Laura Luisotti - 7 August, 2018 - 6 ’ read

HIPAA compliance and Fax management. Why care.

HIPAA: protect your patients’ data.

HIPAA, the Health Insurance Portability and Accountability Act, it’s an American law enacted by the United States Congress to set the standard for sensitive patient data protection, as part of an effort to reduce health-care costs, optimize resources and protect patient data by encouraging the use of electronic data interchange in the US health-care system.
Bill Clinton signed it with his own hand, back in 1996.

Together with HITECH – the Health Information Technology for Economic and Clinical Health Act, implemented in 2009 to expand HIPAA legislation – the Act encourages the widespread use of electronic health records to protect sensitive patient data and improve efficiency and effectiveness of the nation’s health-care system. It also aims to make it easier for US workers to maintain health insurance coverage when they change or lose their jobs and to reduce health care fraud and abuse.

At a practical level, in addition to promoting the almost exclusive use of electronic medical records rather than paper, HIPAA contains measures to ensure the security and privacy of Protected Health Information (PHI) when it is transferred, received, handled, or shared.

These personal and sensitive data include a wide range of health and health-related information that enables personal identification, such as insurance data, billing information, diagnoses, clinical data, laboratory tests, scans and results of clinical examinations.

HIPAA subjectsSo, whether you are

  • hospitals
  • healthcare providers
  • employer-sponsored health plans
  • research centers
  • insurance companies dealing with patients
  • or even business companies that deal with PH

you should care about HIPAA.

Now, let me tell you how we’ve made the tools you use every day compliant, starting with the Imagicle Digital Fax.

In short

What is it?
HIPAA it’s an American law that sets the standard for protecting sensitive patient data.

Who does it affect?
US companies managing all sort of PHI.

 

How Digiyal Fax ensures compliance with HIPAA.

Ok, you might say; so far so good. I want to protect my patients’ data and comply with the rules.
But how can I keep doing my job and make sure that the tools I use every day are HIPAA compliant?

Well, you’re in luck: this is precisely what Imagicle took care of, by implementing a set of advanced capabilities for the applications in scope, Digital Fax and Call Recording, still among the most useful and popular solutions in this field.

Imagicle Digital Fax, a completely software-based IP Fax Server, guarantees data security enabling a high-reliability architecture to be implemented.

You can send and receive faxes directly from your computer, via e-mail or web interface, by printing a document or using the gadget for Jabber and Webex. You can also manage faxes using your smartphone or tablet, and if some of your colleagues are stuck in the past, they can continue sending and receiving faxes via the network multifunction printer.

 

Now, since faxes can concern anything, including sensitive health data, they definitely fall under the directives of the HIPAA regulations.

That’s why we must take into account some precautions, such as:

ok imagicle Provide role-based access
With Digital Fax, data access is differently protected depending on the use you make of it: access to the web interface, for example, is only allowed for users with authentication credentials. Depending on the role, therefore, it is possible to access different types of information.
ok imagicle Guarantee a flexible data retention
Again, to make data management and protection easy and fast, Stonefax allows you to easily set the retention period of faxes to ensure that the data are kept as long as it’s necessary.
ok imagicle Pay attention to data processing rights
Sometimes, the data subject can ask the data controller to confirm that he’s processing his data, perhaps to request a change. Digital Fax allows you to guarantee these rights through the web interface, from which you can quickly search all incoming or outgoing faxes.
ok imagicle Store the data with the proper encryption and prepare for every contingency
Finally, in addition to supporting High Reliability in Active-Active mode, with the optional Imagicle cluster module, Digital Fax automatically stores all incoming and outgoing fax documents in Imagicle UC Suite Virtual machine’s hard drive as TIFF files, applying BitLocker-based data encryption to fulfill HIPAA regulations. Which, in simple terms, means that the archive of sent/received faxes is kept secure on the server/virtual machine where Digital Fax runs.
ok imagicle Audit all incoming and outgoing faxes
And, since we’re hopeless perfectionists, the admin will also be able to download, in CSV format, the complete audit trail of the activities performed from the list of incoming and outgoing faxes, in order to keep track of and know the date and time of any action carried out on the data. Therefore, it will be possible to know if any fax information has been deleted or exported and who carried out these operations.

 

In short

Imagicle Digital Fac, the IP Fax Server from Imagicle UC Suite, ensures HIPAA compliance thanks to role-based access, data encryption, self-synchronized databases and audit trail.

 

So, is it a good idea to continue using traditional fax machines?

Well, it depends on what you mean by “good idea.” 😁
HIPAA doesn’t directly prohibit the use of fax machines to communicate PHI. Undoubtedly, though, we must consider what’s reported in the HIPAA Safeguard Principle, according to which: “Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.”

If we now think about how a traditional fax machine works, we immediately notice that respecting this principle and protect the privacy and security of the information at the point of dispatch, transit, delivery, and storage can be really complicated, since:

  • Fax machines may not be located in a secure area, and access to faxes may not be restricted to authorized personnel only.
  • Fax machines may save copies of received faxes, so that additional copies of the sensitive material can be printed by those who have access to the fax.
  • Incoming faxes may not be removed immediately from the output tray, thus incurring in the eventuality of inappropriate use or disclosure.
  • Documents printed on paper after being faxed could be placed in an unsafe location.

Choosing a fax software solution not only reduces the hassles of manual faxing – printing out the document, walking to the fax machine, waiting for the fax to go through, not to mention the cost of fax machine supplies and repair – but it allows you to perform the same functions and many more without worrying about security issues when handling sensitive data.
It’s really the best of both worlds.

In short

Traditional faxing is affected by several security issues that may prevent health organizations from being HIPAA compliant. Choosing a fax software solution can help save time and money and meet safety standards.

 

#stayimagicle and #savesometrees 😜

 

0 Comments

You might also be interested in…

  • Security Blog
    ISO 27001. Taking care of your data protection.
    Imagicle obtained the ISO27001 certificate. Here’s a summary of what it means and what will change in terms of security.
  • Security Blog
    HIPAA-compliant call recording? Imagicle got you.
    Discover how our Call Recording can ensure compliance with HIPAA, a key factor in the US healthcare industry.
  • Security Blog
    Are you ready for the GDPR?
    The General Data Protection Regulation (GDPR) is a new piece of EU-wide legislation, designed to help consumers take control of their personal data.
Keep an eye on the Imagicle world.
Get some free, happy content and stay up to date.