HIPAA requires organizations to store data securely and ensure no unauthorized access to data takes place. It also requires retention of medical records, policies, and other documents for up to six years. While HIPAA doesn't directly refer to emails, emails containing these data might be subject to the retention period.
How Exchange Reporter Plus helps
Exchange Reporter Plus helps you comply with HIPAA by allowing you to:
Track non-owner mailbox logons
View details about undelivered emails
Monitor the traffic of messages sent and received by users
Audit deleted and moved emails
Locate messages by keywords in their subject or body
To access these reports:
Go to the Reporting tab.
Click the Compliance category.
View the reports listed under HIPAA.