What Are HIPAA Requirements for eFax Services?
To determine if MyFax is HIPAA compliant, it is important to understand what HIPAA requires of eFax services. To be HIPAA compliant, efax services must have safeguards in place to ensure the confidentiality, integrity, and availability of the electronic protected health information (ePHI) transmitted through their service. HIPAA compliant efax services include encryption, access controls, audit controls, and transmission security to do so.
- Access Controls: to limit access to ePHI, administrators must be able to implement access controls. Access controls limit ePHI access to only those employees who require access based on their job function.
- Audit Logs: to ensure that ePHI is only accessed by authorized parties, efax services must enable audit logs. Audit logs track ePHI access enabling administrators to detect when ePHI is being accessed in an unauthorized manner.
- Encryption: to prevent unauthorized access to ePHI, electronic faxes must be encrypted. Encryption masks sensitive data making it unreadable to unauthorized parties.
- Transmission Security: it is important that efax services enable transmission security. efax services must utilize a virtual private network to connect to a secure server when transmitting faxes containing ePHI.
The service provider must also be willing and able to sign a business associate agreement (BAA) with their healthcare clients. Even the most secure efax service is not considered HIPAA compliant if they don’t sign BAAs with their healthcare clients. A BAA is a legal contract between a healthcare organization and their business associate, requiring each signing party to be HIPAA compliant, and to be responsible for maintaining their compliance.
Is MyFax HIPAA Compliant?
Is MyFax HIPAA compliant? No, MyFax is not HIPAA compliant. While MyFax offers a secure efax service, they don’t sign BAAs with their healthcare clients. However, MyFax’s parent company owns another electronic fax service that is HIPAA compliant, “eFax.”