1. Regulations concerning patient record confidentiality

  2. Why faxes will continue in healthcare

  3. Barriers to having HIPAA compliant faxes

  4. Tips for HIPAA compliance using a traditional fax machine

  5. Benefits of web-based faxing to ensure HIPAA-compliant faxes

  6. GFI Software solutions to help ensure HIPAA compliant faxes

  7. Blogs

  8. HIPAA compliant fax resources


What are the regulations concerning patient record confidentiality?

In the last 30 years, many countries have introduced legislation to ensure patient record confidentiality. One notable initiative was the Privacy Rule portion of HIPAA (Health Insurance Portability and Accountability Act), enacted in United States in 1996. The security provision of HIPAA demands that healthcare providers take reasonable care to protect the confidentiality of protected healthcare information (also known as PHI).

IT professionals in the healthcare industry have found HIPAA compliance to be an ongoing challenge, as they have to figure out how to securely authenticate, transmit and store confidential medical documents and patient data. In fact, an entire industry has grown up around products and services designed to help organizations meet the HIPAA data protection requirements. This plethora of rules and regulations might lead the public to believe that their medical secrets are safe, but the sheer amount of data makes security a daunting task.

There are well over one billion healthcare visits per year in the US and each healthcare interaction generates data about patients that is used, shared and analyzed. Effective healthcare requires this data to be routinely shared among general practitioners, specialists, clinics, pharmacists, hospitals, health insurers, governmental agencies and others. These one-billion-plus healthcare visits result in an estimated 30 billion healthcare transactions per year. 1 Conservative estimates say half of these transactions are fax-based.2

1_regulations.jpg


Why faxes will continue in healthcare

It was once thought that standalone fax machines would be replaced with email messaging. But email can’t always guarantee to be as secure a form of communication as faxing. For example, an email message and its content might be archived on any number of servers. Email transmission of information also runs into problems with compliance agencies and regulations, such as HIPAA, that require greater security. Unlike emails, a fax cannot be used to carry a virus, phish or harm a company’s network security.

It’s estimated that there are about 125 million fax machines in use in the world today, and close to six million new purchases each year.3 According to a 2012 survey, 85 per cent of U.S. businesses make use of faxing in some form.4

There are three main reasons why faxing is still important to organizations:

  1. To obtain a phone line and a fax machine is still the simplest and least technical way for a healthcare provider to begin communicating with the outside world.

  2. Many companies, especially those in the healthcare, legal and insurance space, are required to transmit medical documents and patient data via fax because of compliance concerns.

  3. Companies are maintaining legacy applications, such as purchasing and billing systems, which are only able to transmit a document via fax.

2_why.jpg

Because faxing will be around for the foreseeable future, health care providers are looking for ways to securely transmit protected health information (PHI) via fax. Unfortunately, using a traditional fax machine can be a cumbersome process to create HIPAA-compliant faxes.


What is a HIPAA compliant fax?

Faxing is explicitly named in the HIPAA code as an acceptable method to transmit medical records, test results and other healthcare information and instructions.5 Its Privacy Rule allows health care providers to transmit confidential information as long as they use “reasonable safeguards.” While the definition of a “reasonable safeguard” can unfortunately vary, one certainty is that transmitting a HIPAA compliant fax is difficult using a traditional fax machine.

Barriers to having HIPAA compliant faxes

When using a traditional fax machine, providers must be extremely cautious and establish strict faxing protocols to avoid a security breach. Simply keying in one wrong digit on a fax machine could send protected health information (PHI) to an unintended destination. The HIPAA journal reported that seven doctors’ offices in Texas accidentally faxed PHI to the wrong fax number.6 Names, medical histories, medical results and other types of PHI were sent to a local radio station. One of the highest compliance fines assessed were due to HIPAA violations – the New York-Presbyterian Hospital and Columbia University for $4.8 Million.7

HIPAA guidelines suggest confirming unknown fax numbers before sending, though this may be difficult for larger healthcare institutions that have hundreds of individual fax machines in use.

Limits vary by jurisdiction, but a common requirement is to hold patient treatment information, such as medical results, for seven to ten years. The actual time may even be longer. An institution may need to keep records of a minor until the patient reaches the age of majority for the jurisdiction.

