Data Storage Corporation

Secure Infrastructure & Software as-a-Service Provider

  • 212.564.4922
  • Request A Quote
  • Support
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
MENUMENU
  • Solutions
    • IBM i

      • ezHost
      • ezVault
      • ezAvailability
      • ezRecovery
      • ezSecurity
      • Systems Management
    • AIX

      • ezHost
      • ezVault
      • ezAvailability
      • ezRecovery
    • Intel: Windows/Linux

      • ezHost
      • ezVault
      • ezAvailability
      • ezRecovery
      • Storage Solutions
      • IBM Power Systems
  • Support Services
  • Voice & Data
  • Partner Program
    • Partner Overview
    • Become a Partner
    • Partner Marketplace
  • Resources
    • Blog
    • White Papers
    • Case Studies
    • Glossary
  • About Us
    • Company Overview
    • Data Centers
    • Management Bios
    • Testimonials
    • Careers
    • Investor Relations
    • Board of Directors
    • Board of Advisors
  • Contact

Email Archiving: Complying with HIPAA Requirements

August 3, 2017

In the field of healthcare, there is no relationship more sacred than the one between the doctor and the patient, and a breach of doctor-patient confidentiality is a grave offense. In the healthcare and health insurance sectors, email archiving is considered one way of safeguarding protected health information (PHI) and patients’ personal information.

Protected health information is defined by the U.S. Department of Health and Human Services as information about a patient’s health status, healthcare measures provided, and payment for such measures that is collected by a doctor, hospital, health insurance company, or other entities that have access to a patient’s medical history or otherwise provide healthcare to a patient. 

In 2015, there was a large data breach that involved millions of patient records. Aside from revealing the health status and treatment regimens of the affected patients, the breach also brought with it the risk of such information being used for illegal activities, such as obtaining free medical treatment and insurance fraud. In fact, it is estimated that the value of PHI is higher than credit card information. Thus, there is a need for secure methods of storing and transmitting patient data.

While the Health Insurance Portability and Accountability Act (HIPAA) does not close the door on the use of email to send protected health information and email archiving systems to store it, the HIPAA does have very strict requirements for access to the PHI, transmission and communication of PHI, the integrity of PHI when it is not in transit, accountability for the message, and access to the PHI while it is being sent from one entity to another.

Right after the latest amendments to HIPAA were enacted, secure instant messaging was a viable alternative to email as a means of transmitting PHI and personal information. However, the sheer volume of medical data and the six-year retention period specified by HIPAA meant that email and email archiving were to become integral parts of communicating patient data, especially for large entities such as hospitals, insurance providers, and research institutes.

Thus, these healthcare entities are looking at encrypted email archiving systems to protect PHI and other related data. Encrypted email archiving works by encrypting all emails at the source before they are stored in the archive server. Email encryption also ensures that the content of the electronic record is indexed immediately, making future access to the information easy.

Whether an email archive is operated by the healthcare entity itself or by an external provider, it must adhere to certain guidelines specified in the HIPAA. These include not just retention and deletion periods, but also internal IT network security specifications, virtual private networks, secure wireless access, physical security, risk assessment and management, and audit controls. They also cover workstation and device security, workforce management, training, and documentation.

Patients’ protected health information and personal information are far too important to be stored on unencrypted email archiving servers. Therefore, before a healthcare provider decides to implement an archiving system in-house or off-site, they must check if the vendor of the system or the email archiving service provider complies with HIPAA requirements.

Filed Under: Uncategorized

Primary Sidebar

Search

Recent Posts

  • Things to Consider When Choosing an IBM i Cloud Hosting Provider
  • The Risks of IBM i Cloud Migration
  • Benefits of IBM i Cloud Migration
  • FailSafe Cloud Access
  • The Benefits of Cloud SD-WAN as a Failsafe

Categories

  • AIX
  • Backup
  • Business Continuity
  • Cloud Computing
  • Cloud Hosting
  • Cloud Solutions
  • Disaster Recovery
  • IBM iSeries
  • Uncategorized

Ready to Try?

Get a 14-Day No Commitment Recovery Cloud Backup Trial.

Sign Up Today

Get Started

Quick Quote

Request Info

Do You Need More Information?

Contact Us
  • 212.564.4922
  • Request A Quote
  • Support

Solutions

  • ezHost
  • ezVault
  • ezAvailability
  • ezRecovery
  • ezMonitor for IBM i

Support Services

  • Support Services

Partner

  • Partner Program
  • Become a Partner

Resources

  • Blog
  • White Papers
  • Glossary

About Us

  • Company Overview
  • Data Centers
  • Management Team
  • Careers
  • Investor Relations
  • Contact

©2020 Data Storage Corporation – All Rights Reserved – Privacy Policy