Eliminating Manual Faxing’s HIPAA Compliance Risks Through Fax Server Software

Manual faxing in a healthcare environment is one of the easiest ways to break all sorts of HIPAA compliance rules. Yet, doctors and hospitals are still some of the most frequent manual fax users and healthcare fax software is often an integral part of any practice. Author Justin Fox (editorial director of the Harvard Business Review Group) recently joked that “doctors and tax guys may be all that's keeping faxing alive.” However, the healthcare profession needs to pay more attention to the increasing risk of HIPAA violations as a result of manual faxing and question whether “keeping faxing alive” is smart. As HIPAA enforcement began to take shape in the 2000s, those early years involved many complaints about violations but too few disciplinary actions. Weak enforcement, poor technology, and legal confusion contributed to a lax approach toward true Protected Health Information (PHI) privacy.

However, the HITECH Act of 2009 upped the ante on HIPAA privacy by requiring “periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards.” While those audits are still only in the pilot phase (until December 2012), the Act signified an increasing shift toward more rigorous HIPAA enforcement. In 2011, there were an increasing number of firings, fines, reprimands, and lawsuits over HIPAA compliance failures. High profile cases of HIPAA enforcement ranged from a major data breach at Stanford University Hospital to a simple theft of a computer (that contained millions of patient records) at Sutter Health. While there is still a lot of apathy around HIPAA compliance, the necessary technology to achieve compliance IS available, whether it is utilized or not. Oversight has become more demanding and rigorous, and the cases mentioned above are only the tip of the iceberg. Complacency is no longer an option.

As HIPAA matures, and as information technology creates higher expectations of meeting compliance regulations, enforcement will only continue to become more rigorous. HIPAA sets the expectation that healthcare providers have infrastructure and procedures in place to secure information. They can fax, but “reasonable” efforts are needed to secure the information at both ends. While the word “reasonable” is very vague, it’s still crystal clear that manual faxing involves many security risks. While moving to fax server software may seem like a major organizational change at first, the arguments (both legal and financial) for complying with HIPAA easily make a sound case for switching over.

Here is how fax server software will help you comply with HIPAA:

Removing Paper from Your Environment – Paper introduces a significant security risk to any environment, but that is especially true in healthcare. Imagine if a patient knew that sensitive medical information sat on a fax machine in a room full of various office staff with unauthorized access to it. Fire, theft, misplaced documents, storage and shredding risks, and faxes sitting on people’s desks all introduce moments when paper presents major security risks. With fax server software, eliminating paper also eliminates these risks.

Establishing Rigorous Fax Security Policies – Fax server software can be set up with security policies that restrict document access to only those people authorized to see them. An IT administrator can restrict permissions, security, and server management access to specific people within your organization.

Enabling DID Numbers and Routing for Secure Transmission – For those worried about the lack of a dedicated fax line (which provides a good form of security for traditional fax numbers), DID routing allows each authorized person to have a personal fax number (a DID number) that connects to fax server software. The DID number ensures all fax communications are directed – privately and securely – to only intended recipients. (Fax server software also complies with T.30 and T.38 recommendations.)

Simplifying Your Audit Trail – Manual faxing introduces the risk of missing documents when an auditor comes calling. If you are able to automatically archive all inbound and outbound faxes, organized in ways that make it easy to reference and look up documents, then you are more likely to pass an audit with flying colors.

Retaining and Disposing of Documents – If documents are no longer needed, they can be deleted, archived, or stored utilizing fax server software capabilities combined with sound business processes. With manual faxing, paper documents can sit around on desks, in semi-public locations, or in piles while awaiting the shredder.

Fax server software (similar to how strict email policies work) facilitates more orderly, efficient and auditable ways to dispose of fax documents that are no longer needed. Since fax server software works similarly to email, it usually makes handling faxes much easier for healthcare providers. While fax server software will help you comply with HIPAA, it also has the additional benefit of increased productivity and lowered costs. Fax server software must be accompanied by sound business processes and IT security policies. Depending on the software used, many of these policies can be easily set up and enforced by IT administrators or a service provider. Enforcement is much easier with this set up versus the chaos of manual faxing. As HIPAA becomes more rigidly enforced, you don’t want to be fined millions of dollars for lackadaisical faxing practices. Talk to your IT director or a vendor with fax server software expertise to help evaluate your options, security gaps, and compliance needs.

Written by Mitch Brown – Business Development Manager at Equisys, Inc.

Mitch Brown graduated from Providence with a Bachelor of Science degree in Marketing. He has worked in the software industry for 16 years, 12 of which have been in the fax industry and 5 of those have been working with healthcare organizations to provide them with fax and document management solutions.

back to top