The area of HIPAA that applies to FAXes is the “ SafeGuards Principle“. It is acknowledged that sending email messages containing PHI insecurely is prohibited, so it follows that FAXing might also be “not a good idea”.īut, it turns out that “no” is too simple an answer and not practical or accurate. Why? Because anyone with physical access to the phone lines and some technical expertise can eavesdrop on phone calls and FAXes and thus obtain any protected health information by fax.
You might think that the answer is simple “no”, unless the FAX is sent over some type of secured phone line. Can data sent via FAX be “secure enough” for HIPAA? It is not good for productivity or for meeting other standards.
DOWNLOAD FAXDOCUMENT HOW TO
With HIPAA security regulations ever-present and evolving, there is a great concern as to if and when use of a FAX is really HIPAA compliant.įor electronic FAXing options, see: HIPAA Faxing: How to Send and Receive FAXes in a Secure and Compliant Way.īeyond compliance issues, a FAX is not really useful - you essentially get a printout or an image and not an electronic document that can be efficiently used. If the documents were actually FAXed normally, there are lots of privacy pitfalls … so even secure FAX companies try to avoid you doing that. The recipient picks up the document from the FAX provider’s secure web siteĬan you tell me where “FAX” is actually part of that solution? Its not there at all… except maybe to use your FAX machine as a scanner or in the case where the recipient of theFAX actually uses a FAX machine.The recipient gets a notice that the FAX is waiting and a link to pick it up.You send them electronically to their service.You scan the documents into your computer.But what do most of those services actually do? Without physical FAX machines, many folks end up finding some service, like eFax Corporate®, that is expensive and which provides HIPAA-compliant FAX. So they feel the need to have FAX ability on hand, in a HIPAA-compliant way. At least, that is what many people think as that is what they are used to from times past. They are not great for sending anything graphical.įAXing is “the way things are done”. They are slow and they do not contain a great amount of detail. Low resolution. Faxes are low-resolution.Regular FAXes are often disdained in favor or email when regular FAXes do arrive, they are often scanned to electronic files and then destroyed. Workplaces have or are evolving to become paperless - everything is stored electronically. Everyone has a computer or tablet. Most doctors and staff members have access to email, a HIPAA-secured computer or tablet, and familiarity with how to use them … and have been trained on best practices via the required HIPAA security training that everyone has to have now-a-days.
see this $2.5 million dollar law suite resulting from 1 fax message. Now, it is perilous to send such private data over regular FAX lines, as it is easy for that process to break down and violate HIPAA. It used to be that sending patient ( ePHI) data via FAX was the norm. The “FAX” ability is now just a minor extra feature. They are now all-in-one devices that scan, print, copy, send files to your computer, and more. Everyone knows how to use a FAX machine, even the most technologically challenged staff member. It was essential technology that became ingrained into business processes through constant, repetitive use. Every doctor’s office and small business had one or more FAX machines for sending documents and pictures back and forth. Why? Because this is how it has always been done, and everyone is “set up” to be able to handle FAXes quickly and efficiently. Many organizations, especially in the healthcare industry, have an urgent need to send important and sensitive information, like protected health information (what constitutes PHI?), to organizations via FAX (facsimile).
0 kommentar(er)
