Common RightFax Support Questions: How Does HIPAA Affect Inbound Faxing?
As the majority of our RightFax support clients are in the health care industry, fax security is a perennially critical topic. It is obvious that protected health information (PHI) needs to be handled with great care, but what, exactly, are the legal concerns? The answer depends on whether we’re talking about inbound or outbound faxing, as these present slightly different problems. We’ll discuss the outbound side of things in a later post; for now, let’s a take a look at the legal risks of inbound faxing, and how a fax server reduces them.
Inbound Fax Security
Despite employees’ best efforts to collect faxes as they arrive, the fact is that documents can and do arrive unexpectedly. On a typical fax machine, PHI thus sits out in the open, visible to any and all passers-by, until it is collected and properly filed. HIPAA therefore demands that any unattended fax machine be locked away, accessible only to authorized personnel.
Needless to say, this solution is far from convenient. Physically sequestering an entire inventory of fax machines consumes valuable space and can seriously slow down inbound fax workflows. Even if the inconvenience is surmountable, breaches may be exceedingly hard to detect.
Still more alarmingly, it turns out that run-of-the-mill, low-cost online fax services are not a reliable solution. One insurer learned this the hard way, after its fax service misdirected its U.S. customers’ claims to a firm in Canada! Likewise, an Oregon provider reportedly faxed numerous sensitive documents to an individual’s home over as much as a decade.
Security, Convenience & Cost Savings
With proper configuration and workflow design, an electronic fax server addresses all the above issues. All the security of fax transmission over the PSTN (phone lines) is retained, but document visibility/access risks are eliminated. Incoming faxes are never printed, but go directly to the intended recipients (whether humans or software), without ever being visible to unauthorized parties—no locks or keys needed. Because faxes are 100% digital, a detailed ‘audit trail’ records each time a document is viewed/sent/received. Additionally, operating costs fall quickly due to reductions in manual input and paper/toner consumption.