3_barriers.jpg

These legal retention requirements are challenging for paper-based records such as faxes. Printed patient files can take up considerable space. They may be lost due to theft or disasters (such as fire). Printed ink pages can degrade within the legal archiving time requirement. Additionally, searching for information is time-consuming if done manually. An institution also runs the risk of faxes not being attached to a patient’s record when required to produce proof of information.


Tips for HIPAA compliance using a traditional fax machine

Some PHI safeguards for traditional fax machines include:

  1. Confirm the fax number with the intended recipient when faxing PHI to a telephone number that is not regularly used.

  2. Call the recipient to make sure their fax machine is not in a public area and is in a protected location.

  3. If you know you will be receiving PHI via fax, ask the person faxing you to give you advanced notice so that you will be around to immediately remove the pages from the fax machine.

  4. Pre-program frequently used numbers directly into the fax machine to avoid misdialing.

  5. When faxing PHI, don’t leave the fax machine until the transmission is complete.

  6. Use printed cover sheet pages with the approved HIPAA statement for all PHI faxes.

  7. Include a confidentiality statement on fax cover pages when the fax includes PHI.

  8. Keep an accurate audit trail of every fax involving PHI to avoid fines for non-compliance.

4_tips.jpg


Benefits of web-based faxing to ensure HIPAA-compliant faxes

Working with traditional fax machines to produce HIPAA compliant faxes adds a burden to an already heavy workload for frontline staff. Because of this, many health care providers are turning to web-based electronic faxing – using faxing software and network fax servers – to better ensure HIPAA compliant faxing.

Network faxing is designed to work with existing systems and use an organization’s existing network. It needs no dedicated phone line or fax machine. It needs no paper, no ink and no human monitoring. Network faxing enables staff to fax from Electronic Healthcare Record (EHR) applications, Project Management (PM) software, their desktop, from office applications by email, a Customer Relationship Management (CRM) platform and many other applications.

Network faxing eliminates many of the issues that traditional fax machines have in creating HIPAA compliant faxes:

  • Faxes are received electronically, eliminating the problem of faxes on the fax machine for anyone to read.

  • The process of manual phone dialing is removed, so sending a fax with sensitive information to the wrong fax number is greatly reduced.

  • Cover sheets with the approved HIPAA statement for all PHI faxes can be automatically programmed into an electronic fax.

  • No longer do faxes have to be scanned before being entered in an EHR application.

  • Staff efficiency is increased, since no one has to wait to scan and monitor the faxing process.

  • Medical practices that use network faxing are reporting efficiency savings of up to 80 percent.8

  • Network faxing software can catalog, index and archive faxes automatically.

  • The risk of losing or misfiling a fax is exponentially reduced.

  • Network faxing, along with electronic archiving, enables easier tracking and retrieval of past faxes – creating an accurate audit trail of every fax involving PHI.

  • Medical providers can search their archive database to know who received communications and when.

  • Faxes are stored more securely.

  • Some network faxing software can even monitor all types of communications and even block any information from being sent if this is against regulations or hospital policies.

Try GFI FaxMaker for free


GFI Software solutions to help ensure HIPAA compliant faxes

GFI FaxMaker is a network fax server software that enables email to fax and fax to email for Exchange and other SMTP servers in a secure, encrypted environment.

Faxing protocols make it nearly impossible to intercept a fax in mid-transmission – making it more secure than email. Electronic faxing with GFI FaxMaker makes it easy to access this more secure protocol.

An organization can install the GFI FaxMaker fax service as a physical, on-premise service with a standard fax modem; as a virtual Fax over IP (FoIP) through a gateway or VoIP phone system, or through Hybrid faxing with no equipment but integrated with a cloud-based faxing system.

GFI FaxMaker is not only popular in the healthcare industry because it acts as a HIPAA compliant fax service, but also because of its ease of use:

  • Users can sign in to the GFI FaxMaker web client, fill in fax content on-screen, add attachments and simply click send.

  • GFI FaxMaker allows users to fax directly through an email application. Simply start to compose an email and in the “To:” box enter a fax number with “@faxmaker.com” at the end. Fill out the subject line, add body content and attachments and send.

