Sending protected health information in electronic format (ePHI) by fax is permitted within HIPAA, provided that appropriate measures be taken to guard against unauthorized access to that information. So what exactly are appropriate measures? We'll go into detail and discuss what a HIPAA Compliant fax service is.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) instituted a set of rules intended to maintain the security of patient information, formally known as “protected health information” (PHI). Healthcare providers, insurance companies, and other “covered entities” have often turned to fax to transmit PHI because it’s so much more secure than e-mail and many other forms of electronic communication.
Modern fax technology has come a long way since the days of dedicated fax machines and copper phone lines. Today’s web-connected electronic fax has far greater capabilities. Even with all of the different options that are available, though, fax is highly secure and extremely dependable.
Sending protected health information in electronic format (ePHI) by fax is permitted within HIPAA, provided that appropriate measures be taken to guard against unauthorized access to that information. So what exactly are appropriate measures? It starts with selecting the right vendor. Look for a company that understands healthcare and HIPAA in particular.
Many providers of electronic fax will tell you that they are HIPAA compliant, but not all fax vendors are created equal. Here’s what you should look for:
This last point is especially important. Under HIPAA, any company that comes into contact with PHI while performing work on your behalf is defined as a Business Associate, and you must therefore have a BAA in place with them. WestFax can provide an industry-standard BAA agreement, or if you prefer, we will enter into a custom BAA agreement tailored to meet your requirements.
Your fax platform provides a critical communication link between your organization, the outside organizations with which you must share PHI, and the patients whom you serve together. In addition to selecting a vendor that thoroughly understands HIPAA compliance, personnel within your own organization must clearly understand good security practices, receive regular training, and follow policies and procedures designed to protect PHI from unauthorized access.
At WestFax, we take pride in exceeding expectations when it comes to the security of private patient information. Privacy and security are at the forefront of everything that we do, including our business practices, policies, procedures, and personnel training. With multiple options to integrate fax into your processes and applications, we offer maximum interoperabilityfor organizations that manage patient information on a day-to-day basis.
Need more information? Contact us at 800-473-6208 and we can help you better understand which plan will work best for you.
We all recognize that patient privacy is important, but in many cases HIPAA violations simply occur when healthcare providers often overlook some of the gaps in the processes and tools they use to manage patient information. Here are some tips for making sure your medical office is doing everything possible to remain HIPAA compliant.
Dropbox is a popular service for storing and sharing files. Covered entities subject to HIPAA should approach Dropbox cautiously, though, just as they would with any other technology platform.