Top Menu


HIPAA Compliance and Healthcare Faxing Practice

What is HIPAA compliance?

HIPAA denotes the Health Insurance Portability and Accountability Act enacted on August 21, 1996 during the presidency of Bill Clinton. It sets the standard guidelines for protecting sensitive patient data usually referred to as PHI (Protected Health Information) or ePHI (Electronic Protected Health Information), and requires any organization dealing with PHI ensure that all necessary security measures are in place and followed. This means covered entities (CE) who provide healthcare services, business associates (BA) who have access to patient information, and subcontractors, or business associates of business associates, must also be in compliance.

Fax usage in healthcare

Fax machines, despite of its decade long presence, are still in popular use by many healthcare providers. HIPAA regulations do not restrict them to avoid faxing PHI as long as necessary security guidelines are followed to meet HIPAA compliance through necessary administrative, technical, and physical security policies and processes to protect PHI.

Unfortunately, fax machines are often made accessible to unauthorized hands, or human errors such as sending a fax to a wrong number can lead to breaches of privacy and security. Therefore it is important to make sure necessary security safeguards and processes are in place when using the fax machine to transmit PHI, and proper training of your staff is necessary to handle patient information in a secure manner.

Cloud fax service for healthcare providers

Hosted fax service has recently emerged as a preferred alternative to the traditional fax. Healthcare providers can subscribe to the cloud fax service that accepts fax submissions via a number of different methods such as email or web, or electronic submission once their electronic health record (EHR) application is fax-enabled using the service vendor’s fax API integration toolkits.

Cloud based fax service can eliminate security risks of lost or misplaced faxes, failure to protect PHI, and offering efficiency and convenience over traditional fax machines. HIPAA compliant fax service providers ensure that electronic PHI data is encrypted during transport as well as while it is “at rest” in the cloud. In addition HIPAA cloud fax service providers sign a business associate agreement (BAA), which authorizes them to transmit electronic PHI on behalf of the healthcare provider and holds cloud fax service providers accountable to protect PHI.

Comments are closed.