5 tips for HIPAA Compliant Faxing

Posted: Jul 29, 2015
Share This:

If you’re in healthcare, odds are you send and receive faxes on a daily basis. Despite the best efforts of the healthcare exchanges, it’s just too early to solve the interoperability issues that prevent the secure sharing of patient data between EHRs.

Here’s a helpful list of safeguards to follow when faxing PHI so that you are sure to get patient information where it needs to be securely, and with confidence

1. Never let incoming faxes sit on publicly available fax machines.

When faxing protected documents, never leave the machine until the transmission is complete and call the recipient to ensure that their fax machine is in a protected location and out of the public’s line of sight.

2. Dump your manual fax machine and use a HIPAA compliant cloud fax service.

This will save you money, make it easier to manage sending and receiving faxes, and provides the added document security of encryption technology when sending and storing faxes. And, if your provider is HIPAA compliant they will sign a business associate’s agreement (BAA) with you because they are required to. If you can’t get a BAA from them then they aren’t

3. Always use cover pages.

It is a HIPAA requirement that you use a cover sheet with the approved HIPAA statement when transmitting PHI. If your cloud fax provider adheres to HIPAA rules, they will make a cover page a standard part of the workflow when sending a fax.

4. Keep an audit trail.

If you don’t have an accurate audit trail of every activity that occured with each patient document, then you are susceptible to fines associated with non-compliance. Cloud faxing does this automatically, and a good one will provide access to every document version from inside the application, so you can view all activity.

5. Be aware of all PHI stored on local devices.

One of the top causes of recent healthcare data breaches is loss or theft of unsecured and unencrypted patient information on portable media like laptops, notebooks, and removable drives. Not only does this open patients up to potential identity theft and fraud, but this is also a fineable offense by HIPAA. Make sure your cloud fax service encrypts all your documents and allows enhancements from inside their secure data center, rather than on your device.