Kentucky Healthcare Compliance Requirements
State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Kentucky.
Breach Notification Rules
Notification deadline
Most expedient time possible
Notification must be made as soon as reasonably practicable but no later than 60 days after discovery. AG and affected individuals must be notified.
AG notification threshold
All breaches
Notify: AG
Harm analysis required
Penalty range
Up to $10,000 per violation under Consumer Protection Act
Medical Records Retention
| Record type | Retention period | Measured from |
|---|---|---|
| General medical | 5 years | Discharge |
PDMP Requirements — KASPER
Check required
All controlled substances
Check frequency
Every prescription
Delegation allowed
Penalty range
Licensing board discipline; Class D felony for failure to check; fines up to $10,000
Exemptions
Hospice patients, cancer treatment, ≤3 day supply in ER, inpatient hospital or nursing facility, medication-assisted treatment
Mandatory Reporting Obligations
Mandated reporters
Any person including physicians, nurses, dentists, psychologists, and all healthcare professionals
Report to
Department for Community Based Services (DCBS) or local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Class A misdemeanor; Class D felony if abuse results in serious injury or death
Immunity provision
Good faith reporters immune from civil and criminal liability under KRS 620.050
Mandated reporters
Any person including all healthcare professionals
Report to
Adult Protective Services, Cabinet for Health and Family Services
Timeline
Immediately / as soon as possible
Penalty for failure
Class A misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
Healthcare providers are mandatory reporters when treating injuries from domestic violence (Kentucky mandates for healthcare professionals)
Report to
Local law enforcement or Commonwealth Attorney
Timeline
Immediately / as soon as possible
Penalty for failure
Class A misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
Physicians, laboratories, healthcare facilities, and infection control professionals
Report to
Kentucky Department for Public Health, local health department
Timeline
Within 24 hours
Penalty for failure
Class A misdemeanor
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
All healthcare providers treating gunshot or stab wounds
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Class B misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Stay compliant in Kentucky
GuardWell tracks Kentucky-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.