HIPAA compliance: Is email archiving necessary?
Email archiving is an automated process for preserving and protecting all inbound and outbound email messages (as well as attachments and metadata) so they can be accessed later. In other words, email archiving is storing and making them searchable.
Email archiving providers take this burden off organizations by storing emails on their servers while making them accessible to designated administrators in the organization. This is different than simply creating an email data backup. Data backups do not allow searching, so if a particular email needs to be found, it might take weeks for you to find it.
Is it required by HIPAA?
HIPAA delineates what covered entities need to do to maintain compliance, but it does not provide specific guidelines about how to do it. Email archiving is not explicitly mentioned anywhere in the regulations.
Under the HIPAA Security Rule, healthcare organizations have to...