Published on June 22, 2017
This is the second blog post in a series that describes how Hushmail for Healthcare supports HIPAA compliance for your healthcare practice.
One of the confusing areas of HIPAA for many healthcare professionals is the topic information and document retention. Specifically, how long you are required to retain protected health information and other records related to your policies and procedures.
Hushmail for Healthcare has a built-in email archive feature—an account we create that automatically keeps a record of all emails sent and received by all users in a domain. We do this to help support your HIPAA compliance. But what, exactly, does HIPAA compliance require?
HIPAA has no retention requirements for medical records themselves. However, there are many situations and other government bodies—state laws, health plans, health and safety codes, etc.—that do require you to retain such information for certain periods of time. For these situations, the archive account is invaluable.
HIPAA does have retention requirements around your compliance and privacy policies. It provides that documentation such as policies and procedures, security risk analyses, complaint and resolution documentation, etc., must be retained for six years.
The value of the Hushmail archive is that in the event of an audit, you have a record of all the communications that took place within your domain. Having the records helps to provide evidence of your compliance with the HIPAA documentation requirements. Also, in the event that a client or a court requires records pertaining to a particular client, the archive provides easy access to every interaction.
Our Hushmail for Healthcare plans come configured for HIPAA compliance right out of the box. Learn more about how our healthcare plans can help you be HIPAA compliant.