Maryland Healthcare Compliance Requirements
State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Maryland.
Breach Notification Rules
Notification deadline
45 calendar days
Notification must be made as soon as reasonably practicable but no later than 45 days after the investigation is concluded. AG must be notified before notifying individuals.
AG notification threshold
All breaches
Notify: AG
Harm analysis required
Penalty range
Up to $1,000 per affected individual, max $100,000 per event
Medical Records Retention
| Record type | Retention period | Measured from |
|---|---|---|
| General medical | 5 years | Last treatment |
PDMP Requirements — Maryland PDMP
Check required
All controlled substances
Check frequency
Every prescription
Delegation allowed
Penalty range
Licensing board discipline; civil penalties; misdemeanor for willful noncompliance
Exemptions
Hospice patients, cancer treatment, ≤14 day supply post-surgical, inpatient hospital or long-term care facility, ≤3 day supply in ER
Mandatory Reporting Obligations
Mandated reporters
Healthcare practitioners including physicians, nurses, dentists, psychologists, social workers, and emergency medical providers
Report to
Department of Social Services, local child protective services, or local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Misdemeanor, up to $10,000 fine and/or 5 years jail
Immunity provision
Good faith reporters immune from civil and criminal liability under Md. Family Law 5-708
Mandated reporters
Healthcare practitioners, police officers, and human services workers
Report to
Adult Protective Services, Department of Human Services
Timeline
Immediately / as soon as possible
Penalty for failure
Misdemeanor, up to $5,000 fine
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
Healthcare providers treating injuries from suspected criminal acts or domestic violence
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
Physicians, laboratories, healthcare facilities, and infection control practitioners
Report to
Maryland Department of Health, local health department
Timeline
Within 24 hours
Penalty for failure
Misdemeanor, up to $500 fine per violation
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
All healthcare providers treating gunshot wounds or stab wounds
Report to
Local law enforcement or Maryland State Police
Timeline
Immediately / as soon as possible
Penalty for failure
Misdemeanor, up to $500 fine
Immunity provision
Good faith reporters immune from civil and criminal liability
Stay compliant in Maryland
GuardWell tracks Maryland-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.