Washington Healthcare Compliance Requirements
State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in Washington.
Breach Notification Rules
Notification deadline
30 calendar days
Notification must be made within 30 days of discovery. AG must be notified if 500+ Washington residents affected. WDPA provides additional requirements.
AG notification threshold
500+ affected individuals
Notify: AG
Harm analysis required
Penalty range
Up to $25,000 per violation under Consumer Protection Act
Medical Records Retention
| Record type | Retention period | Measured from |
|---|---|---|
| General medical | 10 years | Last treatment |
| Pediatric | 3 years | Patient turns 18 |
| Mental health | 10 years | Last treatment |
PDMP Requirements — WA PMP
Check required
All controlled substances
Check frequency
Every prescription
Delegation allowed
Penalty range
Licensing board discipline; civil penalties up to $5,000; possible criminal charges
Exemptions
Hospice patients, cancer treatment, ≤3 day supply in ER, inpatient hospital or long-term care administration, medication-assisted treatment
Mandatory Reporting Obligations
Mandated reporters
Physicians, nurses, dentists, psychologists, social workers, pharmacists, and all healthcare professionals
Report to
Department of Children, Youth, and Families (DCYF) or local law enforcement
Timeline
Within 48 hours
Penalty for failure
Gross misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability under RCW 26.44.060
Mandated reporters
Physicians, nurses, social workers, and all healthcare professionals
Report to
Adult Protective Services, Department of Social and Health Services
Timeline
Immediately / as soon as possible
Penalty for failure
Gross misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Mandated reporters
Healthcare providers are not specifically mandated to report domestic violence in adults; encouraged to screen and refer
Report to
Local law enforcement (voluntary reporting permitted with patient consent)
Timeline
Immediately / as soon as possible
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
Physicians, laboratories, and healthcare facility administrators
Report to
Washington State Department of Health or local health jurisdiction
Timeline
Within 24 hours
Penalty for failure
Misdemeanor, up to $250 fine per day
Immunity provision
Good faith reporters immune from civil liability
Mandated reporters
All healthcare providers treating gunshot wounds or stab wounds
Report to
Local law enforcement
Timeline
Immediately / as soon as possible
Penalty for failure
Gross misdemeanor
Immunity provision
Good faith reporters immune from civil and criminal liability
Stay compliant in Washington
GuardWell tracks Washington-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.