Since the advent of the fax transmission method, faxing has always been a preferred way to transfer data between healthcare professionals and other practices, pharmacies, and insurance agencies. Because fax communications are circuit-based and go directly from the sender to the recipient, they are considered more secure than email, which crosses the Internet and could be intercepted by malicious users.
HIPAA – Health Insurance Portability and Accountability Act
In 1996 Congress passed the Health Insurance Portability and Accountability Act (HIPAA). In Title II of the Act, privacy and information security guidelines are set which have made the fax transmission the one of only methods secure enough for sending health records electronically.
E-mail is deemed unsecure for the most part because of the way messages are stored and how easily it is for someone to hack into email accounts from afar.
HIPAA has a number of requirements for those who fax health records to make sure the information is protected. The HIPAA conditions that must be met include:
- All fax machines are to be placed in a secure area and are not generally accessible.
- Only authorized personnel are to have access and security measures should be provided to ensure that this occurs.
- Destination numbers are verified before transmission.
- Recipients are notified that they have been sent a fax.
- Include a cover-sheet clearly stating that the fax contains confidential health information, is being sent with the patient’s authorization, should not be passed on to other parties without express consent; and should be destroyed if not received by the intended recipient.
- Any patient data should be in the fax body and not in any of the data fields.
- Faxes are to be sent to secure destinations; i.e., the fax machine of the recipient must be in a secure location, accessible only by those authorized to receive the information.
- Maintain a copy of the confirmation sheet of the fax transmission, including the necessary data such as time and recipient’s number.
- Confirm fax delivery by phoning the recipient.
- Received faxes are to be stored in a secure location.
- Maintain transmission and transaction log summaries.
Click here to find answers to the Top 5 Frequently Asked Questions Regarding Virtual Faxing
While the list of requirements to maintain HIPAA compliance may seem daunting, several Online Fax services are geared toward HIPAA standards and thus have already solved many of the security levels for you. For example, many online fax services maintain fax transmission and transaction log summaries automatically. They also store faxes for you in a secure place by putting them into your secure online dashboard terminal. Although there are still manual steps that need to be taken for full compliance (e.g. confirming fax delivery by phoning the recipient), secure online fax services can take the majority of the hassle out of following these regulations.