HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Secure Email Archiving for Medical Records

Secure Email Archiving for Medical Records

Archiving Medical Records Securely

Due to the space often consumed by Protected Health Information (PHI) attached to emails, secure email archiving for medical records is a solution used by many healthcare organizations to release internal resources. One of the benefits of archiving medical records securely is that the indexing process enables healthcare organizations to save time and money when retrieving patient data, when complying with requests for e-discovery, or when fulfilling audit obligations under HIPAA.

Secure email archiving for medical records is not a condition of HIPAA. However, under the HIPAA Security Rule, healthcare organizations have to retain emails containing PHI – or emails with attachments containing PHI – for a minimum of six years. During this time, safeguards have to be put in place to prevent the unauthorized disclosure of medical records, their improper alteration or deletion.

Outsourcing Secure Email Archiving for Medical Records

Because of the space required to archive potentially many millions of emails, many healthcare organizations chose to outsource secure email archiving for medical records to third party service providers. HIPAA compliance is a key factor when evaluating service providers, as any service provider offering the facility for archiving medical records securely must have the mechanisms in place to comply with the HIPAA Security Rule.

Providing an encrypted service while storing emails is not enough. Encryption must also be used during the export and retrieval processes to protect PHI in transit and prevent “man in the middle” attacks. Service providers also have to implement HIPAA compliant access controls and audit controls to ensure the integrity of PHI at all times, and – as they have access to the healthcare organization´s medical records – sign a Business Associate Agreement.

How Archiving Medical Records Securely Prevents Data Breaches

According to the latest Ponemon Institute annual survey on healthcare data privacy and security, more than 50% of PHI breaches are attributable to the actions or negligence of employees. Whereas in previous years many of the breaches of PHI were due to lost or stolen mobile devices and USB flash drives, a trend has been identified of dishonest employees stealing medical records to sell on the black market.

Insider data theft is a major concern for many healthcare organizations. The value of medical records on the black market is higher than stolen credit cards as the opportunities exist to create fake identities, obtain free medical treatment and commit insurance fraud. By archiving medical records securely, and granting retrieval permission only to authorized personnel, healthcare organizations can mitigate the risk of a data breach due to an employee stealing medical records.

Speak with TitanHQ about Secure Email Archiving for Medical Records

Since 1999, TitanHQ has been a leading developer of security software for the healthcare industry. Our security solutions have helped healthcare organizations avoid web-borne threats, eliminate spam and – through our ArcTitan cloud-based email archiving solution – securely archive emails containing PHI or emails with attachments containing PHI.

ArcTitan is a solution for the secure email archiving of medical records that is easy to set up and straightforward to manage, yet offers customizable role management, active directory integration, a full reporting suite and automatic backup. The feature-rich solution for archiving medical records securely enables authorized personnel to safely search and retrieve emails from any location using an intuitive browser-based portal. Other features of ArcTitan secure email archiving for medical records include:

  • Cloud-based solution deployed on AWS.
  • All passwords are hashed and encrypted for added security.
  • LDAP, iMail, Google and Windows single sign on authentication.
  • Granular access controls to assign user roles.
  • Search within all common attachment types.
  • Compatible with all major mail servers and email services.
  • Searches more than 30 million emails within a second.
  • Restore emails from ArcTitan to your mail server as required.
  • Scalable to more than 60,000 users.
  • Full email audit functionality.

Immediate Access

Privacy Policy