Ohio Healthcare Compliance Requirements
State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Ohio.
Breach Notification Rules
Notification deadline
45 calendar days
Notification must be made within 45 days of discovery or notification of the breach. AG must be notified if the breach affects 500+ Ohio residents.
AG notification threshold
500+ affected individuals
Notify: AG
Harm analysis required
Penalty range
Enforceable by AG under Consumer Sales Practices Act; court may award damages
Medical Records Retention
| Record type | Retention period | Measured from |
|---|---|---|
| General medical | 7 years | Last treatment |
| Pediatric | 7 years | Patient turns 18 |
PDMP Requirements — OARRS
Check required
All controlled substances
Check frequency
Every prescription
Delegation allowed
Penalty range
Licensing board discipline; civil penalties up to $10,000; possible felony charges for pattern noncompliance
Exemptions
Hospice patients, cancer treatment, ≤3 day supply in ER, inpatient hospital or nursing facility, medication-assisted treatment
Mandatory Reporting Obligations
Mandated reporters
Physicians, dentists, nurses, psychologists, social workers, and all healthcare professionals acting in professional capacity
Report to
County children services agency or local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Fourth-degree misdemeanor; second-degree misdemeanor if previous conviction
Immunity provision
Good faith reporters immune from civil and criminal liability under ORC 2151.421
Mandated reporters
Physicians, nurses, social workers, and all healthcare professionals
Report to
County Department of Job and Family Services, Adult Protective Services
Timeline
Immediately / as soon as possible
Penalty for failure
Fourth-degree misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
Healthcare providers treating injuries from felonious assault or domestic violence
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
Physicians, laboratories, and healthcare facility administrators
Report to
Ohio Department of Health or local board of health
Timeline
Within 24 hours
Penalty for failure
Minor misdemeanor, up to $150 fine
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
All physicians and healthcare providers treating gunshot wounds, stab wounds, or burn injuries from criminal violence
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Minor misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Stay compliant in Ohio
GuardWell tracks Ohio-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.