Subscribe to our newsletter

Posts Tagged ‘email archiving’

Benefits of an In-house Email Archiving Solution

Friday, April 15th, 2011

Much is said about the relative benefits of cloud computing. The ability to offload the responsibility of maintaining IT infrastructures, email archiving, system upgrades, patching and IT departments is an attractive one. But it isn’t necessarily the right one.

Software as a Service (SaaS) makes a compelling case for using cloud computing to solve many computing problems. There is a low startup cost, monthly billing, low overheads, and reliable systems. It turns what is a considerable investment into an annualized cost. However, it isn’t for everybody. Large organizations with existing infrastructures will benefit little from offloading some services to outside vendors.

There are two main advantages for keeping the email archive in-house. Security and convenience.

Security is a consideration for all of us. It has been the most-used term in our country since 9/11. In this context is was Enron that caused the word to be used around business, and particularly, email. It wasn’t the only high profile case in Wall Street that caused scandal, but it was the highest profile one.

You don’t have to deal in PFI or financial data to need an effective email archiving system nowadays. FRCP, SOX, HIPAA and FINRA are only four of many pieces of legislation that demand businesses from all industries maintain a coherent email archiving system in order to facilitate court proceedings.

Email data has become the new DNA evidence in civil and criminal litigation. Some e-discovery requests are fishing trips, some are to procure evidence, others are just for the sake of it. Whatever the motive behind them, companies still have to comply within a short space of time.

Many companies don’t want to offload that responsibility to a third-party. They want to maintain their own email security, and control how, when and where their email data is archived and stored.

Convenience should not be understated. The ability to integrate an email archive into an existing system is a great convenience. It means it can run in tandem with other services, piggy-back the network, be stored locally, and within the security confines of a secure network.

It’s also useful to have your own people, people you trust, manage and monitor your company’s email traffic. That’s true of any company, not just those who are transmitting secure emails or proprietary information over networks.

Some companies just want to control everything that goes on within their environment. That may not necessarily be for any specific reason, just because they can, or want to. That’s a laudable reason, as long as the email archive works, and abides by the appropriate legislation. It contains a significant overhead in time, money and resources, but some companies are more comfortable than others expending it.

The ability to completely control your own email traffic, manage your own email archive and satisfy any e-discovery request is an overriding factor in many decisions to manage email in-house. After all, when the buck stops with you, you may as well control the outcome first.

Tags: , , , , ,
Posted in hipaa email | No Comments »

HIPAA and email

Tuesday, March 17th, 2009


As discussed last time HIPAA email is regarded as anything that contains any information relating to your medical records.  They don’t have to be the records themselves, they can be anything from your address or phone number, date of birth, social security number, next of kin, insurance information administrative or otherwise and even your admission information for any medical visits or stays.

It isn’t only clinics, hospitals or doctors that are subject to this.  Your employer is too if you have a health or medical plan.  If email is becoming an increasingly popular medium for transmitting your information then it is logical that those mails are stored somewhere.  Companies who handle this kind of information have to have an information storage strategy that complies with HIPAA and many other pieces of legislation.  Many companies handle this in-house with their existing staff and infrastructure.

Some outsource this burden to companies like Archive Compliance who will take care of their secure storage for them.  Companies like this have to demonstrate that their storage and retrieval methods are secure to be able to remain in business.

This method may not be palatable to everyone as you are paying out, but own nothing.  One the other hand you are paying someone to take all the hassle out of not just HIPAA email storage but all of your email storage needs.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Uncategorized | No Comments »

HIPAA and you

Thursday, March 12th, 2009


Information is a commodity increasingly in demand.  Having access to people’s health information would be like the holy grail to a criminal or even an insurance company.  With the medical profession becoming increasingly digital there is even more opportunity for your private information to go missing.

Some medical practitioners will now consult by email.  Medical records can be transferred like this too.  This can leave people with an uncomfortable feeling, knowing their innermost medical secrets are floating around the ether.  HIPAA email is regarded as anything that contains any information relating to your medical records.  They don’t have to be the records themselves, they can be anything from your address or phone number, date of birth, social security number, next of kin, insurance information administrative or otherwise and even your admission information for any medical visits or stays.

We live in a defensive society where we have to be on our guard all the time, in real life and online.  Information privacy is a big issue that gets lots of attention for good and for bad.  Imagine how much your personal medical information is worth to somebody if it fell into the wrong hands.  What mischief could they do?

All electronic communication that relates even loosely to medical records is covered under the HIPAA.  The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established federal regulations that require all organizations that manage Protected Health Information (PHI) to safeguard the privacy and security of their data.

This Act isn’t restricted to clinic or healthcare businesses.  Any organization that sends or receives Personal Health Information (PHI) is subject to this compliance legislation.  Although the legislation has been in force for a while, a 2006 survey of more than 300 healthcare providers and subscribers found that only about half of them are compliant with the HIPAA Security standards.

The pertinent part of the HIPAA is the Privacy Rule.  Wikipedia says this about it;

“The Privacy Rule

The Privacy Rule took effect on April 14, 2003, with a one-year extension for certain “small plans.” The HIPAA Privacy Rule regulates the use and disclosure of certain information held by “covered entities” (generally, health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions.) It establishes regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information held by a covered entity which concerns health status, provision of health care, or payment for health care that can be linked to an individual.  This is interpreted rather broadly and includes any part of an individual’s medical record or payment history.

Covered entities must disclose PHI to the individual within 30 days upon request.  They also must disclose PHI when required to do so by law, such as reporting suspected child abuse to state child welfare agencies.

A covered entity may disclose PHI to facilitate treatment, payment, or health care operations or if the covered entity has obtained authorization from the individual.  However, when a covered entity discloses any PHI, it must make a reasonable effort to disclose only the minimum necessary information required to achieve its purpose.

The Privacy Rule gives individuals the right to request that a covered entity correct any inaccurate PHI.  It also requires covered entities to take reasonable steps to ensure the confidentiality of communications with individuals.  For example, an individual can ask to be called at his or her work number, instead of home or cell phone number.

The Privacy Rule requires covered entities to notify individuals of uses of their PHI. Covered entities must also keep track of disclosures of PHI and document privacy policies and procedures.  They must appoint a Privacy Official and a contact person responsible for receiving complaints and train all members of their workforce in procedures regarding PHI.

An individual who believes that the Privacy Rule is not being upheld can file a complaint with the Department of Health and Human Services Office for Civil Rights (OCR).  However, according to the Wall Street Journal, the OCR has a long backlog and ignores most complaints. “Complaints of privacy violations have been piling up at the Department of Health and Human Services. Between April 2003 and Nov. 30, the agency fielded 23,896 complaints related to medical-privacy rules, but it has not yet taken any enforcement actions against hospitals, doctors, insurers or anyone else for rule violations. A spokesman for the agency says it has closed three-quarters of the complaints, typically because it found no violation or after it provided informal guidance to the parties involved.”

(Wikipedia, Health Insurance Portability and Accountability Act, 2009)

So you see that there is protection and enforcement out there if your information does go missing.  However this Act doesn’t prevent your information going missing in the first place…


Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Uncategorized | No Comments »