Fax technology remains a tried-and-true method for exchanging highly confidential information. Even in this age of email, SMS text messages, and numerous other digital tools, – fax is still the most secure. That’s why it continues to be the most trusted means of communication for covered entities that must comply with HIPAA’s Privacy Rule.
With the advent of cloud productivity, fax has entered a new era. Gone are the days when every office had a dedicated fax machine sitting in the corner, occasionally emitting high-pitched tones and spitting out roles of curly paper. Today’s fax is convenient. It’s connected to the cloud. It can even be mobile enabled; allowing users to send and receive documents from virtually anywhere.
With secure cloud fax, HIPAA Compliance Officers have access to an audit trail of all incoming and outgoing transmissions. Users can easily retrieve their documents, without ever having to search through hard-copy files. If you don’t understand the implications of storing digital faxes on a non-compliant server, though, this can get you in trouble.
In order to fully comply with the HIPAA Privacy Rule, covered entities must see to it that protected health information (PHI) is secured against unauthorized access at all times, wherever it may be located. For organizations that depend on fax communications, that means safeguarding information both when it is “in transit” and “at rest.”
That second requirement, – that is, securing information that is “at rest”, – points to a weakness that many healthcare organizations might overlook. Namely, PHI must only be stored on HIPAA compliant servers. But what does that mean, exactly?
First, you need to work with service providers who understand HIPAA. Technology companies must adhere to the same strict security guidelines that apply to your own organization. In other words, they must acknowledge that they are being entrusted with confidential patient information, and that they have a duty to protect it from unauthorized access.
By signing a Business Associate Agreement with your organization, these third-party vendors are accepting legal liability for meeting HIPAA standards. E-mail providers, file sharing services, Internet service providers (ISPs), and companies that provide cloud fax technology must all be held to these standards. It is unwise to risk working with a company that doesn’t thoroughly understand HIPAA.
HIPAA’s Security Rule establishes certain standards for encryption, for example. If you’re storing unencrypted digital faxes, whether they’re on cloud-based or on-premise servers, you’re potentially exposing PHI to unauthorized parties. That makes you potentially guilty of a HIPAA violation, even if no one ever gained access to that information.
The best HIPAA compliant fax service providers take physical security seriously as well. If the servers where you store your digital faxes are located in a data center, for example, then it’s possible that on-site staff could gain access to them. A truly proactive approach includes secure server cages that prevent unauthorized parties from physically accessing the servers and hard drives where PHI is stored. 24×7 video surveillance, on-site security personnel, and biometric access control virtually guarantee that PHI is fully secured.
Today, sending and receiving faxes has never been easier or more convenient. Fax technology has also never been more secure, provided that you’re working with a secure cloud fax company that understands HIPAA and has built a reputation for excellence among healthcare organizations. As with any other technology service provider, it’s important to use a cloud fax service that understands HIPAA inside and out, can work with you to customize a solution for your needs, and is committed to bulletproof HIPAA compliant security.