After last week’s discussion of inbound faxing and HIPAA, it’s time to turn our attention to the outbound side of things. Besides the usual precautions about keeping fax machines physically locked away to guard PHI, HIPAA has special requirements for the security of outbound transmissions.
More specifically, the law requires reasonable safeguards to ensure the correct information is sent to the correct recipient. For instance, the American Medical Association recommends that offices “verify the recipient’s fax number and use a cover sheet that does not include protected health information.” Unfortunately, this is hard to enforce, and verification of new or seldom-used fax numbers poses a particular challenge.
In recent years, it was found that a California hospital had faxed records to several wrong locations. In an even more egregious instance, one practice sent patient info to an out-of-state businessman for three years before realizing its error! Clearly, conventional faxing is woefully inadequate. And by compounding the growing problem of health information theft, it makes security far harder than it has to be!
What Can We Do?
One underlying need in outbound security is the ability to automate the confirmation of all fax numbers before sending. No reliance on human workers matching numbers at a glance, and no possibility of circumventing the ‘rules.’
There’s a straightforward solution to this high-stakes problem. An electronic fax server can incorporate all the above safeguards into a paperless workflow with full EMR-fax integration, both in- and outbound. In accordance with predefined custom business rules, all destination fax numbers can be check against another source (such as a providers / insurers database) to confirm accuracy. More than just avoiding delays due to typos, this approach can mitigate legal risk in a big way. And if / when audit time comes, RightFax users are well prepared with a granular ‘audit trail’ automatically prepared by the fax server. Needless to say, fax encryption options ensure all electronic copies of sent faxes are kept under uncompromising security as well.
The opportunities and requirements around outbound fax security vary from office to office, but one thing is consistent: for every one of our clients, a RightFax deployment has created powerful and cost-effective opportunities to maximize fax-related HIPAA compliance. To learn more about fax project architecture and RightFax support, we invite you to contact a representative at your convenience.