The Administrative Simplification Requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 have impacted health care providers who do business electronically, as well as many of their health care business partners. Electronic transactions and patient information stored on computer systems must be reliably recorded with the ability to access that information quickly. Health providers should perform audits documented risk analysis and risk management programs regularly.
The HIPAA Privacy Rule requires a HIPAA covered entity to maintain adult patients' records for six years, for two years if a patient passes away. When a child is born in a healthcare facility, the organization must retain that child's records until he reaches 18 years old in all U.S. states and territories, except American Samoa (14), Alabama and Nebraska (19), Mississippi and Puerto Rico (21). Some state laws require that records be retained for an even longer period. New Hampshire, for example, requires that facilities maintain newborns' records for 25 years and North Carolina requires that adult records be kept for 11 years.
MessageSolution Compliance Archiving & Data Redaction for PHI & HIPAA, designed to retain electronic documents for HIPAA 6-year data retention compliance requirement and ensure the confidentiality and protection of private healthcare information.
HIPAA also requires that electronic protected health information (EPHI) be stored in a secure location that keeps employees from tampering with EPHI. Information security is a growing concern within the health care industry; cases of employees’, sometimes high level employees, illegally obtaining patients’ confidential information continue even with the implementation of HIPAA. These cases show that many health care providers are still not doing enough to protect patients’ private health information and financial transactions. Health care providers can do more to ensure that patients feel their information is securely protected.
What Can Our Archiving Solutions Do?
Information technology policies are an important aspect of HIPAA compliance; it’s only fitting that technology can help overcome the health care industry’s compliance challenges. By using next-generation archiving technology to implement and monitor internal and external controls, health care providers can guarantee information security and achieve HIPAA compliance.
Archive Records for HIPAA Compliance
MessageSolution provides customers in the health care industry with robust email archiving and file archiving options to facilitate HIPAA compliance. Using real-time archiving, Enterprise Email Archive stores all internal, inbound and outbound communications and files indefinitely in a secure, centralized repository. Once installed, both Enterprise Email Archive and Enterprise File Archive automate records retention policy and EPHI access controls, giving IT administrators back valuable time. The archive volume grows slowly, due to high compression rates and single instance archiving. If the archive volume outgrows your storage hardware, simply add another. Enterprise Email Archive and Enterprise File Archive are both compatible with all major storage hardware devices, from direct attached disk to NSA to EMC Centera.
The archiving process is transparent for end-users. Employees attempting to open stubbed emails will be able to view the email or attachment exactly as it originally appeared, without lengthy retrieval times. The user interface is extremely intuitive, with no learning curve involved. The navigation field is shallow and dashboard style, much like an email client. For a screenshot of our browser-based search interface, along with our Outlook and Lotus Notes integration features, see the back page of our Email Archiving Data Sheet.
Although the archiving process is transparent and user-friendly, it also ensures that users’ activities are carefully regulated. The archive regulates internal auditing and provides HR support, maintaining a log of all archiving processes, along with users’ search and retrieval activities within the archive. The archive even sends alert emails to the archive administrator if a user attempts to violate policy. Enterprise File Archive and Enterprise Email Archive’s system controls minimize the occurrence of fraudulent activities and allow management to locate consistent attempts at violating policy in order to take appropriate actions.
End-users’ archive privileges can range from extremely limited to very generous. Limited users may only be allowed search and retrieval within their own archived data. Users with full capabilities can search the entire organization’s archived data and restore data to the email server. Full capabilities are useful for legal departments and internal auditors, while lower-level employees may only require limited capabilities. The archive’s settings are highly granular, allowing the administrator to create and apply policies for entire departments as well as individual employees.
Electronic Protected Health Information is secure in MessageSolution’s email archive and file archive storage repositories. If the archive administrator were to attempt to open an historical file from the archive’s back-end storage, the admin would see only binary. Archived data is truly tamper-proof and can be stored on multiple devices for back up. Hierarchical storage settings allow you to designate multiple repositories. Archived data, while secure from tampering while within the archive, can all be returned to its original format. MessageSolution’s file conversion tool is a highly unusual feature in the archiving industry. Data archived in Enterprise Email Archive or Enterprise File Archive is not lost forever in a proprietary format—we believe customers should have the freedom to do what they want with their own data.
For more information, visit our pages on archiving for compliance, electronic discovery, storage, and user management.
Features Benefiting the Health Care Industry:
Information is backed up and secured from tampering or unauthorized access
Granular policy application and access controls
Real-time archiving stores a copy of every email and attachment as it enters and leaves each mailbox
Search and access the archive through your email client ( Enterprise Email Archive Suite Edition only ), archive interface and email client web-based access
Archived data are not altered and can be restored to original state
Quick restoration of data
Some of Our Valued Customers in the Health Care Industry:
A&I Benefits Insurance for HIPAA Compliance
Neuroscience and Spine Associates
Small Bone Innovations Inc
Wyoming State Department of Health
Wyoming State Medical Center