Tennessee Healthcare Compliance Requirements
State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Tennessee.
Breach Notification Rules
Notification deadline
60 calendar days
Notification must be made without unreasonable delay but no later than 60 days after discovery.
AG notification threshold
Not explicitly required
Harm analysis required
Penalty range
Enforceable by AG; violations treated as unfair or deceptive acts under Consumer Protection Act
Medical Records Retention
| Record type | Retention period | Measured from |
|---|---|---|
| General medical | 10 years | Last treatment |
| Pediatric | 10 years | Patient turns 18 |
PDMP Requirements — TN CSMD
Check required
All controlled substances
Check frequency
Every prescription
Delegation allowed
Penalty range
Licensing board discipline; civil penalties up to $10,000; Class A misdemeanor for willful noncompliance
Exemptions
Hospice patients, cancer treatment, ≤3 day supply in ER, inpatient hospital or long-term care administration, medication-assisted treatment
Mandatory Reporting Obligations
Mandated reporters
Any person including physicians, nurses, dentists, psychologists, and all healthcare professionals
Report to
Department of Children's Services (DCS) or local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Class A misdemeanor, up to 11 months 29 days jail and/or $2,500 fine
Immunity provision
Good faith reporters immune from civil and criminal liability under TCA 37-1-410
Mandated reporters
All persons including healthcare professionals who suspect abuse of a vulnerable adult
Report to
Adult Protective Services, Department of Human Services
Timeline
Immediately / as soon as possible
Penalty for failure
Class A misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
Healthcare providers treating injuries from suspected domestic violence or criminal violence
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
Physicians, laboratories, and healthcare facility administrators
Report to
Tennessee Department of Health, Communicable and Environmental Disease Services
Timeline
Within 24 hours
Penalty for failure
Class C misdemeanor, up to $50 fine
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
All healthcare providers treating gunshot wounds or wounds inflicted by a weapon
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Class C misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Stay compliant in Tennessee
GuardWell tracks Tennessee-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.