HIPAA-Focused Folder Template with Retention Hints

HIPAA generally requires retaining HIPAA-related documentation (policies, procedures, notices, complaints) at least six years from creation or last effective date.

Top-Level Layout

/
├── clinical/
├── administrative/
├── security-privacy/
├── billing-revenue/
└── research/

Schema Reference

Data Structure

field_name:
  type: string
  required: true
  description: Field description
  example: "example_value"

API Reference

Endpoint Overview

Method	Endpoint	Description
GET	`/api/v1/resource`	List resources
POST	`/api/v1/resource`	Create resource
PUT	`/api/v1/resource/:id`	Update resource
DELETE	`/api/v1/resource/:id`	Delete resource

Folder Hierarchy

Within Each Domain

{domain}/
├── us/
│   ├── policy/
│   │   ├── controlled/
│   │   ├── draft/
│   │   └── archive/
│   ├── procedure/
│   ├── sop/
│   ├── form/
│   ├── notice/
│   └── log/
├── state-{xx}/
│   └── ...
└── global/
    └── ...

Retention Categories in Folder Names

For operational clarity (while actual enforcement is via metadata & jobs):

Folder	Contents	Retention
`security-privacy/us/policy/ret-6y/`	HIPAA policies, procedures, notices	Min 6 years
`clinical/us/record/ret-6y-plus-state/`	Patient records (HIPAA + state)	6 years + state law
`billing-revenue/us/record/ret-7y/`	Financial records	7 years

Example Structure

security-privacy/
├── us/
│   ├── policy/
│   │   ├── ret-6y/
│   │   │   ├── controlled/
│   │   │   │   ├── HSP-POL-001-privacy-notice-v3.0.md
│   │   │   │   ├── HSP-POL-002-breach-notification-v2.1.md
│   │   │   │   └── HSP-POL-003-data-retention-v1.5.md
│   │   │   ├── draft/
│   │   │   └── archive/
│   │   └── ret-permanent/
│   └── procedure/
│       └── ret-6y/
│           └── HSP-PROC-001-privacy-incident-v2.0.md
└── eu/
    └── policy/
        └── ret-gdpr/
            └── ...

clinical/
├── us/
│   ├── policy/
│   │   └── ret-6y/
│   │       └── CLN-POL-001-patient-consent-v4.0.md
│   ├── sop/
│   │   └── ret-6y/
│   │       └── CLN-SOP-010-medication-reconciliation-v1.4.md
│   └── record/
│       └── ret-6y-plus-state/
│           └── ... (patient records by state law)
└── state-ca/
    └── record/
        └── ret-10y/
            └── ... (CA pediatric records - 10 years)

Filename Pattern

{PREFIX}-{TYPE}-{NUMBER}-{slug}-v{major}.{minor}.md

Examples:

HSP-POL-001-privacy-notice-v3.0.md
CLN-SOP-010-medication-reconciliation-v1.4.md
SEC-PROC-005-breach-response-v2.1.md

Prefix Guide

Prefix	Domain
`HSP`	Security/Privacy (HIPAA Security & Privacy)
`CLN`	Clinical
`ADM`	Administrative
`BIL`	Billing/Revenue
`RSH`	Research

Type Guide

Type	Description
`POL`	Policy
`PROC`	Procedure
`SOP`	Standard Operating Procedure
`FORM`	Form/Template
`LOG`	Log/Record

State-Specific Retention

State	Record Type	Retention
California	Pediatric records	10 years after 18th birthday
New York	General medical	6 years
Florida	General medical	5 years
Texas	General medical	7 years

Key Principle

The folder name ret-6y is advisory; the authoritative retention is in metadata and a central retention table.

Top-Level Layout​

Schema Reference​

Data Structure​

API Reference​

Endpoint Overview​

Folder Hierarchy​

Within Each Domain​

Retention Categories in Folder Names​

Example Structure​

Filename Pattern​

Prefix Guide​

Type Guide​

State-Specific Retention​

Key Principle​

References​