Is faxing HIPAA compliant?

Posted: Mar 26, 2015
Share This:

It is often the case that an online faxing service will claim to be HIPAA compliant, whilst in reality barely meeting the regulations it lays out. Ensuring the information being transmitted is sufficiently protected is vital for industries regularly dealing with sensitive data, so making sure faxes are HIPAA compliant is well worth the little time and effort.

Fax has been used to send sensitive, protected healthcare information for years. It is secure, fast, and efficient, and has been the staple of protected communication, lasting long into the realm of digital. Organizations from healthcare to education have made fax their primary form of communication when it comes to transmitting data.

The Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) establishes regulations for the use of people’s Protected Health Information (PHI) held by ‘covered entities’ (such as health insurers, employer-sponsored health plans and medical service providers).

Anyone with physical access to the phone lines is able to intercept faxes and calls, potentially obtaining protected health information. It is therefore vital that the fax service used complies with HIPAA, meeting its standards and providing an extra layer of security.

The ‘Safeguards Principle’ area of HIPAA applies to faxes, and states that:

“Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.”

As to what exactly “reasonable” measures are, HIPAA is not specific. As such there are many online fax services which may claim to be HIPAA-compliant, but in fact do not meet or only meet the bare standards of the Act.

Sfax provides a range of technical, organizational and physical measures to protected the information it processes. SecureCare’s staff are given comprehensive training, and specially designated Compliance Officers ensure defenses are adequate on a full time basis. Technical and physical measures include firewalls, intrusion detection systems, and confidentiality agreements.

For those looking to ensure their data is properly protected, it is worth carefully exploring the measures your chosen service implement. Sfax is HIPAA compliant and, with 15 years experience providing uncompromised products and services, place security as their top priority.