As the majority of our RightFax support clients are in the health care industry, fax security is a perennially critical topic. It is obvious that protected health information (PHI) needs to be handled with great care, but what, exactly, are the legal concerns? The answer depends on whether we’re talking about inbound or outbound faxing, as these present slightly different problems. We’ll discuss the outbound side of things in a later post; for now, let’s look at the legal risks of inbound faxing, and how a digital fax solution mitigates them.
Inbound Fax Security
Despite employees’ best efforts to collect faxes as they arrive, the fact is that documents can and do arrive unexpectedly. On a typical fax machine, PHI thus sits out in the open, visible to any and all passers-by, until it is collected and properly filed. HIPAA therefore demands that any unattended fax machine be locked away, accessible only to authorized personnel.
Needless to say, this solution is far from convenient. Physically sequestering an entire inventory of fax machines consumes valuable space and can seriously slow down inbound fax workflows. Even if the inconvenience is surmountable, breaches may be exceedingly hard to detect.
Still more alarmingly, it turns out that run-of-the-mill, low-cost online fax services are not a reliable solution. One insurer learned this the hard way, after its fax service misdirected its U.S. customers’ claims to a firm in Canada! Likewise, an Oregon provider reportedly faxed numerous sensitive documents to an individual’s home over as much as a decade.
And even when information does reach the correct recipient, health information theft has become a booming black-market niche, which makes cutting-edge fax encryption more critical than ever.
Security, Convenience & Cost Savings
With proper configuration and workflow design, digital faxing addresses all the above issues. All the security of fax transmission over the PSTN (phone lines) is retained, but document visibility/access risks are eliminated. Incoming faxes are never printed, but go directly to the intended recipients (whether humans or software), without ever being visible to unauthorized parties—no locks or keys needed. Because faxes are 100% digital, a detailed ‘audit trail’ records each time a document is viewed/sent/received. Additionally, operating costs fall quickly due to reductions in manual input and paper/toner consumption.
For more information about secure, HIPAA-compliant fax solutions, RightFax support, and health care workflow consulting services, please contact us at your convenience.