Q

HIPAA regulations concerning archived e-mail

Are there provisions contained within HIPAA regarding the retention/archiving of e-mail communications?

HIPAA doesn't specifically mention the retention of e-mails, however there is a six-year retention rule for security and privacy policies, procedures, documentation of complaints, etc. The purpose of this requirement is to help with follow up reference, complaint investigations, etc. There's certainly a lot of room for interpretation, but the bottom line is there's always a possibility that e-mail communications that come under review by HHS could be included in this requirement. Obviously, keeping a record of all e-mails is not going to be a simple task both from a procedural and technical perspective, but it could be in your organization's best interest. Having said all this, and graying the situation even more, this will ultimately have to be a business decision made by your upper management and legal counsel.


For more information on this topic, visit these other resources on SearchSecurity.com:
  • Ask the Expert: Encrypting e-mail and what is considered confidential under HIPAA
  • Ask the Expert: Securing e-mail under HIPAA
  • Featured Topic: HIPAA update

  • This was first published in June 2003

    Dig deeper on HIPAA

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close