Iowa Healthcare Compliance Requirements
State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Iowa.
Breach Notification Rules
Notification deadline
Most expedient time possible
Notification must be made in the most expeditious manner possible and without unreasonable delay, no later than 90 days. AG must be notified within 5 business days of notifying consumers.
AG notification threshold
500+ affected individuals
Notify: AG
Harm analysis required
Penalty range
Up to $40,000 per violation under Consumer Fraud Act
Medical Records Retention
| Record type | Retention period | Measured from |
|---|---|---|
| General medical | 10 years | Last treatment |
| Pediatric | 10 years | Patient turns 18 |
PDMP Requirements — Iowa PMP
Check required
All controlled substances
Check frequency
Every prescription
Delegation allowed
Penalty range
Licensing board discipline; civil penalties up to $5,000 per violation
Exemptions
Hospice patients, cancer treatment, ≤3 day supply in ER, inpatient or long-term care administration
Mandatory Reporting Obligations
Mandated reporters
Healthcare professionals including physicians, nurses, dentists, psychologists, social workers, and EMTs
Report to
Department of Human Services or local law enforcement
Timeline
Within 24 hours
Penalty for failure
Simple misdemeanor for first offense; serious misdemeanor for subsequent offenses
Immunity provision
Good faith reporters immune from civil and criminal liability under Iowa Code 232.73
Mandated reporters
Physicians, nurses, social workers, and all healthcare professionals
Report to
Department of Human Services, Adult Protective Services
Timeline
Within 24 hours
Penalty for failure
Simple misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
Healthcare providers treating injuries reasonably believed to be from domestic abuse
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
Physicians, laboratories, and healthcare facility administrators
Report to
Iowa Department of Public Health
Timeline
Within 24 hours
Penalty for failure
Simple misdemeanor
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
All healthcare providers treating gunshot wounds or injuries from criminal violence
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Simple misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Stay compliant in Iowa
GuardWell tracks Iowa-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.