WestFax – The right partner to handle your sensitive HIPAA data
As all healthcare practitioners know, HIPAA compliance requires more than just a technology solution. Providing positive control of Protected Health Information (ePHI) requires a disciplined approach to security that permeates business practices, policies, procedures and personnel training.
WestFax goes beyond the normal technology assurances. We embed security policies and standards compliant practices in our everyday operations to guarantee the privacy, integrity, availability and accessibility of your electronic Protected Health Information (ePHI).
How we do it:
Our Technology – WestFax uses the best encryption and security appliance protections available.
- The highest level of TLS encryption available for data in transit either through our secure website or secure API interfaces.
- At rest AES 256 bit encryption of ePHI data to guarantee privacy and prevent disclosure from intrusion.
- We support TLS protected SMTP email with optional REQUIRE TLS extension in accordance with the IETF RFC 3207.
- FTPS and SFTP with TLS for safe and secure transport of documents to and from your existing servers.
- Comprehensive HTTPS API allows for easy and flexible integration of systems.
Our Facilities – Providing assurance of data access is more than just a network connection. It is a fully redundant approach to facilities, internet connectivity, firewalling and physical protection.
- Our highly secure Tier III data centers maintain SSAE16 SOC 2 Certifications to provide physical control of your ePHI data.
- Fingerprint scanning and video surveillance.
- Redundant and fault tolerant power and HVAC systems ensuring system performance and availability.
- Redundant internet connections and carrier class firewalling and security.
- Comprehensive compliance support that includes FISMA High / NIST 800-53, HIPAA, PCI-DSS Level 1, SOC 2 Type II, and SOC 3.
Our Process – Policies and procedures are paramount to maintaining a secure environment.
- We implement strong administrative and operational controls to protect customer data within our production system systems. Obeying the Principle of Least Privilege.
- Extensive security and incident response training to prevent security breaches.
- Comprehensive auditing and verification to continually monitor and improve security posture.
Our Personnel – We start with a knowledgeable and reliable staff and provide ongoing training and resources to ensure your data privacy.
- Routine training regarding access and disclosure of ePHI.
- Policy and Procedure training is at the heart of what we do.
- Annual Security Risk Assessment (SAR) audit.
Our Commitment – WestFax is dedicated to supporting the compliance needs of our customers.
- We will provide an industry standard BAA agreement or will enter into a custom BAA agreement tailored to your needs.
- Our BAA agreement satisfies the Health and Human Services (HSS) standards for Health Information Privacy (HIP). https://www.hhs.gov .