When it comes to email archiving, healthcare organizations require capabilities that continuously meet stringent healthcare-related regulations including HIPAA, privacy regulations such as CCPA, and financial protections such as PCI DSS compliance. This is even more critical in 2020, when the health sector leads all industries in annual data breach costs – with a global average of $7.13 million! – due to federal and state regulations.
Taking HIPAA as an example, the HIPAA Security Rule demands that any electronic protected health information (PHI) must be protected to ensure its confidentiality and integrity; however, PHI must also always be available when it is needed. Email archives preserve an original, tamperproof copy of an email to preserve the integrity of email data. If your healthcare facility sets up its own email archiving solution, access and audit controls must be applied to ensure compliance. You must also carefully consider encryption if your organization will store the email archive within its own IT infrastructure.
Because every email solution for healthcare, whether it’s on-premises or in the cloud, needs strong anti-spam/anti-malware filtering, it makes sense to combine archiving and security into a single product. To address this growing demand, archiving was added to Security Gateway for Email Servers in version 6.0.
Security Gateway’s Integrated Archiving: Perfect for Healthcare
With Security Gateway 6.1, the integrated archiving feature received a major upgrade with the following new features for legal compliance and cloud email integration:
Security Gateway’s new Legal Hold feature will prevent emails from being deleted from the archive, regardless of any other settings, user permissions, or retention periods.
Minimum Archive Retention Period
As mentioned above, healthcare organizations must meet a variety of data retention laws, which can vary by country or region. In the United States, many businesses including those in the health sector must store archived emails in compliance with the following laws and retention policies:
- Health Insurance Portability and Accountability Act (HIPAA) – 7 Years
- Freedom of Information Act (FOIA – federal, state & local agencies) – 3 Years
- IRS Regulations (for all companies) – 7 Years
- Sarbanes Oxley Act (SOX – For all public companies) – 7 Years
- California Consumer Privacy Act (CCPA) – 12 months prior to date of request
- Department of Defense Regulations (for contractors) – 3 Years
- GDPR. More information here under “Email retention under GDPR”
To meet these and other constantly evolving regulations, administrators can assign a minimum retention period for all archived email messages. During this time, archived messages cannot be deleted regardless of any other settings or user permissions.
Here's a video overview of Security Gateway's encryption, data leak prevention & archiving features.
Improved Cloud/Hosted Email Integration for Microsoft Office 365 & Azure
Security Gateway’s automatic user creation feature helps reduce administrator workload by verifying whether an email sent to or from a local domain contains a valid email address, and then automatically adding the account once the email address has been verified. With Security Gateway 6.1, this process has gotten much easier for businesses using cloud email services, with a new option to verify users by querying Microsoft Office 365 or Azure Active Directory.
Other New Features
Other new features for Security Gateway include:
- Whitelist & Blacklist Search: A search field was added to the Whitelist and Blacklist screens to help administrators find listed email addresses more easily.
- Quarantine reports can now be sorted by score. This makes it easier to identify false-positives, which will likely have lower scores.
For the complete list of updates, please see the Security Gateway release notes.
If you aren’t yet protecting your healthcare-related email with Security Gateway for Email Servers, visit the Security Gateway product page for an overview of its features, or visit the Download page to download a free trial!
Security Gateway Hosted/Cloud services are also available.