When HIPAA was signed into law in 1996, modernizing and streamlining medical records access goals were part of the primary focus of the law. That same year, it became possible to send faxes over the internet. Today you’re more likely to see old-style telephone fax machines in a museum than in an office. Internet faxing (or efaxing) has become the preferred choice for most businesses.
Faxing may not be as popular, but there are still times when it makes the most sense. Healthcare providers and the vendors who serve them must be sure that any service they use to transmit patient data meets the standards of HIPAA. What should you look for in a HIPAA compliant fax service?
HIPAA Compliant Fax Services – The Basics
How an organization manages patients’ protected health information (PHI), both in physical and electronic (ePHI) formats, is the core of HIPAA compliance.
HIPAA rules and regulations require the same standards of privacy and security for PHI in any form: whether files are in paper or electronic format and whether they are stored in filing cabinets, hard drives, server farms, or mobile computing devices.
The method of protecting this information varies widely based on its format. But HIPAA compliance is a pass/fail exercise. There is no such thing as partial credit. Each year, covered entities and business associates must conduct a security risk assessment of 5-6 audits to identify potential gaps in HIPAA compliance.
Part of that risk assessment is an audit of all devices used to store and process ePHI. The HIPAA Security Rule also requires minimum data security standards.
The HIPAA Privacy Rule establishes standards regarding access to ePHI by staff and accidental exposure. All guidelines and standards of HIPAA must be met to achieve compliance.
The Best HIPAA Compliant Fax – Things to Remember
The HIPAA standards for internet fax services are the same as those for document scanning. It’s not surprising since both actions involve converting a physical document to an electronically transmissible format.
Suppose investigators from the Department of Health and Human Services Office for Civil Rights audits your organization. In that case, you must be able to demonstrate what happened to patient PHI before, during, and after the faxing process.
Here are three “must haves” for the best HIPAA compliant fax services:
- Data Security
The HIPAA Security Rule requires minimum standards, including firewalls, 24-hour network monitoring, encryption, and advanced antivirus programs. Zero-trust tools, like multi-factor authentication, are a minimum requirement for maintaining security. - PHI Privacy
In some ways, internet faxing is more secure than the old-fashioned phone-based faxing systems. But you must still control access to patient PHI so that only those who need to see it can do so. You also need to be sure that faxes containing PHI are sent to the right people. - Document Recovery
Disasters happen. Whether natural or man-made, an effective document recovery plan is the difference between minutes of downtime and months of rebuilding information. Everyone entrusted with PHI should have practical and realistic disaster recovery plans in place.
HIPAA Compliant Fax Services – Final Thoughts
Many services out there that promise HIPAA compliance but take the time to investigate their claims. Whether you’re looking for HIPAA compliant fax solutions, you don’t have to go it alone.
Compliancy Group has reviews of MyFax, Fax.Plus, and eFax on our site. Our automated compliance solution can help your organization establish a culture of compliance that eliminates the worry about fulfilling the requirements of HIPAA.