As discussed last time HIPAA email is regarded as anything that contains any information relating to your medical records. They don’t have to be the records themselves, they can be anything from your address or phone number, date of birth, social security number, next of kin, insurance information administrative or otherwise and even your admission information for any medical visits or stays.
It isn’t only clinics, hospitals or doctors that are subject to this. Your employer is too if you have a health or medical plan. If email is becoming an increasingly popular medium for transmitting your information then it is logical that those mails are stored somewhere. Companies who handle this kind of information have to have an information storage strategy that complies with HIPAA and many other pieces of legislation. Many companies handle this in-house with their existing staff and infrastructure.
Some outsource this burden to companies like Archive Compliance who will take care of their secure storage for them. Companies like this have to demonstrate that their storage and retrieval methods are secure to be able to remain in business.
This method may not be palatable to everyone as you are paying out, but own nothing. One the other hand you are paying someone to take all the hassle out of not just HIPAA email storage but all of your email storage needs.
