Are there provisions contained within HIPAA regarding the retention/archiving of e-mail communications?
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
HIPAA doesn't specifically mention the retention of e-mails, however there is a six-year retention rule for security and privacy policies, procedures, documentation of complaints, etc. The purpose of this requirement is to help with follow up reference, complaint investigations, etc. There's certainly a lot of room for interpretation, but the bottom line is there's always a possibility that e-mail communications that come under review by HHS could be included in this requirement. Obviously, keeping a record of all e-mails is not going to be a simple task both from a procedural and technical perspective, but it could be in your organization's best interest. Having said all this, and graying the situation even more, this will ultimately have to be a business decision made by your upper management and legal counsel.
For more information on this topic, visit these other resources on SearchSecurity.com:
Dig Deeper on HIPAA
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.