The dental attorneys at Nardone Limited in Columbus, Ohio, continuously monitor recent trends in the law in order to better serve our clients. In the wake of the recent Sony Corp. data breach, the security of e-mails and other electronically stored information has become a major concern for businesses, both big and small. In a dental practice, the privacy of your patients, employees, and associates should be of the utmost importance. Nardone Limited’s dental attorneys continuously stress the importance of implementing a formal policy for record retention. In our prior article, “Having an Effective Record Retention Policy Can Help Save Time, Money, and Trouble,” we recommended that dental practices should permanently retain all files. A record retention policy can help a dental practice streamline business, employee, and patient procedures, improving the overall efficiency and organization of the practice. To ensure that your dental practice is avoiding potential liabilities, every file, record, and document should be accounted for, from the moment it is created, until it becomes obsolete. But what effect should this have on e-mails?

The recent string of high-profile data breaches has shifted the public’s focus to cybersecurity, especially in regards to electronically stored communications, such as e-mails. E-mail is a vital communication tool for almost any business and is often used as an electronic “filing cabinet,” where employees can easily store and retrieve information and attachments. Many dental practices utilize e-mail in the same manner, communicating within the practice, as well as with patients and other third parties. Traditionally, well-established companies will implement an e-mail deletion policy that calls for the automatic deletion of e-mails after a set period, typically after 90 or 120 days. With the startling success of hackers in breaching Sony’s defenses, many legal analysts and computer experts are now making the argument for a more prompt destruction of non-essential e-mails.

In light of this developing trend, our dental attorneys recommend that dental practices adopt the practice of deleting e-mails after 30 days. One possible option, for instance, is to program your e-mail software to automatically delete messages after 30 days, unless they are manually placed, or archived, in a special “safe” folder. Adopting such a practice will ensure that private communications are properly deleted, while still allowing the option of storing any e-mails that need to be kept longer. While this is not a perfect defense against hackers, it is an excellent start towards protecting your dental practice’s patients and employees.

Setting Up Your E-Mail to Automatically Delete: Microsoft Outlook 

Programming your dental practice’s e-mail software to automatically and permanently delete unwanted e-mails after 30 days provides a line of defense against data hackers, allowing you to protect your patients and your business. To demonstrate how to set up an automatic deletion system, known as “AutoArchiving,” we have provided step-by-step instructions on how to do so within Microsoft Outlook, a commonly used e-mail application.

When operating in Microsoft Outlook, the necessary steps are as follows:

1. On the left side of your Outlook screen, right-click on any folder icon that you want to customize (i.e., Inbox, Drafts, Sent Items, etc.) and select “Properties.”

2. Click on the “AutoArchive” tab.

3. Under the “AutoArchive” tab, you can customize your e-mail server archive/delete settings, including the ability to save or delete items after a set period of time (days, weeks, months).

4. If you wish to have e-mails automatically deleted from a certain folder, select “Archive this folder using these settings” and select your desired amount of time (we are recommending 30 days, or 1 month).

5. It is important to select “Permanently delete old items,” if you wish for the e-mail messages to be deleted, rather than archived.

Nardone Limited Comment: It is important to note that these steps apply only to Microsoft Outlook. If your dental practice utilizes a different e-mail server, however, the process is likely to be similar. Dental practitioners should consult with an IT professional before taking these steps, to ensure that this is the most efficient method and is a viable option for your specific dental practice.

When establishing a record retention policy, it is important to include electronic communications, such as e-mails. Recent data breaches have demonstrated that it is no longer wise or safe to indefinitely store e-mails. Therefore, it is important to implement a system that automatically deletes unnecessary e-mails and messages after a set period of time, while allowing for the retention of necessary e-mails. Proper e-mail maintenance and organization will help protect your patients, employees, and dental practice from unwanted leaks, and will streamline your business as a whole.