Is your fax provider HIPAA Compliant?

Sending protected health information in electronic format (ePHI) by fax is permitted within HIPAA, provided that appropriate measures be taken to guard against unauthorized access to that information. So what exactly are appropriate measures? We'll go into detail and discuss what a HIPAA Compliant fax service is.

HIPAA LOGOThe Health Insurance Portability and Accountability Act of 1996 (HIPAA) instituted a set of rules intended to maintain the security of patient information, formally known as “protected health information” (PHI). Healthcare providers, insurance companies, and other “covered entities” have often turned to fax to transmit PHI because it’s so much more secure than e-mail and many other forms of electronic communication.

Modern fax technology has come a long way since the days of dedicated fax machines and copper phone lines. Today’s web-connected electronic fax has far greater capabilities. Even with all of the different options that are available, though, fax is highly secure and extremely dependable.

Sending protected health information in electronic format (ePHI) by fax is permitted within HIPAA, provided that appropriate measures be taken to guard against unauthorized access to that information. So what exactly are appropriate measures? It starts with selecting the right vendor. Look for a company that understands healthcare and HIPAA in particular.

Many providers of electronic fax will tell you that they are HIPAA compliant, but not all fax vendors are created equal. Here’s what you should look for:

  • Industry-standard security: Good security practices begin with encryption. When data is in transit, TLS encryption is the industry standard. For data “at rest”, – that is, data that is stored so that it can be viewed later, – AES 256-bit encryption is preferred.
  • Security-certified data centers: Look for a fax provider that hosts its systems within Tier III data centers with SSAE16 SOC 2 Certifications; and which use fingerprint scanning, video surveillance, and other high-security access control systems and processes.
  • A security-first company culture: Security must be a proactive endeavor. Before trusting a third party with valuable patient information, ask what they are doing in an organization to build a culture of security awareness. What kind of training do they provide? Are there strict policies and procedures in place to control access to information?
  • Commitment to HIPAA compliance: Companies that are serious about protecting patient data should be willing to sign a Business Associate Agreement (BAA). The BAA, which may sometimes be referred to as a “Business Associate Contract”, is a formal agreement in which both parties acknowledge the confidentiality of PHI and take responsibility for protecting it.

This last point is especially important. Under HIPAA, any company that comes into contact with PHI while performing work on your behalf is defined as a Business Associate, and you must therefore have a BAA in place with them. WestFax can provide an industry-standard BAA agreement, or if you prefer, we will enter into a custom BAA agreement tailored to meet your requirements.

Your fax platform provides a critical communication link between your organization, the outside organizations with which you must share PHI, and the patients whom you serve together. In addition to selecting a vendor that thoroughly understands HIPAA compliance, personnel within your own organization must clearly understand good security practices, receive regular training, and follow policies and procedures designed to protect PHI from unauthorized access.

At WestFax, we take pride in exceeding expectations when it comes to the security of private patient information. Privacy and security are at the forefront of everything that we do, including our business practices, policies, procedures, and personnel training. With multiple options to integrate fax into your processes and applications, we offer maximum interoperabilityfor organizations that manage patient information on a day-to-day basis.

Sign up today for a free trial of WestFax’s HIPAA Basic plan; or if you’d like to sign up for one of our plans, visit our Healthcare Fax page to learn more.

Need more information? Contact us at 800-473-6208 and we can help you better understand which plan will work best for you.

Discover more