Compliance
Data Retention Policy
Retention schedules, archival procedures, and secure destruction for clinical data in M4NG0 OS.
Last updated: March 2026
1. Purpose
This policy defines how long different categories of data are retained within M4NG0 OS, the procedures for archiving inactive records, and the process for secure destruction of data when retention periods expire or when requested by the healthcare organization.
2. Retention Schedule
| Data Category | Minimum Retention | Basis |
|---|---|---|
| Patient clinical records | 7 years from last encounter | HIPAA / state regulations |
| Minor patient records | Age 21 or 7 years, whichever is later | State-specific requirements |
| Billing and financial records | 7 years | Tax and audit requirements |
| Audit logs (PHI access) | 6 years | HIPAA Security Rule |
| System and authentication logs | 1 year | Operational |
| Staff and device records | Duration of employment + 3 years | HR and compliance |
The hospital may extend retention periods beyond the minimums listed above. M4NG0 OS does not automatically delete records — all destruction requires explicit authorization from a hospital administrator.
3. Archival
Patient records with no activity beyond the retention threshold can be archived:
- Archived records remain encrypted and searchable but are moved to a separate storage partition.
- Access to archived records requires administrator authorization and is logged separately in the audit trail.
- Archived records count toward storage capacity but do not affect system performance.
4. Secure Destruction
When the hospital authorizes data destruction:
- Records are permanently deleted from the primary database, archived partitions, and all backup copies.
- Deletion uses cryptographic erasure — the encryption key for the targeted records is destroyed, rendering the encrypted data irrecoverable.
- A destruction log entry is created (containing record identifiers and timestamp, but not the destroyed data itself).
- The hospital receives a Certificate of Destruction confirming the scope and completeness of the deletion.
5. Data Export Before Destruction
Before any data destruction, M4NG0 OS provides a full export option:
- Export formats: FHIR R4 JSON, CSV, encrypted archive.
- Export includes all clinical records, audit logs, billing data, and system configuration.
- Export is performed by the hospital administrator directly — no vendor involvement required.
6. Contract Termination
If the hospital terminates its use of M4NG0 OS:
- All data remains on the hospital's hardware. M4NG0 does not retain any copies.
- The hospital may continue accessing data using the installed system or export it before decommissioning.
- M4NG0 provides 90 days of technical support for data migration after the termination date.
Retention schedules are configured during deployment based on the hospital's jurisdiction and compliance requirements. Contact sales@m4ng0.com for deployment details.