliance

How to Prepare for a HIPAA Audit: A Practice Manager's Guide

Stay compliant in Connecticut

GuardWell tracks Connecticut-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.

Free compliance scoreSee a demo

View all state compliance guides HIPAA Compliance OSHA Compliance DEA Compliance

GuardWell

Healthcare Compliance Assistant

Hi! I'm GuardWell's sales assistant.

I can answer questions about our healthcare compliance platform, pricing, and features. How can I help?

Powered by GuardWell AI