Problem solve Get help with specific problems with your technologies, process and projects.

HIPAA regulations concerning archived e-mail

Are there provisions contained within HIPAA regarding the retention/archiving of e-mail communications?

HIPAA doesn't specifically mention the retention of e-mails, however there is a six-year retention rule for security and privacy policies, procedures, documentation of complaints, etc. The purpose of this requirement is to help with follow up reference, complaint investigations, etc. There's certainly a lot of room for interpretation, but the bottom line is there's always a possibility that e-mail communications that come under review by HHS could be included in this requirement. Obviously, keeping a record of all e-mails is not going to be a simple task both from a procedural and technical perspective, but it could be in your organization's best interest. Having said all this, and graying the situation even more, this will ultimately have to be a business decision made by your upper management and legal counsel.

For more information on this topic, visit these other resources on SearchSecurity.com:
  • Ask the Expert: Encrypting e-mail and what is considered confidential under HIPAA
  • Ask the Expert: Securing e-mail under HIPAA
  • Featured Topic: HIPAA update

  • This was last published in June 2003

    Dig Deeper on HIPAA

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.