Are there provisions contained within HIPAA regarding the retention/archiving of e-mail communications?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
HIPAA doesn't specifically mention the retention of e-mails, however there is a six-year retention rule for security and privacy policies, procedures, documentation of complaints, etc. The purpose of this requirement is to help with follow up reference, complaint investigations, etc. There's certainly a lot of room for interpretation, but the bottom line is there's always a possibility that e-mail communications that come under review by HHS could be included in this requirement. Obviously, keeping a record of all e-mails is not going to be a simple task both from a procedural and technical perspective, but it could be in your organization's best interest. Having said all this, and graying the situation even more, this will ultimately have to be a business decision made by your upper management and legal counsel.
For more information on this topic, visit these other resources on SearchSecurity.com:
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.