- Access controls: enables different levels of access to data to be granted based on an employee’s job function.
- End-to-end encryption: ensures that data is secure while it is at rest and in motion.
- Audit controls: keeps a record of what data is accessed, how frequently it is accessed, and who accessed it.
- User authentication: ensure that users are who they appear to be by requiring them to input login credentials to access the system.
- Proper data disposal: ensures that, should you cancel your software subscription, your data is deleted in accordance with HIPAA requirements.
Fax.Plus offers these advanced security controls for users on their Enterprise plan, but they need to be activated by the end user.
Is Fax.Plus HIPAA Compliant: Business Associate Agreements
Since Fax.Plus has the potential to access the PHI transmitted through their service, they are considered a HIPAA business associate. As a business associate, they must be willing and able to sign a business associate agreement in order to be permitted to work with healthcare clients. Business associate agreements (BAAs) must be signed before using Fax.Plus to fax protected health information. Fax.Plus states on their website that they will sign a BAA with their Enterprise level clients.
Is Fax.Plus HIPAA Compliant?
Is Fax.Plus HIPAA compliant? Yes, but only for Enterprise level clients that have enabled Fax.Plus advanced security controls, and have a signed business associate agreement in place. However, it is important to also use a HIPAA compliant fax cover sheet for all of your faxes containing PHI as they prevent unauthorized individuals from inadvertently viewing the fax.
For more information on Fax.Plus and HIPAA, please click here.