  • Incoming faxes pass through an OCR (optical character recognition) module that makes it possible to search in the fax body. This feature is useful when older faxes have to be retrieved.

  • It provides features such as API, SMS alerts and digital signatures.

benefits.jpg

A companion to GFI FaxMaker is GFI Archiver. Healthcare facilities have to employ fast, safe and efficient storage software for faxes and other PHI records. Archiving can all be done with GFI Archiver. The system allows for intelligent reporting, and it is already configured to run reports that comply with HIPAA and other record confidentiality mandates.


Blogs

blog_1.jpg

How online faxing cures a widespread healthcare headache
Learn why online faxing offers a more functional way to fax.

Read the blog

blog_2.jpg

Seven reasons why online faxing is good for healthcare providers
Find out the top seven things that online faxing offers your business.

Read the blog

blog_3.jpg

Faxing in the healthcare industry – HIPAA compliance
Learn why fax servers are the only way to safely and securely transmit confidential patient data.

Read the blog


HIPAA compliant fax resources

resources_1.jpg

GFI FaxMaker trial
Try GFI FaxMaker fax service free for 30 days with access to all GFI FaxMaker features and customer support.

Download the trial

resources_4.jpg

Faxing efficiency through automation
See why in many countries, faxing is still the only way of sending compliant documents electronically.

Watch the video

resources_3.jpg

Faxing in the healthcare industry
Watch this quick video to find out more about faxing in the healthcare industry.

Watch the video

resources_2.jpg

Integrated network faxing key to improved productivity and information security
Download this white paper and discover how network faxing reduces labor costs and increases information security.

Download the whitepaper

Related Posts

The cost of non-compliance: Why investing in the right tools matters.

Aug 1, 2024

The cost of non-compliance: Why investing in the right tools matters.

Explore the true impact of non-compliance on businesses and the importance of investing in appropriate tools. This article examines the costs beyond fines, common compliance challenges, and how the right software can help. Learn about essential features in compliance tools and discover how GFI Software's solutions can assist in meeting regulatory requirements efficiently.

Read more...
5 Common Security Vulnerabilities and How to Patch Them with GFI LanGuard

Jun 28, 2024

5 Common Security Vulnerabilities and How to Patch Them with GFI LanGuard

Discover the top 5 security vulnerabilities threatening your network and learn how GFI LanGuard's cutting-edge features, including AI-powered insights, can help you patch them effectively. This must-read guide offers practical solutions for IT pros and business owners alike, ensuring your network stays secure against current and emerging threats.

Read more...
Outsmarting the Machines: Protecting Against AI-Powered Cyberattacks

Apr 11, 2024

Outsmarting the Machines: Protecting Against AI-Powered Cyberattacks

AI is revolutionizing cybersecurity, but it's a double-edged sword. In this post, we explore the growing landscape of sophisticated, AI-powered cyber threats like morphing malware and hyper-personalized phishing scams.We also dive into how organizations can harness AI's immense potential to bolster defenses through advanced threat detection, autonomous response capabilities, and predictive vulnerability analysis.

Read more...
New Privacy Rules - Friend or Foe? A Business Guide to Navigating Regulations

Apr 4, 2024

New Privacy Rules - Friend or Foe? A Business Guide to Navigating Regulations

Privacy laws are evolving; businesses must adjust. Learn key rules and how GFI ensures email/network security compliance.

Read more...
Understanding HIPAA: A Guide for Healthcare Providers and Businesses

Mar 5, 2024

Understanding HIPAA: A Guide for Healthcare Providers and Businesses

If you're a healthcare provider or business handling protected health information, understanding HIPAA is crucial. This guide demystifies HIPAA's requirements for safeguarding patient data and outlines best practices for compliance. We'll delve into risk assessments, employee training, breach prevention, and how GFI Software can help you avoid potential penalties and protect your practice.

Read more...
ISO 27001: Why it's more relevant now than ever

Dec 22, 2023

ISO 27001: Why it's more relevant now than ever

Discover the importance of ISO 27001 in addressing today's cybersecurity challenges and the role of GFI Software's solutions in achieving compliance. Our latest post provides a comprehensive overview of ISO 27001's relevance, its alignment with emerging technologies, and essential steps for effective implementation.

Read more...