There is a great deal of confusion and uncertainty here because:
- HIPAA by its nature is vague, listing many things that you need to do, but not saying how. This makes things flexible and workable, if ambiguous.
- Email Archival generally adds cost to any email solution — and everyone prefers to avoid unnecessary costs.
- Most want to do the minimum needed for compliance due to time and budgetary constraints.
In our opinion, Email Archival is an implicit requirement of HIPAA for all organizations that utilize email for the sending or receipt of ePHI should invest in. In the next section, we’ll review why.
Read the rest of this post »