Is Email Archival Required by HIPAA?
Tuesday, April 5th, 2022Customers often inquire if email archival is required by HIPAA regulations.
There is a great deal of confusion and uncertainty here because:
- HIPAA lists many requirements but does not provide specific instructions on implementing them. It’s ambiguous but provides a great deal of flexibility for organizations.
- Email archival adds a fixed cost to any email solution – and everyone prefers to avoid unnecessary costs.
- Due to time and budgetary constraints, many organizations want to do the minimum needed for compliance.
In our opinion, email archival is an implicit requirement of HIPAA for all organizations that send ePHI via email. In the next section, we’ll review why.
Read the rest of this post »