Illinois Healthcare Compliance Requirements
State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Illinois.
Breach Notification Rules
Notification deadline
Most expedient time possible
Notification must be made in the most expedient time possible and without unreasonable delay. AG must be notified. Note: BIPA (biometric data) has separate requirements.
AG notification threshold
All breaches
Notify: AG
Harm analysis required
Penalty range
Up to $50,000 for initial violation, $100,000 for subsequent; BIPA: $1,000-$5,000 per violation
Medical Records Retention
| Record type | Retention period | Measured from |
|---|---|---|
| General medical | 10 years | Last treatment |
| Pediatric | 10 years | Patient turns 18 |
| Mental health | 12 years | Last treatment |
PDMP Requirements — Illinois PMP
Check required
Initial prescription
Check frequency
Every 90 days
Delegation allowed
Penalty range
Licensing board discipline; civil penalties up to $10,000 per violation; possible criminal charges
Exemptions
Hospice patients, cancer treatment, ≤3 day supply in ER, inpatient administration, medication-assisted treatment for substance use disorder
Mandatory Reporting Obligations
Mandated reporters
Physicians, nurses, dentists, psychologists, social workers, EMTs, pharmacists, and all healthcare professionals
Report to
Department of Children and Family Services (DCFS) Hotline
Timeline
Immediately / as soon as possible
Penalty for failure
Class A misdemeanor for first offense; Class 4 felony for subsequent offenses
Immunity provision
Good faith reporters immune from civil and criminal liability under 325 ILCS 5/9
Mandated reporters
Physicians, nurses, social workers, and all healthcare professionals
Report to
Adult Protective Services, Department on Aging
Timeline
Immediately / as soon as possible
Penalty for failure
Class A misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability under 320 ILCS 20/4
Mandated reporters
Healthcare providers treating injuries from suspected domestic violence or criminal acts
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
Physicians, laboratories, healthcare facilities, and infection control practitioners
Report to
Illinois Department of Public Health or local health department
Timeline
Within 24 hours
Penalty for failure
Class A misdemeanor, up to $1,000 fine
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
All healthcare providers treating gunshot wounds, stab wounds, or injuries from criminal violence
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Class A misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Stay compliant in Illinois
GuardWell tracks Illinois-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.