HIPAA

The Health Insurance Portability and Accountability Act of 1996 is a United States Act of Congress

HIPAA stipulates how personally identifiable information (and specifically PHI - protected health information) maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and addressed some limitations on healthcare insurance coverage.

HIPAA does not expressly require covered organisations to implement email archiving, however it present many requirements that necessitate a robust eDiscovery solution and the 'security rule' requires that they retain all electronic communications that contain HIPAA related documents, including policies for a minimum of six years.

Covered organisations must also encrypt PHI both in transit and at rest and implement access and audit controls prevent inappropriate access, alteration or deletion.

The Archive supports HIPAA compliance by:

Hosting in HIPAA compliant AWS datacentres.
Encrypting all archived data in transit and at rest.
Allowing custom retention policies, so HIPAA related emails can be retained for 6 years or more.
Providing fully auditable activity logs showing who has accessed what data.

Note that organisations subject to HIPAA may ask their archiving service provider (or reseller/MSP) to sign a Business Associate Agreement (BAA). This is a written agreement that lays out each party's responsibilities in protecting PHI and makes the archiving provider liable to HIPAA penalties.

PreviousSOX NextMigrations

Last updated 1 year ago

Was this helpful?