It’s the question that’s been on everyone’s mind: how should you fax sensitive, medical data? (Ok, maybe not everyone.)
For those who do rely on faxing to transmit PHI, however, the following practical points may keep you from running afoul of HIPAA compliance requirements:
1. Faxing may be a traditional means of transmitting data, but it is particularly susceptible to being intercepted – unless additional safeguards are added (we’ll discuss these later).
Typical telephone lines are simply not secure; in addition, misdialing a fax number can send your sensitive data to a completely unintended location. (Think how easily you’ve ms-dialed a simple phone number in the past). All it takes is one wrong digit, and you could have a major breach of data on your hands.
Take the extra few moments to confirm your fax number is correct!
2. PHI that sits on a fax machine, unattended, is an invitation for disaster.
Think of it as akin to opening a very personal, “FOR YOUR EYES ONLY” letter, then leaving it face up on the kitchen table for anyone who walks by to see. To avert this, senders should practice extra diligence to confirm the “sending transaction” is complete.
“Completion” means confirming with a quick call to the recipient that the transmission was received, safe and sound.
3. Use a cloud fax service, like HIPAA FAX.
It will encrypt your document in a secure transmission – unlike the standard manual fax machine you’re used to – as well as provide a record of the transmission for an audit trail (a HIPAA requirement). Note: This solution protects your data on your end, though the recipient will still be responsible for safeguarding the data once received.
4. Be sure a cover sheet is used, especially when transmitting PHI.
A cover sheet will include the name of the recipient and recipient’s fax number, date and time sent, Sender’s name, organization, and phone number. This should be standard practice for a Cloud Fax Provider, but confirm that this is so.
In addition, cover pages sent with sensitive data should also have a Confidentiality Statement on them, such as the following:
The documents accompanying this facsimile transmittal are intended only for the use of the individual or entity to which it is addressed. It may contain information that is privileged, confidential, and exempt from disclosure under law. If the reader of this message is not the intended recipient, you are notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you are not the intended recipient, you are hereby notified that law strictly prohibits any disclosure, copying, distribution, or action taken in reliance on the contents of these documents. If you have received this fax in error, please notify the sender immediately to arrange for the return of these documents.
From what has been said, the benefits of using a HIPAA compliant cloud fax service should be apparent. Not only can it result in cost savings in the long run, but will bring greater peace of mind as you simplify and protect the process of sending and receiving faxes. And with the added security, storage, and automatic record of transactions, you’ll have the needed information of transactions required in a HIPAA audit.
HIPAA Vault is the leading provider of HIPAA compliant, managed cloud solutions, enabling healthcare providers to secure their sensitive, protected health information from data breaches and security vulnerabilities. For more information on HIPAA Managed Hosting and Cloud Solutions, contact HIPAA Vault today!