I recently had a routine medical checkup and as I was signing in I always look over to see if they have an old fax machine sitting somewhere. It’s rare that you see a stand-alone fax machine as most offices have online faxing and multi-function printer integration. At some point a medical assistant asked one of the ladies at the desk if the fax needed a cover sheet. The woman at the desk quickly assured her that all faxes get coversheets no matter what. “All Faxes get cover sheets! No exceptions…ever!”.
It’s good to see that my doctors office takes HIPAA seriously as ignorance of the laws are not an excuse any longer. HIPAA has been around since 1996 so we have had over 20 years to get it right however we are still talking about it and struggling with compliance.
It’s not just doctors offices that have to deal with these directives either. Pharmacies, therapists, hospitals and even insurance companies have HIPAA Fax requirements.
Some of these rules are obvious like all fax machines are to be placed in a secure area and not publicly accessible. Many faxes are digital and just saving them to the local hard drive or “G Drive” is not enough either. A lack of technical knowledge or inadequate IT budgets can lead to massive HIPAA fines.
A recent HIPAA violation that made headlines was Affinity Health Plan and their used copier. They returned a copier after a lease was complete and failed to wipe the hard drives. Over 350,000 patient records were exposed. HHS fined them $1.2 million. It could have been worse. All because an IT admin didn’t know or didn’t have a solid HIPAA compliant IT plan for disposing of devices that contain ePHI. It was only found because the copier leasing office checked the hard drives. How many times has this happened and not been reported?
Faxing doesn’t have to be complicated. Now with integrated Multi-function printers and Print to Fax drivers your organization’s fax platform can be seamlessly integrated into your EMR.
IT budgets are tight and enterprise fax is a critical element in every medical environment. Don’t cut corners or ignore the common sense HIPAA Fax guidelines.
Btw, here are the penalties for a HIPAA Violations:
- Tier 1: A violation that the covered entity was unaware of and could not have realistically avoided, had a reasonable amount of care had been taken to abide by HIPAA Rules
- Minimum fine of $100 per violation up to $50,000
- Tier 2: A violation that the covered entity should have been aware of but could not have avoided even with a reasonable amount of care. (but falling short of willful neglect of HIPAA Rules)
- Minimum fine of $1,000 per violation up to $50,000
- Tier 3: A violation suffered as a direct result of “willful neglect” of HIPAA Rules, in cases where an attempt has been made to correct the violation
- Minimum fine of $10,000 per violation up to $50,000
- Tier 4: A violation of HIPAA Rules constituting willful neglect, where no attempt has been made to correct the violation
- Minimum fine of $50,000 per violation