1 min read

The purpose of redaction in email chains

Picture of Kirsten Peremore Kirsten Peremore Oct 3, 2024 4:18:34 PM

Email security
Document text with sections redacted in black marker

The purpose of redaction in email chains is to remove sensitive or confidential information before sharing the email with others. When employing this practice private data remains protected while the rest of the email content is visible to the recipient. 

 

What is redaction? 

Redaction is the systematic process of editing a document to remove or obscure sensitive data like protected health information (PHI). The procedure often involves blacking out specific texts or deleting images, text, or data that could jeopardize privacy and security.

Related: What is the purpose of redaction in email chains?

 

How redaction works

Redaction in an email chain involves editing an email thread to remove sensitive or confidential information before sharing it with others. Redaction ensures private details like personal data or proprietary information are protected while allowing the rest of the email conversation to remain visible. The reason for this practice is discussed in the DPC Technology Watch Series, “Particular sets of email may contain private data, such as medical or health information, which the sender did not anticipate making public.”

How it works: 

  • The email chain is reviewed to locate sensitive information that must be protected. 
  • Sensitive health information that cannot be shared is identified and marked for redaction. 
  • Specialized redaction software to remove or obscure information is applied. 
  • The redacted email chain is double-checked to confirm all sensitive information is removed. 

 

Redaction in email chains and HIPAA compliant email 

Neither HIPAA nor the HITECH Act mention redaction explicitly. The closest topic to this is referenced in The Privacy Rule, which discusses the process of de-identification, a practice used to remove personal identifiers from PHI. The use of redaction, however, can still be considered a practical tool to comply with The Security Rule, for the protection of PHI from unauthorized access. Redaction can offer a method of deidentifying information when sharing documents, especially if certain information needs to be shared while other details must remain secure.

 

FAQs

What are the different types of de-identification? 

The two types of de-identification under HIPAA are the Safe Harbor and Expert Determination Methods. 

 

What is the Security Rule?

It is a HIPAA regulation that sets standards for protecting electronic PHI (ePHI) through administrative, physical, and technical security.

Download the HIPAA compliant email checklist

Download the HIPAA compliant email checklist
blue email icon with security lock

Email security resolutions for healthcare organizations in the new year

Lusanda Molefe : Jan 30, 2025 12:25:00 PM

As we step into 2025, healthcare organizations face increasing cybersecurity threats, with email remaining one of the most vulnerable attack vectors.

Email security
Read More
digital caution sign with magnifying glass

HIPAA and email security accountability

Picture of Kapua Iao Kapua Iao : Mar 5, 2025 5:24:40 AM

Email security accountability refers to the idea that individuals are responsible for safeguarding email messages and the data within. When it comes...

HIPAA compliant email Email security
Read More
Person in hoodie surrounded by digital data and code visualization

What is destructive malware?

Picture of Kirsten Peremore Kirsten Peremore : Nov 15, 2024 10:35:06 AM

Threat actors often choose to exploit the most commonly accessed and least protected points of entry into the networks of the organizations they...

Email security
Read More