Secure Transmissions: 5 Tips for HIPAA Compliant Faxing

StrategyDriven Risk Management Article | Secure Transmissions: 5 Tips for HIPAA Compliant FaxingHealthcare workers need to keep the privacy of their patients’ information in mind at all times. That goes for not just in-person communications with patients, caregivers, and other providers but also for information sharing processes like faxing. Since most healthcare organizations still send faxes on a daily basis, all workers should ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) at all times. Read on to find five tips for how to ensure compliance.

Switch to a HIPAA-Compliant Fax Service

Using traditional fax machines made for general use is a great way to wind up in a world of legal trouble. Healthcare facilities that still use traditional fax machines should make the switch to a secure web-based hipaa fax service immediately.

Specialized online fax services designed for the healthcare industry offer a number of security features to ensure HIPAA compliance. They use secure socket layer protocols, at-rest encryption, user authentication, and advanced data center security to ensure that patients’ protected health information (PHI) cannot be accessed by external actors. A good fax service will also keep document transmission logs and record log on/log off events associated with IP addresses for an added level of security.

Never Leave Faxes Unattended

Human error is one of the most common sources of HIPAA violations. Healthcare workers should be trained never to leave faxes that contain PHI or other sensitive information unattended. They must stay at the machines until the fax goes through, then remove the document immediately.

Before sending the fax, healthcare workers should also call patients to ensure that their fax machines are in protected locations. In this case, a protected location can be considered any fax machine located out of the line of sight of the public.

Don’t Forget the Cover Sheet

HIPAA requires healthcare providers to include a cover sheet each time they transmit protected health information. There is no official standard for what must be included on the cover sheet, but at a minimum, it should include the patient’s name, the receiver’s name and fax number, the sender’s name, fax number, and organization, the date and time of sending, and the HIPAA disclaimer. Cover sheets must be used not just when sending traditional faxes but also when using online fax apps, so make sure the app has a protocol in place for attaching cover pages when switching to HIPAA-compliant fax service.

Keep an Audit Trail

Healthcare providers must keep detailed records of all the activity on their systems, whether they use online fax apps or traditional machines. Switching to a HIPAA-compliant fax service makes keeping audit trails much easier since the app should be able to log activity automatically.

HIPAA requires healthcare providers to keep records of audit trails for at least six years. Healthcare facilities that use online fax services should keep raw records for the first six months to one year before compressing them.

Be Aware of PHI Stored Locally

Most healthcare data breaches occur when malicious actors access patients’ PHI on local devices and portable media like laptops and removable drives. Healthcare facilities that are unable to prevent these data breaches may be fined. It’s better to use a cloud-based service that automatically encrypts all documents than to keep on unsecured and unencrypted local devices.

The Bottom Line

HIPAA was designed to protect patients’ sensitive information. Healthcare facilities that do not follow these regulations can be fined and will face substantial damage to their reputations. Make sure all healthcare providers are on the same page about ensuring compliance while faxing sensitive documents.