Massachusetts Healthcare Compliance Requirements
State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Massachusetts.
Breach Notification Rules
Notification deadline
Most expedient time possible
Notification must be made as soon as practicable and without unreasonable delay. AG and Director of Consumer Affairs and Business Regulation must be notified simultaneously.
AG notification threshold
All breaches
Notify: AG + Director of Consumer Affairs and Business Regulation
Harm analysis required
Penalty range
Up to $5,000 per violation under Consumer Protection Act (Ch. 93A)
Medical Records Retention
| Record type | Retention period | Measured from |
|---|---|---|
| General medical | 7 years | Last treatment |
| Pediatric | 7 years | Patient turns 18 |
PDMP Requirements — MassPAT
Check required
Schedule II only
Check frequency
Every prescription
Delegation allowed
Penalty range
Licensing board discipline; fines up to $5,000 per violation; possible license suspension
Exemptions
Hospice patients, cancer treatment, inpatient hospital or long-term care administration, ≤24 hour supply in ER
Mandatory Reporting Obligations
Mandated reporters
Physicians, nurses, dentists, psychologists, social workers, EMTs, and all healthcare professionals
Report to
Department of Children and Families (DCF)
Timeline
Immediately / as soon as possible
Penalty for failure
Up to $1,000 fine; civil liability for damages caused by failure to report
Immunity provision
Good faith reporters immune from civil and criminal liability under M.G.L. c. 119 s. 51A
Mandated reporters
Physicians, nurses, dentists, social workers, and all licensed healthcare professionals
Report to
Executive Office of Elder Affairs, Protective Services
Timeline
Immediately / as soon as possible
Penalty for failure
Up to $1,000 fine
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
Healthcare providers are not mandated to report domestic violence in adults; patients may choose to report
Report to
Local law enforcement (voluntary reporting permitted)
Timeline
Immediately / as soon as possible
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
Physicians, laboratories, and healthcare facility administrators
Report to
Massachusetts Department of Public Health, local board of health
Timeline
Within 24 hours
Penalty for failure
Up to $1,000 fine per violation
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
All physicians and healthcare providers treating gunshot wounds or stab wounds
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Misdemeanor, up to $1,000 fine
Immunity provision
Good faith reporters immune from civil and criminal liability
Stay compliant in Massachusetts
GuardWell tracks Massachusetts-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.