GuardWell Compliance

Maine Healthcare Compliance Requirements

State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Maine.

30-day breach deadline7-year retentionPMP AWARxEStricter than HIPAA

Breach Notification Rules

Notification deadline

30 calendar days

Notification must be made as expediently as possible but no later than 30 days after determination of breach. State regulator must be notified.

AG notification threshold

All breaches

Notify: AG + State Regulators

Harm analysis required

Yes — breach presumed unless risk assessment shows low probability of compromise

Penalty range

Up to $500 per violation under Unfair Trade Practices Act

Stricter than federal HIPAA
View statute

Medical Records Retention

Record typeRetention periodMeasured from
General medical7 yearsLast treatment
Pediatric6 yearsPatient turns 18

PDMP Requirements — PMP AWARxE

Check required

All controlled substances

Check frequency

Every prescription

Delegation allowed

Yes — authorized staff can check on provider's behalf

Penalty range

Licensing board discipline; civil penalties up to $1,000 per violation

Exemptions

Hospice patients, cancer treatment, ≤3 day supply in ER, inpatient administration

Register for PMP AWARxE

Mandatory Reporting Obligations

Mandated reporters

Physicians, nurses, dentists, psychologists, social workers, and all licensed healthcare professionals

Report to

Department of Health and Human Services, Office of Child and Family Services

Timeline

Immediately / as soon as possible

Penalty for failure

Class E crime (misdemeanor), up to 6 months jail and/or $1,000 fine

Immunity provision

Good faith reporters immune from civil and criminal liability under 22 MRSA 4014

Mandated reporters

Physicians, nurses, and all healthcare professionals

Report to

Adult Protective Services, Department of Health and Human Services

Timeline

Immediately / as soon as possible

Penalty for failure

Class E crime

Immunity provision

Good faith reporters immune from civil and criminal liability

Mandated reporters

Healthcare providers are not mandated to report domestic violence in adults; encouraged to provide referrals

Report to

Local law enforcement (voluntary reporting permitted)

Timeline

Immediately / as soon as possible

Immunity provision

Good faith reporters immune from civil liability

Mandated reporters

Physicians, laboratories, and healthcare facility administrators

Report to

Maine Center for Disease Control and Prevention

Timeline

Within 24 hours

Penalty for failure

Class E crime

Immunity provision

Good faith reporters immune from civil liability

Mandated reporters

All healthcare providers treating gunshot wounds

Report to

Local law enforcement

Timeline

Immediately / as soon as possible

Penalty for failure

Class E crime

Immunity provision

Good faith reporters immune from civil and criminal liability

Guides & Articles

HIPAA

HIPAA Compliance Checklist for Small Medical Practices in 2026

HIPAA

HIPAA Breach Notification: Rules, Timelines, and Penalties

HIPAA

Security Risk Assessment: A Step-by-Step Guide for Medical Practices

Training

Staff Training Requirements for Healthcare Compliance in 2026

Stay compliant in Maine

GuardWell tracks Maine-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.

Free compliance scoreSee a demo

View all state compliance guides HIPAA Compliance OSHA Compliance DEA Compliance

GuardWell

Healthcare Compliance Assistant

Hi! I'm GuardWell's sales assistant.

I can answer questions about our healthcare compliance platform, pricing, and features. How can I help?

Powered by GuardWell AI