The purpose of redaction in email chains is to remove sensitive or confidential information before sharing the email with others. When employing this practice private data remains protected while the rest of the email content is visible to the recipient.
Redaction is the systematic process of editing a document to remove or obscure sensitive data like protected health information (PHI). The procedure often involves blacking out specific texts or deleting images, text, or data that could jeopardize privacy and security.
Related: What is the purpose of redaction in email chains?
Redaction in an email chain involves editing an email thread to remove sensitive or confidential information before sharing it with others. Redaction ensures private details like personal data or proprietary information are protected while allowing the rest of the email conversation to remain visible. The reason for this practice is discussed in the DPC Technology Watch Series, “Particular sets of email may contain private data, such as medical or health information, which the sender did not anticipate making public.”
How it works:
Neither HIPAA nor the HITECH Act mention redaction explicitly. The closest topic to this is referenced in The Privacy Rule, which discusses the process of de-identification, a practice used to remove personal identifiers from PHI. The use of redaction, however, can still be considered a practical tool to comply with The Security Rule, for the protection of PHI from unauthorized access. Redaction can offer a method of deidentifying information when sharing documents, especially if certain information needs to be shared while other details must remain secure.
The two types of de-identification under HIPAA are the Safe Harbor and Expert Determination Methods.
It is a HIPAA regulation that sets standards for protecting electronic PHI (ePHI) through administrative, physical, and technical security.