Email Archiving Legal Requirements

HIPAA stands for Health Insurance Portability and Accountability Act also called data protection laws, it is created to provide data processing and security requirements for securing medical information of patients.  Under HIPAA guidelines each business associate as well as covered entities retain the follow data for at 6 six years from creation date or last effective date and it depends on whichever happens to be later.

What the Law Requires

  1. A written or electronic record of an agency being classified as a CE (e.g. health plan, associated company, etc.) or BA.
  2. Information protection and privacy policies and procedures set in place to comply with HIPAA.
  3. All of the recorded situations, activities and evaluations required by HIPAA.
  4. Both data use agreements and other ways that endorse compliance with HIPAA.
  5. Both signed authorizations and, where appropriate, written confirmations of receipt of a notice or evidence of good faith attempt to obtain such written recognition.
  6. Notice of Privacy Policies for organizations that are expected to provide it.
  7. Designated record sets which are subject to individual access.
  8. Information Security and Privacy Policies.
  9. Employee Sanction Policies.
  10. Incident and Breach Notification Documentation.
  11. Complaint and Resolution Documentation.
  12. Physical Security Maintenance Records.
  13. Logs Recording Access to and Updating of PHI.  IT Security System Reviews (including new procedures or technologies implemented).

HIPAA says that cover entities must report any guidance, plan, action or evaluation carried out in order to comply with HIPAA policies. HIPAA Retention Requirements also knew as addressable requirements just a division of the widespread list which applies to CEs and their business associates. HIPAA makes a distinction between HIPAA-related medical and non-medical records that must be viewed separately.

Federal e-mail archiving regulations are intended to protect both your business and your clients. Whenever a court case is filed, achieved email can serve as great significant evidence.