Is FAXing really HIPAA Compliant?
Tuesday, September 12th, 2017Many organizations, especially in the healthcare industry, have an urgent need to send important and sensitive information, like protected health information (what constitutes PHI?), to organizations via FAX (facsimile).
Why? Because this is how it has always been done, and everyone is “set up” to be able to handle FAXes quickly and efficiently.
Go back in time 10-15 years. Every doctor’s office and small business had one or more FAX machines for sending documents and pictures back and forth. It was essential technology that became ingrained into business processes through constant, repetitive use. Everyone knows how to use a FAX machine, even the most technologically challenged staff member.
Fast forward to now:
- Fax Machines have changed. They are now all-in-one devices that scan, print, copy, send files to your computer, and more. The “FAX” ability is now just a minor extra feature.
- HIPAA has arrived and evolved. It used to be that sending patient (ePHI) data via FAX was the norm. Now, it is perilous to send such private data over regular FAX lines, as it is easy for that process to break down and violate HIPAA. E.g. see this $2.5 million dollar law suite resulting from 1 fax message.
- Everyone has a computer or tablet. Most doctors and staff members have access to email, a HIPAA-secured computer or tablet, and familiarity with how to use them … and have been trained on best practices via the required HIPAA security training that everyone has to have now-a-days.
- Paperless offices. Workplaces have or are evolving to become paperless — everything is stored electronically. Regular FAXes are often disdained in favor or email; when regular FAXes do arrive, they are often scanned to electronic files and then destroyed.
- Low resolution. Faxes are low-resolution. They are slow and they do not contain a great amount of detail. They are not great for sending anything graphical.
Read the rest of this post »