The purpose of redaction in email chains

The purpose of redaction in email chains is to remove sensitive or confidential information before sharing the email with others. When employing this practice private data remains protected while the rest of the email content is visible to the recipient. 

What is redaction? 

Redaction is the systematic process of editing a document to remove or obscure sensitive data like protected health information (PHI). The procedure often involves blacking out specific texts or deleting images, text, or data that could jeopardize privacy and security.

Related: What is the purpose of redaction in email chains?

How redaction works

Redaction in an email chain involves editing an email thread to remove sensitive or confidential information before sharing it with others. Redaction ensures private details like personal data or proprietary information are protected while allowing the rest of the email conversation to remain visible. The reason for this practice is discussed in the DPC Technology Watch Series, “Particular sets of email may contain private data, such as medical or health information, which the sender did not anticipate making public.”

How it works: 

• The email chain is reviewed to locate sensitive information that must be protected. 
• Sensitive health information that cannot be shared is identified and marked for redaction. 
• Specialized redaction software to remove or obscure information is applied. 
• The redacted email chain is double-checked to confirm all sensitive information is removed. 

Redaction in email chains and HIPAA compliant email 

Neither HIPAA nor the HITECH Act mention redaction explicitly. The closest topic to this is referenced in The Privacy Rule, which discusses the process of de-identification, a practice used to remove personal identifiers from PHI. The use of redaction, however, can still be considered a practical tool to comply with The Security Rule, for the protection of PHI from unauthorized access. Redaction can offer a method of deidentifying information when sharing documents, especially if certain information needs to be shared while other details must remain secure.

FAQs

What are the different types of de-identification? 

The two types of de-identification under HIPAA are the Safe Harbor and Expert Determination Methods. 

What is the Security Rule?

It is a HIPAA regulation that sets standards for protecting electronic PHI (ePHI) through administrative, physical, and technical security.