Moving away from physical fax machines to an electronic fax server (e-faxing) can be a great step toward becoming an efficient, paperless office. But depending on how you receive the fax files, your setup may not be HIPAA compliant.
Most electronic fax solutions were built for a general business audience. The default is usually not set up to handle personal health information (PHI) to the guidelines required by HIPAA. Let us explain:
There are typically two steps in an eFax transmission:
The first part most often is HIPAA compliant. It's usually a secure FTP connection that receives the fax, which uses appropriate levels of encryption. It's still worth checking into, just to make sure, but it's not usually where security concerns exist.
On the other hand, how the fax document travels from the fax server to the recipient can be troublesome. If it is by email, there is a chance the PHI is not being secured appropriately because at this point it leaves the purview of the secure FTP server and goes into your email system. Just as you wouldn't necessarily email PHI for concerns over security, having the fax server transmit the document to your email could be exposing the information to security breaches and make it easy for ill-intentioned people to grab. Many fax services offer an add-on which will make this secondary connection to your email secure and HIPAA compliant.
You absolutely can not assume that your fax service is HIPAA compliant. Using the information above, we recommend you reach out to your provider to investigate it and get the confidence and peace of mind you need.
To learn more or request a demonstration of what Medforce software can do for you fill in this form or call our sales department at:
Even our demos let you preview without leaving your desk. View the power of Medforce right from the comfort of your office.