CloudFirst

Secure Infrastructure & Software as-a-Service Provider

  • 631.608.1200
  • Request A Quote
  • Support:
  • 877.525.4477
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
MENUMENU
  • Solutions
    • IBM i

      • ezHost
      • ezVault
      • ezAvailability
      • ezRecovery
      • ezSecurity
      • Systems Management
    • AIX

      • ezHost
      • ezVault
      • ezAvailability
      • ezRecovery
    • Intel: Windows/Linux

      • ezHost
      • ezVault
      • ezAvailability
      • ezRecovery
  • Support Services
  • Voice & Data
  • Partner Program
    • Partner Overview
    • Become a Partner
    • Partner Marketplace
  • Resources
    • Blog
    • White Papers
    • Case Studies
    • Glossary
  • About Us
    • Company Overview
    • Data Centers
    • Management Bios
    • Testimonials
    • Careers
    • Investor Relations
  • Contact

Email Archiving: Complying with HIPAA Requirements

August 3, 2017

In the field of healthcare, there is no relationship more sacred than the one between the doctor and the patient, and a breach of doctor-patient confidentiality is a grave offense. In the healthcare and health insurance sectors, email archiving is considered one way of safeguarding protected health information (PHI) and patients’ personal information.

Protected health information is defined by the U.S. Department of Health and Human Services as information about a patient’s health status, healthcare measures provided, and payment for such measures that is collected by a doctor, hospital, health insurance company, or other entities that have access to a patient’s medical history or otherwise provide healthcare to a patient. 

In 2015, there was a large data breach that involved millions of patient records. Aside from revealing the health status and treatment regimens of the affected patients, the breach also brought with it the risk of such information being used for illegal activities, such as obtaining free medical treatment and insurance fraud. In fact, it is estimated that the value of PHI is higher than credit card information. Thus, there is a need for secure methods of storing and transmitting patient data.

While the Health Insurance Portability and Accountability Act (HIPAA) does not close the door on the use of email to send protected health information and email archiving systems to store it, the HIPAA does have very strict requirements for access to the PHI, transmission and communication of PHI, the integrity of PHI when it is not in transit, accountability for the message, and access to the PHI while it is being sent from one entity to another.

Right after the latest amendments to HIPAA were enacted, secure instant messaging was a viable alternative to email as a means of transmitting PHI and personal information. However, the sheer volume of medical data and the six-year retention period specified by HIPAA meant that email and email archiving were to become integral parts of communicating patient data, especially for large entities such as hospitals, insurance providers, and research institutes.

Thus, these healthcare entities are looking at encrypted email archiving systems to protect PHI and other related data. Encrypted email archiving works by encrypting all emails at the source before they are stored in the archive server. Email encryption also ensures that the content of the electronic record is indexed immediately, making future access to the information easy.

Whether an email archive is operated by the healthcare entity itself or by an external provider, it must adhere to certain guidelines specified in the HIPAA. These include not just retention and deletion periods, but also internal IT network security specifications, virtual private networks, secure wireless access, physical security, risk assessment and management, and audit controls. They also cover workstation and device security, workforce management, training, and documentation.

Patients’ protected health information and personal information are far too important to be stored on unencrypted email archiving servers. Therefore, before a healthcare provider decides to implement an archiving system in-house or off-site, they must check if the vendor of the system or the email archiving service provider complies with HIPAA requirements.

Filed Under: Uncategorized

Primary Sidebar

Search

Recent Posts

  • Blasting Away Old Spool Files Off the POWER Box with SQL
  • Cloudfirst’s Getting Ready for IBM i Cloud Migration Guide Featured in IT Jungle
  • IBM i 7.5 Announcement: The Future of Power Systems
  • Securing IBM i When Migrating to the Cloud
  • Network Considerations when Migrating IBM i Systems to the Cloud

Categories

  • AIX
  • Backup
  • Business Continuity
  • Cloud Computing
  • Cloud Hosting
  • Compliance
  • Data Privacy
  • Data Protection and Recovery
  • Data Storage
  • Disaster Recovery
  • Featured Articles
  • IBM i
  • Information Technology
  • Managed Services
  • Security
  • Uncategorized

Do You Need More Information?

Contact Us
  • 631.608.1200
  • Request A Quote
  • Support:
  • 877.525.4477

Solutions

  • ezHost
  • ezVault
  • ezAvailability
  • ezRecovery
  • Systems Management

Support Services

  • Support Services

Partner

  • Partner Program
  • Become a Partner

Resources

  • Blog
  • White Papers
  • Glossary

About Us

  • Company Overview
  • Data Centers
  • Management Team
  • Careers
  • Investor Relations
  • Contact
ISO 27001 Certified

©2022 CloudFirst – All Rights Reserved – Privacy Policy