Despite its dated roots, and the myriad complaints, fax machines can be HIPAA-compliant as long as appropriate security safeguards are followed. In short, HIPAA regulations do not prevent covered entities (health providers, plans and clearinghouses that transmit health information electronically) from faxing.
It’s the covered entity’s responsibility to ensure their fax practices comply with HIPAA privacy rules. These include the “minimum necessary” rule, which limits information in the fax to the minimum amount necessary in certain instances, as well as the implementation of administrative, technical, and physical security policies to protect PHI.
Unfortunately, these rules are not always followed. Academic physician Sachin H. Jain, M.D. commented that most fax machines sit open and accessible to a wide range of individuals in most healthcare settings–suspending any expectation of privacy and security.
For obvious reasons, fax machines must be located in secure, non-public areas to prevent unauthorized personnel from viewing faxes. Office staff should always verify the recipient’s fax number and use a cover sheet that does not include patient information.
Most Common Fax Related Violations
Sending a fax to the wrong number is one of the most common errors, as evidenced by a number of reported breaches. Last year, Oakland, Calif.-based West Coast Children’s Clinic had to notify patients of a HIPAA breach after it faxed a patient’s PHI to an incorrect fax number. The data included the patient’s name, date of birth, developmental and psychological treatment history, family history, educational history, testing results and prescribed treatment.
What are the lessons to be learned? Make sure security safeguards are in place when using the fax machine to transmit PHI, and confirm your staff is properly trained to whenever handling and transmitting patient information.
Internet fax replaces paper with digital transmissions and emerged as a popular alternative to the traditional fax. Internet fax is typically provided as a hosted service, whereby health providers can subscribe to a third-party entity that converts emails and other content to faxes.
Typically no human interaction occurs, thereby eliminating human error. This change in workflow reduces risk and offers added convenience and efficiency over traditional fax machines. For healthcare providers that aren’t ready to eliminate fax altogether, moving to secure Internet fax can be a valuable step toward mitigating the inefficiencies and security risks posed by traditional fax machines.
Article submitted by Paul Mancini, National Sales with Clear Choice Telephones.
Questions? Contact Paul at 678-387-3200 or firstname.lastname@example.org