Healthcare Technology Featured Article

June 20, 2017

How to Ensure HIPAA Email Compliance Using Email Archiving

The Health Insurance Portability and Accountability Act (HIPAA) was designed specifically to protect medical information for all Americans. This legislation, while effective, has had a significant impact on the healthcare industry — particularly when it comes to digital communication and transference of medical data.

According to the U.S. Department of Health and Human Services, HIPAA “protects all ‘individually identifiable health information’ held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.”

In the healthcare field, this means total privacy protection for patients involving email correspondence with a doctor, the doctor’s office, the pharmacy and the insurance company, not to mention a variety of other information privacy scenarios.

For example, a busy physician’s practice with automatic email archiving may archive some emails containing Personal Health Information (PHI) along with a vast number of routine business emails that do not contain PHI. If the pooled archived material is stored in an unsecure manner, PHI may be readily available to anyone, which is a clear violation of HIPAA. If the older pooled archived data is eventually discarded, PHI may be accidentally discarded in a way that also violates HIPAA regulations.

So how do you ensure this critical patient information is safe and secure? And even more important, how do you ensure your healthcare-related business is in compliance with HIPAA?

The Importance of Email Archiving in the Healthcare Industry

If you’re an administrator within a healthcare-related organization responsible for information that includes PHI, then you are best served by implementing an email archiving solution within your existing technology infrastructure. Not only can an email archiver handle and store email communication, but it can keep this valuable information safe and in compliance with the various requirements included in HIPAA.

An email archiving solution can capture all emails that are sent and received from your email server, but the right solution should also have administrative rule sets that allow only authorized personnel to view these emails. Additionally, an archiving solution allows for enhanced audit and oversight — both of which are general provisions included in HIPAA.

But that’s just the tip of the iceberg. Email archiving allows for even more capabilities to ensure you’re in compliance with HIPAA.

Email Archiving is the Ultimate Data Loss Prevention Tool

With an archiving solution, an email that is sent or received is automatically captured, saved and indexed within the solution itself. This means any valuable data included in these emails, regardless of if those emails are deleted by the end user, are safe and secure.

Complying with HIPAA’s Data Retention Policies

In addition to privacy protection, HIPAA also features strict guidelines on how to dispose of PHI — meaning you can’t simply hit delete and expect your sensitive data is safe. Email archiving offers automated email retention in one centralized place. This is crucial, especially seeing as most companies have multiple departments and multiple users who are responsible for disposing of emails. Instead of having to worry about whether this is happening according to HIPAA regulations, an email archiving solution can take on the responsibility for you.

Archiving Allows for an Effective Legal & eDiscovery Approach

Knowing your emails are safe is one thing. Knowing how and where to find them is another. This is especially important when it comes to HIPAA compliance. An email archiving solution should feature a seamless search functionality that breaks down all barriers between you and the email you seek. Likewise, if legal is looking to conduct an audit for eDiscovery purposes, the search capabilities of an archiver should do the trick.

End User Storage Issues & Non-Compliance

End users, aka employees, are infamous for saving emails as PST files. This can be very problematic, especially in the healthcare industry. PST files are typically created by an end user who wants to save a copy of an email and then stored on a hard drive or corporate file server. This has obvious implications when it comes to sensitive emails containing PHI.

Email archiving eliminates the ability of an end user to create PST files altogether. Additionally, an archiver ensures all electronic emails and documents are secure and allows for eDiscovery in compliance with HIPAA regulations.

The use of an email archiver, whether virtual or a hardware archiving appliance, is a cost-efficient safeguard that is easy to use in multiple office locations and protects both your company and patients from concerns over access, integrity and content security issues.

About the Author

Azam Qureshi is the co-founder, president, and CTO of Intradyn, a leader in eDiscovery and archiving markets. Intradyn produces email and social media archiving products and solutions for small and mid-sized businesses, organizations and government agencies.

Edited by Alicia Young
By Special Guest
Azam Qureshi, Co-founder, President, and CTO of Intradyn ,

FREE eNewsletter

Click here to receive your targeted Healthcare Technology Community eNewsletter.
[Subscribe Now]