Health Insurance Portability Accountability Act (HIPAA) is dedicated towards maintaining integrity of patient health information (PHI) across every medium of communication, including emails. Though HIPAA puts forth some standards for sending PHI via emails, it doesn’t lay down specific regulations regarding email archiving. However, it does recommend archiving emails in a safer and comprehensive manner since archiving of emails (carrying PHI) contributes towards making e-PHI more secure.
Why should covered entities archive emails?
• Compliance – the Six-Year Retention Rule in HIPAA makes it mandatory to maintain PHI records for at least six years and this is applicable to electronic PHI or e-PHI too. This applies to all entities handling patient information, including insurance firms, healthcare providers, clearing houses and employers providing healthcare benefits. Since the mandated preservation period for PHI is six years, the archiving medium should be highly capable and dexterous to allow easy retrieval of emails over a long period.
• Litigation Support – every covered entity needs to secure itself against the possibility of litigations that are very common in the healthcare industry. During litigation-based research, PHI data, stored and indexed properly as a part of email archives is a handy solution.
• Guarding Against the Future – most analysts believe that HIPAA regulations regarding e-mail communications carrying PHI are very likely in the near future. Thus, updating your organization from an email-archiving perspective is inevitable.