Comment by nxobject
I agree – there is precedent in the medical industry: in the US, providers that take Medicare and Medicaid require retention of patient records for at least 5 years for both portability and audit purposes. If that principle's sound (at least for portability), it may be a good argument to extend that to healthcare applications that reach a certain threshold of substantial content.