Our new email retention policy takes effect on Monday, June 6; are you ready?

IT & Epic

Beginning on Monday, June 6, any emails older than 90 days will be automatically deleted from Outlook; this is a change from our previous Ballad Health policy of 180 days.

So if you have any emails you want to save that are at least three months old, make sure before Monday that you save them to somewhere outside of your Outlook account so they will not be deleted. Please be proactive in saving important emails before they reach their expiration date, knowing that the 90-day period updates every day.

See the tip sheet posted below for how to safely save emails.

This change for our Outlook email retention is one of several Ballad Health cybersecurity policies we’ve updated recently as we work to keep our patients and team members as safe as possible from cybersecurity risks. Make sure you are aware of these updates and are prepared.

For reference, here’s a review of our updated cybersecurity policies

Email retention and mailbox management

  • Effective June 6, emails older than 90 days, instead of 180 days, will be removed from Outlook.
  • This will apply to any folders team members have created within the email system. Emails that need to be preserved must be relocated.
  • Personal email addresses will no longer be added to the Ballad Health Global Address List (GAL).

Email communication

  • Ballad Health email should not be used for personal use.
  • Your Ballad Health passwords cannot be the same or similar to passwords for any of your personal accounts.

Computer access codes

  • Password length should be at least eight characters, but the use of passphrases with spaces separating words is encouraged. For example, instead of your password being “VirginiaHas4Seasons!”, the same password as a passphrase would be “Virginia Has 4 Seasons!” A passphrase is simply a password with spaces separating the words.
  • Your Ballad Health password must be changed every 180 days.
  • The Ballad Health domain is the primary domain used for all user authentications, and if accounts exist on other domains (e.g., wmdomain1.wellmont.org, msha-inc.org, mylmc.org), the passwords on all accounts must be different.
  • If you attempt to reset your password and incorrectly answer your security questions, you will need to call the IT Service Desk to unlock your account.
  • Anytime a password needs to be communicated to other personnel, the password must be sent using an encrypted protocol (e.g., Secure Email, Secure FTP, etc.). This would apply to new team members receiving their password for the first time.
  • Any password you use for a Ballad Health account cannot be identical to or similar to any password used for a personal account.

Even a small failure in cybersecurity practices could create a weakness that ripples out, severely affecting our whole health system and inhibiting our ability to care for patients. With your help, we can keep our team members and patients safe.

Resources

  • Click here to read a list of frequently asked questions about our changes.
  • Click here to see a tip sheet about how to safely save emails you want to preserve past the 90-day deadline.
  • Click here to read our updated Ballad Health email retention and mailbox management policy.
  • Click here to read our updated Ballad Health email policy.
  • Click here to read our updated Ballad Health computer access codes/password management policy.