Managed Email Services for Business
Managed Email Services for Business
US legal requirementsIn the U.S., the Health Insurance Portability and Accountability Act (HIPAA), mandates that personally identifiable patient data must travel through secure channels. The Graham-Leach-Bliley Act requires that confidential information must be sent securely.
The U.S. Sarbanes-Oxley Act of 2002 holds the management in charge of corporate disclosures personally accountable for its actions. The Act amends mail and wire fraud infractions with harsher punishments and imposes fines and prison sentences of up to 20 years for anyone who knowingly alters or destroys a record or document with the intent to obstruct an investigation. Email messages and attachments are treated by the courts as business records that must be retained to achieve regulatory compliance.
Affects any organisation that deals with healthcare, such as healthcare providers, health and life insurance companies, public health authorities, self-ensured employers, universities, and various other healthcare-related organisations.
Email security and retention is required for notifications, claims, and other electronic documents relating to healthcare, such as enrolment or un-enrolment, plan eligibility, payments, coordination of benefits, injury reports, and various other transactions.
Warnings are often given for first time offenders, but if an offender repeats the same offence, there is a possibility of a penalty fine of up to $25,000. A larger fine of up to $250,000 may be given if there is evidence of knowingly misusing individually identifiable health data.
At the end of 2002, 5 US banks were fined a total of $8.25m for the inadequate retention of email communications.
